Thanks for all your feedback. All great points. We are hopeful to get some clarification from our PCI folks so we can take wireless out of scope of PCI (or at least decrease the scope). We have thousands of suspected rogue access points around campus!
Joe From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:[email protected]] On Behalf Of Paul Reimer Sent: Monday, July 24, 2017 12:26 PM To: [email protected] Subject: Re: [WIRELESS-LAN] PCI compliance and detecting rogue access points Our security group has gone with on-swipe-encryption. So at no point is any of our campus network in the PCI scope. As a general practice we will disable a port when we find a rogue router on our campus LAN. We will make an effort to contact whoever is in the area who set it up but absent being able to ask them to turn it off we go ahead with disabling the port. It will broadcast but poses little security risk and just a little beacon overhead. They may move it to another port in the area but after a few of their ports have stopped working we will usually get a case in about their troublesome ports. -Paul Reimer From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:[email protected]] On Behalf Of Lee H Badman Sent: Monday, July 24, 2017 12:03 PM To: [email protected]<mailto:[email protected]> Subject: Re: [WIRELESS-LAN] PCI compliance and detecting rogue access points Agreed on PCI operations- stick to cellular. But I've seen guidance that hits the rogue topic as a matter of routine in case someone plugs a rogue into a wired PCI LAN. It gets goofy and impractical at times. -----Original Message----- From: Jeffrey D. Sessler [[email protected]] Received: Monday, 24 Jul 2017, 10:57 To: [email protected]<mailto:[email protected]> [[email protected]] Subject: Re: [WIRELESS-LAN] PCI compliance and detecting rogue access points One fix for PCI in this case is to use solutions that are cellular based - it takes your network out of the equation. Jeff From: "[email protected]<mailto:[email protected]>" <[email protected]<mailto:[email protected]>> on behalf of "Joseph M. Karam" <[email protected]<mailto:[email protected]>> Reply-To: "[email protected]<mailto:[email protected]>" <[email protected]<mailto:[email protected]>> Date: Monday, July 24, 2017 at 7:33 AM To: "[email protected]<mailto:[email protected]>" <[email protected]<mailto:[email protected]>> Subject: [WIRELESS-LAN] PCI compliance and detecting rogue access points All, Have any of you been required to automatically detect and block rogue wireless access points for PCI compliance? I know we have some ability to detect wireless rogues with Aruba Airwave RAPIDS, but we have not done any automatic blocking. Any advice or experience would be appreciated. Thanks, Joe Karam ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/discuss. ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/discuss. ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/discuss. ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/discuss. ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/discuss.
