The PCI Data Security Standard

The PCI DSS is the global data security standard adopted by the payment card brands for all entities that process, store or transmit cardholder data. The PCI SSC sets the PCI security standards, but each payment card brand has its own program for compliance, validation levels and enforcement

 

Build and Maintain a Secure Network

#1 – Install and maintain firewall and router configuration standards that formalize testing whenever configurations change, and restrict all traffic from “untrusted” networks and hosts, except for protocols necessary for the cardholder data environment. Identify all connections to cardholder data and review of configuration rule sets at least every six months.

#2 – Do not use vendor-supplied defaults for system passwords and other security parameters

 

Protect Cardholder Data

#3 – Protect stored cardholder data

#4 – Use strong cryptography and security protocols such as SSL/TLS, SSH or IPSec to safeguard sensitive cardholder data during transmission over open, public networks

 

Maintain a Vulnerability Management Program

#5 – Install and regularly update anti-virus software or programs. Then check that all anti-virus #6 – mechanisms are current, actively running, and generating audit logs.

 

Implement Strong Access Control Measures

#7 – Assign all users a unique user name before allowing them to access system components or cardholder data.

#8 – Limit access to system components and cardholder data to only those individuals whose job requires such access and restrict physical access to cardholder data.

 

Regularly Monitor and Test Networks

#9 – Track and monitor all access to network resources and cardholder data

#10 – Regularly test security systems and processes

 

Maintain an Information Security Policy

#11 – Maintain a policy that addresses information security for all personnel

 

References:

https://www.pcisecuritystandards.org/document_library

https://www.pcisecuritystandards.org/documents/PCI%20SSC%20Quick%20Reference%20Guide.pdf

 

Basic Wireless Network Security

Wireless LAN Types

  • Infra Structure Mode
  • Ad Hoc Network Mode
  • Mixed Network Mode

 

Thread & Vulnerabilities

  • Wireless traffic is easily captured
  • Common WLAN Attacks: Rogue Access Point (AP)
  • Less Common WLAN Attacks: Wired Network Intrusion

 

Basic Wireless Network Security

  • Use a strong password
  • Enabled MAC address filtering
  • Enable network encryption
  • Configure Wireless router to use static IP addresses
  • Disable guest networks (If possible)

 

Policy Management

Define Access Requirements (who needs what & when)

If a guest access is banned, the policy must state this is that steps are being taken to prevent visitor intrusion

Include unique wireless scenarios such as employees at public hot spots and office visitor

Prohibit peer-to-peer (P2P) networking while permitting logged guest session through specific access points with limited:

  • Destination (inside or outside the network)
  • Protocols
  • Session time
  • Bandwidth

 

Other ways to secure a wireless network

Restrict access point placement within the network topology

Wireless applications required protected access to the intranet and/or Internet, and special firewall rules

Wireless access points should always sit outfit the firewall or within a demilitarized zone (DMZ). Using a DMZ can protect the WAN from Internet threats while protecting the wired intranet from WLAN threats.

Wireless traffic should be segregated so different polices can be applied