Re: PCI DSS 11.1 - ".. deploying a wireless IDS/IPS..". Kismet+Snort?

[Leon Ward <leon () rm-rf co uk>]

This is probably a question for your PCI DSS CSA. They afterall make  
the real rules.

Sent from a mobile device. Apologies for any typos but they happen.

On 23 Apr 2009, at 23:04, Chris Waters <cwaters () paglo com> wrote:

> Hi,
>
> It is also possible to meet the PCI 11.1 requirement by scanning the  
> *wired* network looking for wireless access points. This is much  
> easier to do and more practical that walk-around wireless audits  
> using a laptop based tool. There is an open source project called  
> RogueScanner (http://paglo.com/opensource/roguescanner)---which I am  
> one of the authors of---that is specifically designed for wired side  
> discovery of APs.
>
> Regards,
>
> Chris.
>
> > -----Original Message-----
> > From: listbounce () securityfocus com
> > [mailto:listbounce () securityfocus com] On Behalf Of Taras P.  
> > Ivashchenko
> > Sent: Thursday, April 23, 2009 12:51 PM
> > To: focus-ids () securityfocus com
> > Subject: PCI DSS 11.1 - ".. deploying a wireless IDS/IPS..".
> > Kismet+Snort?
> >
> > Hello, list!
> >
> > There is requirement in PCI DSS v.1.2:
> >
> > "...11.1 Test for the presence of wireless access points by using a
> > wireless analyzer at least quarterly or deploying a wireless IDS/ 
> > IPS to
> > identify all wireless devices in use..."
> >
> > I made some research for open source wireless IDSs and results are  
> > not
> > good.
> > I found some articles about using together Kismet and Snort but it
> > looks like not best soliution.
> > Air Snort project is dead.
> > What wireless IDS/IPS (especially opensource/free) do you use?
> >
> >
> > --
> > Тарас Иващенко (Taras Ivashchenko), OSCP  
> > www.securityaudit.ru
> > ----
> > "Software is like sex: it's better when it's free." - Linus Torvalds