Apparently the new changes in PCI DSS v1.2 (due out in October) are going to require more robust wireless security. As if no new WEP implementations after March 2009 and none at all after June 2010 weren’t enough…Wireless must now be “implemented according to industry best practices (e.g., IEEE 802.1x) using strong encryption for authentication and transmission”.
Yeah right!! So people using WEP not only have to upgrade their hardware but they’ve also got to take on the 802.1x beast for authentication and encryption? Maybe in the enterprise but not for SMBs. I suspect we’ll either see a lot of wireless-centric PCI violations or SMBs will just yank their wireless altogether. Maybe it’s time for me be a good time to invest in some of these wireless security vendors.
Hopefully I’m just interpreting the new requirements incorrectly.
“A business associate referred our company to Principle Logic when we were seeking a resource to perform vulnerability /penetration testing for our external and internal networks. We found Kevin Beaver to be professional, well informed, and easy to work with. His testing did not disrupt our networks, and his progress updates were timely.
His final report was very thorough and included security recommendations for our network environment. The executive leadership was so impressed with Kevin’s security expertise, they have extended their agreement to continue to perform periodic testing. We highly recommend Kevin Beaver and Principle Logic as a resource for network security testing.”