I have found the requirements in PCI for rogue access points to be difficult to the point of being unworkable. (https://www.pcisecuritystandards.org/documents/SAQ_C_v3.pdf, section 11.2).
We are a small college, and still see hundreds of "rogue" or "unauthorized" access points. Our neighbors have APs, our students and faculty bring tethered phones on campus, and they change constantly. We could have a full-time person evaluating AP detections. The only way I can see to make it useful is to define an unauthorized AP as one that connects to your LAN. Even that is not easy. My opinion ;-) John From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:[email protected]] On Behalf Of Lee H Badman Sent: Monday, July 24, 2017 10:38 AM To: [email protected] Subject: Re: [WIRELESS-LAN] PCI compliance and detecting rogue access points Extremely risky business these days, especially if you have lots of neighbors. Read up on latest FCC fines for using these tools. If you can't be 100% sure the rogue is on your LAN, you play with fire by using vendor-provided "containment" tools. And if you can be certain the rogue is on your LAN, it's better to remove it than jam it. The FCC hasn't explicitly explained how these tools legitimately CAN be used. Until they do, it's all speculation. My opinion. Lee Badman -----Original Message----- From: Joseph M. Karam [[email protected]] Received: Monday, 24 Jul 2017, 9:31 To: [email protected]<mailto:[email protected]> [[email protected]] Subject: [WIRELESS-LAN] PCI compliance and detecting rogue access points All, Have any of you been required to automatically detect and block rogue wireless access points for PCI compliance? I know we have some ability to detect wireless rogues with Aruba Airwave RAPIDS, but we have not done any automatic blocking. Any advice or experience would be appreciated. Thanks, Joe Karam ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/discuss. ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/discuss. ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/discuss.
