IDS mailing list archives
Re: PCI DSS 11.1 - ".. deploying a wireless IDS/IPS..". Kismet+Snort?
From: nelson () pangeia com br (Nelson Murilo)
Date: Fri, 24 Apr 2009 17:22:47 -0300
Kismet is a nice solution at all, but beholder[1] also could help. ./nelson -murilo [1] - http://www.beholderwireless.org On Fri, Apr 24, 2009 at 11:04:01AM -0700, Jeremy Bennett wrote:
That requirement is focused on rogue detection and mitigation. If your WLAN can be moved out of scope for PCI (using a stateful firewall) then you are only required to scan for rogue devices. You can either do walk-around scans using something like kismet or NetStumbler or you can invest in a system with distributed sensors that can scan for the rogue devices all the time. In theory you could build this with low cost sensors running kismet and syslog and watch/filter the logs in a central location. You'd need a way of filtering out the known neighbors and internal devices and set up something to alert you, etc. I think you'll find that it is a lot less "free" than you would hope.
Current thread:
- PCI DSS 11.1 - ".. deploying a wireless IDS/IPS..". Kismet+Snort? Taras P. Ivashchenko (Apr 23)
- RE: PCI DSS 11.1 - ".. deploying a wireless IDS/IPS..". Kismet+Snort? Gary Everekyan (Apr 24)
- Re: PCI DSS 11.1 - ".. deploying a wireless IDS/IPS..". Kismet+Snort? Jeremy Bennett (Apr 24)
- RE: PCI DSS 11.1 - ".. deploying a wireless IDS/IPS..". Kismet+Snort? Gary Everekyan (Apr 24)
- Re: PCI DSS 11.1 - ".. deploying a wireless IDS/IPS..". Kismet+Snort? Jeremy Bennett (Apr 24)
- Re: PCI DSS 11.1 - ".. deploying a wireless IDS/IPS..". Kismet+Snort? Joel Snyder (Apr 27)
- Re: PCI DSS 11.1 - ".. deploying a wireless IDS/IPS..". Kismet+Snort? Jeremy Bennett (Apr 27)
- Re: PCI DSS 11.1 - ".. deploying a wireless IDS/IPS..". Kismet+Snort? Joel Snyder (Apr 27)
- Re: PCI DSS 11.1 - ".. deploying a wireless IDS/IPS..". Kismet+Snort? Jeremy Bennett (Apr 27)
- Re: PCI DSS 11.1 - ".. deploying a wireless IDS/IPS..". Kismet+Snort? Jeremy Bennett (Apr 24)
- RE: PCI DSS 11.1 - ".. deploying a wireless IDS/IPS..". Kismet+Snort? Gary Everekyan (Apr 24)
- RE: PCI DSS 11.1 - ".. deploying a wireless IDS/IPS..". Kismet+Snort? Emm Maxim (Apr 27)
- Re: PCI DSS 11.1 - ".. deploying a wireless IDS/IPS..". Kismet+Snort? Nelson Murilo (Apr 24)
- RE: PCI DSS 11.1 - ".. deploying a wireless IDS/IPS..". Kismet+Snort? Gary Everekyan (Apr 24)
- Re: PCI DSS 11.1 - ".. deploying a wireless IDS/IPS..". Kismet+Snort? Leon Ward (Apr 24)
- <Possible follow-ups>
- Re: PCI DSS 11.1 - ".. deploying a wireless IDS/IPS..". Kismet+Snort? Jeremy Bennett (Apr 27)