Tel: +44 (0)113 398 3300
> Telecoms and Wireless Training Courses
PCI Wireless Compliance
The Payment Card Industry (PCI) is now mandating stricter wireless security measures, and the cost of non-compliance is significant.
PCI DSS sets the following Goals Broad Requirements:
- Build and Maintain a Secure Network
- Protect Cardholder Data
- Maintain a Vulnerability Management Program
- Implement Strong Access Control Measures
- Regularly Monitor and Test Networks
- Maintain an Information Security Policy
Some top-level inadequacies - at least one of which probably applies to your company's wireless networks - include:
- Absence of an effective written Wireless Security Policy
- Inadequately-trained IT network support staff
- The continued use of WEP
- The use of MAC Address Filtering
- The use of WPA Personal / WPA Pre-Shared Key / WPA-PSK / WPA Passphrase
- The existince of Mis-configured Access Points, Non-Compliant Access Points and Rogue APs
- Vulnerability to wireless Denial of Service (DoS) attacks
- Lack of effective Wireless Event Logging
- Inadequate Security Audit Trails
WEP provides totally inadequate security, but yet WEP is still used in many environments because of the retention of outdated legacy barcode scanning terminals.
The use of WPA Personal / WPA Pre-Shared Key (WPA-PSK) - WPA Passphrases has serious weaknesses.
MAC Address Fltering is entirely ineffective and a poor use of IT support time.
Cost of a Data Breach
In 2007, the Ponemon Institute published a study that examined the costs incurred by 35 companies after
experiencing a data breach 1. The cost of a data breach averaged $197 per compromised customer record in 2007,
up from $182 per compromised record in 2006. Lost business opportunities, including losses resulting from brand
damage and customer churn represented the most significant cost increase, rising from $98 in 2006 to $128 in 2007.
Retail Wireless Exposure
Several recent high profile data breaches have occurred as a direct result of wireless vulnerabilities. The highly publicised breach at JTX resulted in at least 45.7 million credit and debit card data being compromised.
According to the Wall Street Journal, the TJX breach occurred as a direct result of weak wireless security.
How to implement PCI Wireless Compliance
Looking for training
on PCI Wireless Compliance and other concepts - to implement robust, secure, scalable and reliable wireless networks?
Tutorials and explanations of other WiFi terms:
802.11 802.11a 802.11b 802.11g 802.11i 802.11n 802.1x 802.3 802.x Access Point Ad-Hoc AES AirTime Fairness Association Authentication Band Steering Bridge BSS BSSID Co-channel Interference dB dBi dBm DSSS DTPC EAP ESS ESSID EVM EWG FEC FHSS Fragmentation Fresnel Zone Hidden Node HT Hz IBSS IEEE Infrastructure Mode inSSIDer Intel MWT Interference ISM LAN MAC MCS MIMO Mobile VoIP Multipath Mutual Interference OFDM Passphrase PCI Wireless Compliance Peer-peer Protocol PSK PSMP Repeater RF Roaming RTS/CTS Security SGI Signal Strength SIP Trunk Site Survey SMPS SNMP Spectrum Analysis SSID Throughput Booster UMA UNII VoFi Voice over WLAN Voice-Enterprise Voice-Personal WAPI WEP WGB Wi-Spy WiDi WiFi Wireless Wireless Security Wireless Site Survey Wireless Tutorials Wireless-N WMM WPA WPA Enterprise WPA Personal WPA-PSK WPA2
WPA2 is a term used in 802.11 WiFi wireless networks (Wi-Fi Wireless LANs / WLANs).
Tel: +44 (0)113 398 3300
© LEVER Technology Group PLC