IDS mailing list archives

Re: PCI DSS 11.1 - ".. deploying a wireless IDS/IPS..". Kismet+Snort?

From: nelson () pangeia com br (Nelson Murilo)
Date: Fri, 24 Apr 2009 17:22:47 -0300


Kismet is a nice solution at all, but beholder[1] also could help. 

./nelson -murilo

[1] - http://www.beholderwireless.org 



On Fri, Apr 24, 2009 at 11:04:01AM -0700, Jeremy Bennett wrote:

That requirement is focused on rogue detection and mitigation. If your WLAN
can be moved out of scope for PCI (using a stateful firewall) then you are
only required to scan for rogue devices.
You can either do walk-around scans using something like kismet or
NetStumbler or you can invest in a system with distributed sensors that can
scan for the rogue devices all the time. In theory you could build this with
low cost sensors running kismet and syslog and watch/filter the logs in a
central location. You'd need a way of filtering out the known neighbors and
internal devices and set up something to alert you, etc. I think you'll find
that it is a lot less "free" than you would hope.

Current thread:

PCI DSS 11.1 - ".. deploying a wireless IDS/IPS..". Kismet+Snort? Taras P. Ivashchenko (Apr 23)
- RE: PCI DSS 11.1 - ".. deploying a wireless IDS/IPS..". Kismet+Snort? Gary Everekyan (Apr 24)
  - Re: PCI DSS 11.1 - ".. deploying a wireless IDS/IPS..". Kismet+Snort? Jeremy Bennett (Apr 24)
    - RE: PCI DSS 11.1 - ".. deploying a wireless IDS/IPS..". Kismet+Snort? Gary Everekyan (Apr 24)
    - Re: PCI DSS 11.1 - ".. deploying a wireless IDS/IPS..". Kismet+Snort? Jeremy Bennett (Apr 24)
    - Re: PCI DSS 11.1 - ".. deploying a wireless IDS/IPS..". Kismet+Snort? Joel Snyder (Apr 27)
    - Re: PCI DSS 11.1 - ".. deploying a wireless IDS/IPS..". Kismet+Snort? Jeremy Bennett (Apr 27)
    - Re: PCI DSS 11.1 - ".. deploying a wireless IDS/IPS..". Kismet+Snort? Joel Snyder (Apr 27)
    - Re: PCI DSS 11.1 - ".. deploying a wireless IDS/IPS..". Kismet+Snort? Jeremy Bennett (Apr 27)
    - RE: PCI DSS 11.1 - ".. deploying a wireless IDS/IPS..". Kismet+Snort? Emm Maxim (Apr 27)
    - Re: PCI DSS 11.1 - ".. deploying a wireless IDS/IPS..". Kismet+Snort? Nelson Murilo (Apr 24)
  - RE: PCI DSS 11.1 - ".. deploying a wireless IDS/IPS..". Kismet+Snort? Thiago Musa (Apr 24)
  - Re: PCI DSS 11.1 - ".. deploying a wireless IDS/IPS..". Kismet+Snort? Jason (Apr 24)
  - RE: PCI DSS 11.1 - ".. deploying a wireless IDS/IPS..". Kismet+Snort? Emm Maxim (Apr 24)
    - RE: PCI DSS 11.1 - ".. deploying a wireless IDS/IPS..". Kismet+Snort? Gary Everekyan (Apr 24)
- RE: PCI DSS 11.1 - ".. deploying a wireless IDS/IPS..". Kismet+Snort? Chris Waters (Apr 24)
  - Re: PCI DSS 11.1 - ".. deploying a wireless IDS/IPS..". Kismet+Snort? Leon Ward (Apr 24)
- <Possible follow-ups>
- Re: PCI DSS 11.1 - ".. deploying a wireless IDS/IPS..". Kismet+Snort? Jeremy Bennett (Apr 27)