wireless networking best practices - dcrs solutions wireless networking best practices wireless...

Download Wireless Networking Best Practices - DCRS Solutions Wireless Networking Best Practices Wireless Networking

If you can't read please download the document

Post on 13-Mar-2020

0 views

Category:

Documents

0 download

Embed Size (px)

TRANSCRIPT

  • Wireless Best Practices December 20, 2011 2:40 PM

    Page 1 of 94

    Wireless Networking

    Best Practices Version 2.0

    About This Document

    This document is meant to serve as a guide for implementing MICROS wireless

    Hardware following Payment Application Data Security Standards (PA-DSS).

    This document is to be used as an implementation guide supplement.

    Copyright 2011

    MICROS Systems, Inc.

    Columbia, MD USA

    All Rights Reserved

  • Wireless Networking Best Practices

    Wireless Networking Best Practices December 20, 2011 2:40 PM

    Page 2 of 94

    Declarations

    Warranties

    Although the best efforts are made to ensure that the information in this

    document is complete and correct, MICROS Systems, Inc. makes no warranty

    of any kind with regard to this material, including but not limited to the implied

    warranties of marketability and fitness for a particular purpose.

    Information in this document is subject to change without notice.

    No part of this document may be reproduced or transmitted in any form or by

    any means, electronic or mechanical, including photocopying, recording, or

    information recording and retrieval systems, for any purpose other than for

    personal use, without the express written permission of MICROS Systems, Inc.

    MICROS Systems, Inc. shall not be liable for errors contained herein or for

    incidental or consequential damages in connection with the furnishing,

    performance, or use of this document.

    Trademarks

    Adobe FrameMaker is a registered trademark of Adobe Systems Incorporated.

    The following are either registered trademarks or trademarks of Microsoft Corporation in the U.S. and/or other

    countries; Operating Systems - Windows® 7, Microsoft Windows Server® 2008 R2 (Release 2), Microsoft Windows

    Server® 2008, Microsoft Windows Server® 2003 and Windows® XP. Database Platforms - Microsoft SQL Server®

    2008 R2 (Release 2), Microsoft SQL Server® 2008 and Microsoft SQL Server® 2005. Other products - Microsoft

    Excel, Win32 and Windows® CE.

    The following are registered trademarks of the Oracle® Corporation; Database Platforms - Oracle® 11g R2 (Release

    2), Oracle® 11g and Oracle® 10g.

    Visio is a registered trademark of Visio Corporation.

    All other trademarks are the property of their respective owners.

  • Wireless Networking Best Practices

    Wireless Networking Best Practices December 20, 2011 2:40 PM

    Page 3 of 94

    Who Should

    Be Reading

    This

    Document

    What the

    Reader Should

    Already Know

    This document is intended for the following audiences:

    � MICROS Installers/Programmers

    � MICROS Dealers

    � MICROS Customer Service

    � MICROS Training Personnel

    � MIS or IT Personnel

    This document assumes the reader has the following knowledge or expertise:

    � Operational understanding of PCs

    � Understanding of basic network concepts

  • Wireless Networking Best Practices

    Wireless Networking Best Practices December 20, 2011 2:40 PM

    Page 4 of 94

    The PCI DSS Wireless Guideline Informational Supplement version 2.0 references several security

    methods. This document will specify the highest possible security method for each device. However, it

    is sometimes not practical to use all the recommendations specified in the supplement. See Below:

    From Section 4.4.1 Summary of Recommendations:

    A. WPA or WPA2 Enterprise mode with 802.1X authentication and AES encryption is recommended for WLAN networks.

    B. It is recommended that WPA2 Personal mode be used with a minimum 13-character random passphrase and AES encryption.

    C. Pre-Shared Keys should be changed on a regular basis D. Centralized management systems that can control and configure distributed wireless networks are

    recommended.

    E. The use of WEP in the CDE is prohibited for all deployment after June 30, 2010.

    PCI Wireless requirements can be broken down into two primary categories.

    1. Generally applicable wireless requirements. These are requirements that all organizations should have in place to protect their networks from attacks via rogue or unknown wireless access points

    (APs) and clients. They apply to organizations regardless of their use of wireless technology and

    regardless of whether the wireless technology is a part of the CDE or not. As a result, they are

    generally applicable to organizations that wish to comply with PCI DSS.

    2. Requirements applicable for in-scope wireless networks: These are requirements that all organizations that transmit payment card information over wireless technology should have in

    place to protect those systems. They are specific to the usage of wireless technology that is in

    scope for PCI DSS compliance, namely the Cardholder Data Environment (CDE). These

    requirements apply in addition to the universally applicable set of requirements.

    This document will assume that all Access Points will operate inside the CDE scope as explained in

    the PCI DSS Wireless Implementation Guide 2.0.

    For wireless environments, change wireless vendor defaults, including but not limited to:

    • Wireless Equivalency Privacy (WEP) keys

    • Default Services Set Identifiers (SSID) • Default Passwords • SNMP Community Strings • Disable SSID Broadcasts • Enable Wi-Fi protected access (WPA or WPA2) technology for encryption EAP

    authentication when WPA-capable

    Important Security Warning:

  • Wireless Networking Best Practices

    Wireless Networking Best Practices December 20, 2011 2:40 PM

    Page 5 of 94

    Default settings must be changed before the site goes live to maintain PCI compliancy.

    All wireless encryption keys must be changed at least once a year to maintain PCI compliancy.

    For wireless networks transmitting cardholder data, encrypt the transmissions by using WiFi protected

    access (WPA or WPA2) technology, IPSEC VPN, or SSL/TLS. Never rely exclusively on wired

    equivalent privacy (WEP) to protect confidentiality and access to a wireless LAN.

    If WEP is used, do the following:

    • Use with a minimum 104-bit encryption key and 24 bit-initialization value • Use ONLY in conjunction with WiFi protected access (WPA or WPA2) technology, VPN, or

    SSL/TLS

    • Rotate shared WEP keys quarterly (or automatically if the technology permits) • Rotate shared WEP keys whenever there are changes in personnel • Restrict access based on media access code (MAC) address

  • Wireless Networking Best Practices

    Wireless Networking Best Practices December 20, 2011 2:40 PM

    Page 6 of 94

    Wireless Networking Best Practices

    Table of Contents

    Configuring the Wireless Workstation 4 .............................................................................................. 7

    Configuring the Wireless Workstation 4 LX ...................................................................................... 10

    Configuring the Wireless Keyboard Workstation 270........................................................................ 13

    Configuring the Wireless Workstation 5 ............................................................................................ 16

    Configuring the Windows CE Wireless Workstation 5a .................................................................... 19

    Configuring the POSReady 2009 Wireless Workstation 5a ............................................................... 25

    Configuring the Dual-Core Windows 7® Wireless Workstation 5a .................................................. 28

    Configuring the POSReady 2009 Wireless PCWS 2015 .................................................................... 33

    Configuring the Windows 7 Wireless PCWS 2015 ............................................................................ 42

    Configuring the Wireless PCWS 2010 with Windows XP Professional® ......................................... 46

    Configuring the Wireless PCWS 2010 with Windows Server 2003® ............................................... 49

    Configuring the PPT8846 to use PEAP Authentication ..................................................................... 52

    Configuring the Symbol MC50 to use PEAP Authentication ............................................................ 57

    Configuring the Symbol MC70 .......................................................................................................... 62

    Configuring the Motorola MC55 ........................................................................................................ 66

    Configuring the Motorola MC55a ...................................................................................................... 69

    Configuring the Symbol AP5131 Access Point .................................................................................. 72

    Configuring the Symbol WS2000 Wireless Switch............................................................................ 84