How can OSSIM help you with your PCI DSS Wireless requirements?

Topics

• PCI DSS

• How PCI applies to Wireless

• What is OSSIM?

• The advantages of Open Source

• The Open Source approach

PCI DSS

• PCI DSS is a security standard for enhancing payment account data security.

• Includes requirements for several protective measures like policies, procedures, software design…

• PCI purpose is to protect customer account data.

How PCI applies to wireless

PCI DSS outlines some Wireless requirements:

• Maintains an up-to-date wireless hardware inventory.

• Scan for the presence of wireless access points / deploy a wireless IDS.

• Deploy an automatic system to alert and eliminate rogue devices and unauthorized wireless connections.

• Isolate wireless traffic from the Cardholder Data Environment and monitor logs generated and deploy an IDS/IPS.

• Verify strong cryptography is being used on transmission of cardholder data over encrypted Wireless networks.

OSSIM

What is Ossim?

Alienvault SIEM (Ossim) provides the industry’s most complete and integrated Information Security Management Solution offering all the necessay levels, from the detection at low level to the report and definition of security metrics.

Ossim is capable to collect all the information of your network and systems and process the information to discover potential risk for your organization offering high level state indicators that allow us to guide inspection and measure the security situation of our organization.

The advantages of Open Source

The advantages of the Open Source

• Lower Software costs

• Access to underlying source code

• Easily modifiable and adaptable to customer needs.

Ossim approach

Case Study: Using Ossim to comply with PCS DSS Wireless requirements

On the proposed approach Ossim leans on Kismet, an Open Source detector and wireles intrusion detection system to collect the necessary information to cover PCI DSS requirements.

Environment

Environment Collection

To comply with PCI DSS requirements Ossim will collect and process:

• Firewall logs to Cardholder Data Environment (CDE) .

• Router/VPN logs to CDE location.

• IDS alerts (Snort ) from the Ossim sensor receiving mirrored traffic from the switch.

• Wireless IDS (Kismet) logs and alerts from wireless sensors deployed covering wireless locations.

PCI Requirements I

PCI Requirement: Maintains an up-to-date wireless hardware inventory.

• Ossim system incorporates active inventory through OCS deployment, passive host discovery via Ntop and integrates with Nedi to automatically network discovery.

PCI Requirement II

PCI Requirement: Scan for the presence of wireless access points / deploy a wireless IDS.

• The deployed wireless sensors allow us to detect wireless access points as well as alerts generated from the included wireless intrusion detection system.

PCI Requirement II

PCI Requirement: Scan for the presence of wireless access points / deploy a wireless IDS.

•

PCI Requirement II

PCI Requirement: Scan for the presence of wireless access points / deploy a wireless IDS.

•

PCI Requirement III

PCI Requirement: Deploy an automatic system to alert and eliminate rogue devices and unauthorized wireless connections.

• The Wireless sensors will detect non registered Access Points.

• Once an AP is detected, the Ossim system will check if the hardware is connected to the enterprise network (Rogue AP) through the information collected by Ntop and Nedi.

PCI Requirement IV

PCI Requirement: Isolate wireless traffic from the Cardholder Data Environment and monitor logs generated and deploy an IDS/IPS.

• The system will collect, correlate and report possible attacks detected from wireless clients to the Cardholder Data envirnment.

PCI Requirement IV

PCI Requirement: Isolate wireless traffic from the Cardholder Data Environment and monitor logs generated and deploy an IDS/IPS.

•

PCI Requirement V

PCI Requirement: Verify strong cryptography is being used on transmission of cardholder data over encrypted Wireless networks.

• The Wireless sensor is capable to detect unencrypted wireless access points inside the defined wireless network.

Reporting

Reporting

• Make the most of the customizable reporting capabilities with a high abstraction layer.

Reporting

Reporting

Credits

Jaime Blasco

Alienvault Labs Manager

jaime.blasco@alienvault.com

@jaimeblascob