User's Guide

ManualsBrandsMojo Networks ManualsElectronicsAccess Point / Sensor

251

252

253

254

255

256

257

258

259

260

AirTight Management Console User Guide

246

WPA2 should be used wherever possible. This report provides a list of wireless access points

using default SSID or security configurations.

3. Requirement 2.2: Develop configuration standards of all system components (including any

wireless access points and clients).It also requires the institution to assure that these standards

address all known security vulnerabilities and are consistent with industry-accepted system

hardening procedures. This report provides a list of wireless access points and clients whose

current configuration is vulnerable vis-a-vis newly discovered and known vulnerabilities.

4. Requirement 4.1.1: Verify that wireless networks transmitting cardholder data use appropriate

encryption methods. Reliance on WEP (Wired Equivalent Privacy) for cardholder data protection

should be avoided. This report provides a list of wireless access points and clients communicating

using open or insecure encryption methods.

5. Requirement 6.2: Establishing a process to identify newly discovered vulnerabilities and

updating configuration standards to address the new vulnerability issues. Generate and review

contents of this report periodically so that newly discovered vulnerabilities can be identified and

acted upon.

6. Requirement 10.5.4: Copy logs for wireless networks onto a centralized internal log server or

media that is difficult to alter. The report generation engine maintains logs of all wireless activity for

archival purposes.

7. Requirement 11.1: Use a wireless analyzer at least quarterly to identify all wireless devices in

use. This report provides a list of all wireless devices in use. In addition, scanners continuously

monitor all wireless devices in use and automatically update the list of wireless devices maintained

at the server.

8. Requirement 11.2: Run network vulnerability scans quarterly and after any significant change in

the network. This report provides a list of wireless vulnerabilities discovered during the report

generation interval. This report can be generated on demand or at scheduled intervals.

9. Requirement 11.4: Use of network intrusion detection and prevention system to monitor network

traffic and alert personnel of suspected compromises. Intrusions can also happen through

wireless. Wireless scanners continuously monitor, log and (optionally) alert and block wireless

intrusion attempts.

10. Requirement 12.9: Implement an incident response plan. Be prepared to respond immediately

to a system breach (including those happening through wireless back doors). Wireless scanners

monitor airwaves 24/7 and instantly detect for any unauthorized wireless activity. Incident response

can be done either manually or automatically using wireless scanners.

Note: PCI Compliance reports list potential violations if the network is a card holder data

environment (CDE) network.

x SOX Wireless Compliance Report - The Sarbanes-Oxley (SOX) Act of 2002 was passed by the

US Congress in 2002, as a comprehensive legislation to reform the accounting practices,

financial disclosures, and corporate governance of public companies. SOX applied to all

companies that are publicly traded in the United States and regulated by the Security and

Exchange Commission (SEC).

Section 302, 404, and 409 of SOX seek to control leakage of non-public data to unauthorized

users. This report assesses the wireless security posture of the organization and identifies wireless

vulnerabilities that may expose your organization to such non-public data leakage.

1. Section 302: This section makes the CEO and CFO responsible for establishing and maintaining

and periodically reviewing internal controls to protect non-public information from leaking out. This

report is the first step in establishing internal controls to prevent non-public data leakage through

wireless.

2. Section 404: This section requires that the company has capabilities to monitor, detect and

record electronic information disclosures of non-public data. Periodic generation and archival of

this SOX report establishes that your organization has the capabilities to monitor, detect and

record instances of non-public data leakage through wireless.

3. Section 409: This section requires a rapid response and exposure assessment program, if non-

public information is inappropriately disclosed on your network. Periodic generation and archival of