Archive for the ‘payment card industry’ Tag

Wireless IDS/IPS Post on

CWNP_LogoI wrote another guest post for the Certified Wireless Network Professional (CWNP) program.  Among other things, CWNP offers vendor-nuetral wireless cerifications.  

My most recent post is related to wireless requirements of the Payment Card Industry (PCI) Data Security Standard (DSS).   It specifically talks about wireless intrustion detection & prevention systems with regards to PCI Requirement 11.1.   

You can view my “Wireless Requirements of the Payment Card Industry” post on the CWNP website.   However, if you are coming from the CWNP website, and are unfamiliar with my blog, I would suggest you start by reading my post, “Welcome Readers!”


SANS Phoenix – Update

A couple weeks ago, I wrote a post announcing that I will be taking the Security Leadership Essentials course at SANS Phoenix, 2009.   The conference is being held March 23-30, 2009.

I will be blogging about the event, so check back around that time to hear my thoughts on the course!   As I said in my previous post, I am participating in the SANS Work-Study program, which I think is a tremendous value.  

I am excited about two updates to my conference registration.  First, I am also taking the SANS 2 day course on the Payment Card Industry (PCI) Standard.  Second, I am getting access to the SANS On-Demand training for both of these courses.  On-Demand is another cool option for training in this economy – solid computer based training with no travel costs!  Both of these are included with my registration under the work study program!  

Have you taken a SANS course?  What did you think?  What do you think of SANS?   A couple of years ago, there was a session at ShmooCon entitled Anti-SANS (or something of the sort).  It was a very spirited debate to say the least.  I would love to hear what you think of SANS – good, bad, or indifferent!

Xirrus is First Wireless Product for PCI Compliance Certified by VeriSign

My employer, Xirrus, had a recent press release that I thought was of value to my readers.   While somewhat of a shameless plug, it is something that I am extremely excited about!  We are the first (and only WiFi vendor to date) whose product has been certified by VeriSign for operation in a PCI network.  Maybe its the former IT auditor in me (I worked several years at Protiviti and am still an active member of ISACA), but this is fantastic news. Below is the press release:

Xirrus, Inc., the Wi-Fi “Power-Play” that delivers the most wireless coverage, bandwidth, and throughput in the industry, announces VeriSign assessment of the new features that enforce PCI-compliant configurations for the Xirrus Wi-Fi Array product line.

Payment Card Industry (PCI) security standards are worldwide technical and operational requirements that were created to help organizations that process card payments prevent fraud, hacking, and other various security vulnerabilities and threats. All members of the payment card industry, including financial institutions, credit card companies, merchants (retailers, hotels, etc.), and service companies must comply with these standards if they want to accept credit cards.

“To maintain a secure network and comply with the PCI standards, companies must ensure their Wi-Fi networks are secure and automatically protect both their companies’ and their customers’ information,” said Kurt Sauter, Director of Corporate Initiatives. “The new Xirrus PCI audit mode, available in all Wi-Fi Arrays, ensures product configuration changes are compliant with PCI standards, disallows changes that would result in a non-PCI-compliant configuration, and sends notifications that identify any product that does not meet the new requirements.”

New PCI-compliant implementations that use Wi-Fi are prohibited from using WEP starting March 31, 2009 and current wireless users are required to implement strong encryption such as 802.11i after June 30, 2010. The new features are available beginning in Xirrus ArrayOS software release 3.5 and include additional security features for ensuring the utmost in wireless security including:

  • Integrated and dedicated Wi-Fi Threat Sensor for continuous monitoring of the air
  • Integrated rules-based stateful firewall
  • Reprogrammable FPGA-based encryption engines
  • Integrated Spectrum Analyzer for DoS attacks and RF analysis
  • Advanced RADIUS/802.1x user and administrator authentication
  • Captive Web Portals for guest user authentication and control
  • Penetration-tested software and hardware platform
  • FIPS 140-2 Government security certification

“Xirrus is the first Wi-Fi vendor to take their products through VeriSign’s rigorous Security Certification Methodology,” said Katie Jenkins, Senior Consulting Manager responsible for VeriSign’s Security Certification Program. “Our program confirms that Xirrus has demonstrated that it has taken reasonable and appropriate steps to identify and manage information security risks and utilize PCI information security best practices for the evaluated Xirrus Wi-Fi Array products.”