pci 3.0 compliance and security for retailers
DESCRIPTION
The Aerohive Personalized Engagement Platform provides a flexible, high-performance Wi-Fi network with advanced security features that address PCI 3.0 requirements. Gain a highly secure way to personalize the shopping experience for in-store customers while complementing your PCI compliance goals.TRANSCRIPT
PCI 3.0 Compliance and Security for Retailers
Solution Brief
The Aerohive Personalized Engagement Platform provides a flexible, high-performance Wi-Fi network with advanced security features that address PCI 3.0 requirements. Gain a highly secure way to personalize the shopping experience for in-store customers while complementing your PCI compliance goals.
Challenges
Recent breaches at high-profile retailers have put credit card and customer data security back in the spotlight. Securing this data becomes even more challenging as retailers look for innovative ways set themselves apart, increase in-store traffic, strengthen customer loyalty, and drive sales. Many retailers are implementing mobile strategies that allow customers to do everything from check item availability and compare products to make mobile purchases with their smartphones. These new capabilities place new security and compliance demands on wireless networks.
PCI Compliance and Access Networks Access networks provide network connectivity to point-of-sale devices, laptops, and mobile phones in the retail store. The PCI Data Security Standard (PCI DSS) applies to all network components—wired and wireless. The PCI Security Standards Council continues to update PCI DSS requirements to address the dynamic threat landscape. Version 3.0 of the PCI Data Security Standard (PCI DSS) became effective on Jan. 1, 2014.
For wireless and access networks, the elements generally included in PCI compliance checking are Wi-Fi access points, switches, firewalls, authenticating servers, and any security appliance is part of the cardholder data environment (CDE). The specific PCI DSS requirements that apply to wireless and access networks are shown in Figure 1.
Guideline Benefit
4.1.1 - Ensure wireless networks transmitting cardholder data or connected to the cardholder data environment, use industry best practices (for example, IEEE 802.11i) to implement strong encryption for authentication and transmission. Note: The use of WEP as a security control is prohibited.
Use the latest, most advanced encryption standards to permit only authorized devices and users in the network.
6.5.10 - Broken authentication and session management. Note: Requirement 6.5.10 is a best practice until June 30, 2015, after
Secure authentication and session management prevents unauthorized individuals from compromising legitimate account
PCI 3.0 Compliance and Security for Retailers
which it becomes a requirement.
credentials, keys, or session tokens.
11.1.1 – Maintain an inventory of authorized wireless access points including a documented business justification.
Locate and identify unauthorized (rogue) access points and clients.
Figure 1. PCI DSS Requirements Applying to Wireless and Access Networks
Aerohive Solution Overview
The Aerohive Personalized Engagement Platform includes Aerohive intelligentaccess platforms with built-in Aerohive HiveOS™ security features and HiveManager PCI 3.0 Reporting. Figure 2 illustrates the platform’s functionality.
Figure 2. Aerohive Personalized Engagement Platform
Aerohive HiveOS
Aerohive intelligent access platforms include the enterprise-class Aerohive HiveOS operating system. HiveOS includes the following advanced security features that help address PCI compliance requirements:
• Wireless Intrusion Protection System (WIPS), which enables each AP to perform off-channel scanning and identify and locate unauthorized (rogue) APs and clients, as well as misbehaving clients.
• Strong authentication and encryption standards, such as WPA/WPA2 (Personal), WPA/WPA2 802.1X Enterprise and Aerohive Private Pre-Shared Key
• Intrusion detection (MAC Dos, IP DoS) features help detect active penetration attempts, such as failed authentications, associations, or EAP handshakes; various types of protocol frame floods, such as probe requests, probe responses, and authentication requests; and denial of service attacks through deauthentication and disassociation attacks.
• An integrated firewall with full application visibility and control that isolates the cardholder data from rest of the network and ensures network access is tightly controlled based on context.
• Strong password enforcement to validate that all passwords include at least seven characters with both numeric and alphabetic characters.
Copyright ©2014, Aerohive Networks, Inc. 3
PCI 3.0 Compliance and Security for Retailers
• Logging of all wireless association and authentication requests.
Aerohive HiveManager
Aerohive HiveManager is an out-of-band enterprise-class network management system that handles configuration, OS updates, and monitoring for thousands of Aerohive devices. HiveManager checks the network for PCI DSS compliance and reports on non-compliant Wi-Fi configurations and vulnerabilities as shown in Figure 3. HiveManager reports include:
• Rogue Device Compliance provides details on rogue devices and stations • Device Configuration Compliance identifies devices with weak access
security, WEP, or open authentication. • Intrusion Detection Compliance for MAC address and IP DoS
Log Servers provide a list of external and internal log servers
Figure 3. HiveManager PCI DSS Wireless LAN Compliance Report
Address Wi-Fi PCI Compliance More Effectively With Aerohive Maintaining PCI compliance is an ongoing effort. As wireless and access networks become critical to retailers’ sales, marketing, and customer engagement objectives, they must be secure and compliant. The Aerohive Personalized Engagement Platform delivers advanced security features and PCI compliance reporting capabilities that retailers need to effectively address PCI compliance while delivering a superior shopping experience to their customers.
4 Copyright ©2014, Aerohive Networks, Inc.
PCI 3.0 Compliance and Security for Retailers
For More Information
Products: http://www.aerohive.com/products/overview.html
Resource Center: http://www.aerohive.com/resources
Promotions: http://www.aerohive.com/promotions
About Aerohive
Aerohive (NYSE: HIVE) unleashes the power of enterprise mobility. Aerohive’s technology enables organizations of all sizes to use mobility to increase productivity, engage customers, and grow their business.Deployed in over 13,000 enterprises worldwide, Aerohive's proprietary mobility platform takes advantage of the cloud and a distributed architecture to deliver unified, intelligent, simplified and cost-effective networks. Aerohive was founded in 2006 and is headquartered in Sunnyvale, Calif. For more information, please visit www.aerohive.com, call us at 408-510-6100, follow us on Twitter @Aerohive, subscribe to our blog, join our community or become a fan on our Facebook page.
Copyright ©2014, Aerohive Networks, Inc. 5