Motorola AirDefense Retail Solutions Wireless Security Solutions For Retail

Similar documents
WHITE PAPER. PCI Wireless Compliance Demystified Best Practices for Retail

Wireless Networking and PCI Compliance

Complying with RBI Guidelines for Wi-Fi Vulnerabilities

PRODUCT GUIDE Wireless Intrusion Prevention Systems

EC-Council Certified Network Defender (CND) Duration: 5 Days Method: Instructor-Led

Will you be PCI DSS Compliant by September 2010?

Wireless LAN Security (RM12/2002)

Wireless Network Security

SECURITY PRACTICES OVERVIEW

Cisco Adaptive Wireless Intrusion Prevention System: Protecting Information in Motion

Payment Card Industry Data Security Standard (PCI DSS) Primer Version 1.1

The Honest Advantage

Addressing PCI DSS 3.2

The following chart provides the breakdown of exam as to the weight of each section of the exam.

What is Eavedropping?

Multi-Layered Security Framework for Metro-Scale Wi-Fi Networks

ExtremeWireless WiNG NX 9500

WHITE PAPER. PCI and PA DSS Compliance with LogRhythm

Attacking Networks. Joshua Wright LightReading LIVE! October 1, 2003

PCI Compliance: It's Required, and It's Good for Your Business

Complying with PCI DSS 3.0

NX 9500 INTEGRATED SERVICES PLATFORM SERIES FOR THE PRIVATE CLOUD

Configuring Security Solutions

SOLUTION BRIEF FPO. Imperva Simplifies and Automates PCI DSS Compliance

in PCI Regulated Environments

What are PCI DSS? PCI DSS = Payment Card Industry Data Security Standards

PCI DSS Compliance. Verba SOLUTION GUIDE. Introduction. Verba and the Payment Card Industry Data Security Standard

90% 191 Security Best Practices. Blades. 52 Regulatory Requirements. Compliance Report PCI DSS 2.0. related to this regulation

Total Security Management PCI DSS Compliance Guide

Mobile Security Fall 2013

Samsung Security AP WHITE PAPER

Today s challenge on Wireless Networking. David Leung, CISM Solution Consultant, Security Datacraft China/Hong Kong Ltd.

PCI DSS. Compliance and Validation Guide VERSION PCI DSS. Compliance and Validation Guide

CYBER ATTACKS EXPLAINED: WIRELESS ATTACKS

BYOD: BRING YOUR OWN DEVICE.

Clearing the Path to PCI DSS Version 2.0 Compliance

Wireless and Network Security Integration Solution Overview

NETWORKING &SECURITY SOLUTIONSPORTFOLIO

Karthik Pinnamaneni COEN 150 Wireless Network Security Dr. Joan Holliday 5/21/03

Securing Your Airspace with WatchGuard s Wireless Intrusion Prevention (WIPS)

Overview: Compliance and Security Management PCI-DSS Control Compliance Suite Overview

Payment Card Industry (PCI) Data Security Standard

NERC CIP VERSION 6 BACKGROUND COMPLIANCE HIGHLIGHTS

How can OSSIM help you with your PCI DSS Wireless requirements?

Comodo HackerGuardian. PCI Security Compliance The Facts. What PCI security means for your business

GUIDE TO STAYING OUT OF PCI SCOPE

The Top 6 WAF Essentials to Achieve Application Security Efficacy

COMPLETING THE PAYMENT SECURITY PUZZLE

Standard For IIUM Wireless Networking

Teradata and Protegrity High-Value Protection for High-Value Data

SQL Security Whitepaper SECURITY AND COMPLIANCE SOLUTIONS FOR PCI DSS PAYMENT CARD INDUSTRY DATA SECURITY STANDARD

RSA Solution Brief. The RSA Solution for VMware. Key Manager RSA. RSA Solution Brief

Aerohive and IntelliGO End-to-End Security for devices on your network

Carbon Black PCI Compliance Mapping Checklist

AuthAnvil for Retail IT. Exploring how AuthAnvil helps to reach compliance objectives

Symantec Network Access Control Starter Edition

Education Network Security

Chapter 11: Networks

Transforming Security from Defense in Depth to Comprehensive Security Assurance

Reinvent Your 2013 Security Management Strategy

COPYRIGHTED MATERIAL. Contents

Symantec Network Access Control Starter Edition

D. The bank s web server is using an X.509 certificate that is not signed by a root CA, causing the user ID and password to be sent unencrypted.

University of Sunderland Business Assurance PCI Security Policy

WIRELESS AS A BUSINESS ENABLER. May 11, 2005 Presented by: Jim Soenksen and Ed Sale, Pivot Group

Simplify PCI Compliance

Application and Data Security with F5 BIG-IP ASM and Oracle Database Firewall

Site Data Protection (SDP) Program Update

Achieving End-to-End Security in the Internet of Things (IoT)

Designing Polycom SpectraLink VoWLAN Solutions to Comply with Payment Card Industry (PCI) Data Security Standard (DSS)

Department of Public Health O F S A N F R A N C I S C O

Section 3.9 PCI DSS Information Security Policy Issued: November 2017 Replaces: June 2016

Ensuring Desktop Central Compliance to Payment Card Industry (PCI) Data Security Standard

Defense-in-Depth Against Malicious Software. Speaker name Title Group Microsoft Corporation

Enforcing PCI Data Security Standard Compliance Marco Misitano, CISSP, CISA, CISM Business Development Manager Security Cisco Italy

Managing Rogue Devices

Point ipos Implementation Guide. Hypercom P2100 using the Point ipos Payment Core Hypercom H2210/K1200 using the Point ipos Payment Core

Symantec Network Access Control Starter Edition

SECTION: SUBJECT: PCI-DSS General Guidelines and Procedures

Securing the Empowered Branch with Cisco Network Admission Control. September 2007

SECURING DEVICES IN THE INTERNET OF THINGS

Securing Your Microsoft Azure Virtual Networks

AKAMAI CLOUD SECURITY SOLUTIONS

Automating the Top 20 CIS Critical Security Controls

Securing Your Amazon Web Services Virtual Networks

ISACA Kansas City Chapter PCI Data Security Standard v2.0 Overview

INSIDE. Integrated Security: Creating the Secure Enterprise. Symantec Enterprise Security

Payment Card Industry Internal Security Assessor: Quick Reference V1.0

Securing Privileged Access and the SWIFT Customer Security Controls Framework (CSCF)

Your guide to the Payment Card Industry Data Security Standard (PCI DSS) banksa.com.au

NX 9500 INTEgraTED SERvICES PlatfORm SERIES for THE PRIvaTE ClOUD

SYMANTEC ENTERPRISE SECURITY. Symantec Internet Security Threat Report September 2005 Power and Energy Industry Data Sheet

INCREASE APPLICATION SECURITY FOR PCI DSS VERSION 3.1 SUCCESS AKAMAI SOLUTIONS BRIEF INCREASE APPLICATION SECURITY FOR PCI DSS VERSION 3.

Cisco ONE for Access Wireless

SECURING DEVICES IN THE INTERNET OF THINGS

PCI DSS COMPLIANCE DATA

Cisco ASA 5500 Series IPS Solution

10 KEY WAYS THE FINANCIAL SERVICES INDUSTRY CAN COMBAT CYBER THREATS

Exam : Title : Security Solutions for Systems Engineers. Version : Demo

Wireless Network Security Fundamentals and Technologies

Transcription:

Motorola AirDefense Retail Solutions Wireless Security Solutions For Retail

Wireless Risks in Retail The PCI Security Standards Council is an open global forum, founded by American Express, Discover Financial Services, JCB, MasterCard Worldwide and Visa International, for the ongoing development, enhancement, storage, dissemination and implementation of security standards for account data protection. The PCI Security Standards Council released an updated version of their Data Security Standard (DSS) that went into The introduction of wireless technologies in retail has created a new avenue for data breaches, circumventing traditional security architectures. Several recently publicized data breaches in the retail industry have exploited wireless vulnerabilities. Attackers have been able to access sensitive information such as credit/debit cards that have resulted in brand damage, financial/regulatory liabilities and disruption of business for retailers. Wireless introduces the following vulnerabilities that traditional security solutions cannot mitigate. Rogue Wireless Devices A rogue wireless Access Point (AP) is an unauthorized AP physically connected to the wired retail network. Rogue APs provide attackers with unrestricted access, bypassing firewalls and VPNs, to internal servers just as if they were connected to an internal wired port. Rogue APs can be installed on any network, including networks with no official wireless deployments and Point of Sale (POS) networks that have been segmented from regular wireless networks. Identity Thefts A hacker can masquerade as an authorized wireless device and connect to an authorized AP. MAC address based Access Control Lists (ACL) are useless since wireless MAC addresses are broadcast and hackers can easily change the MAC address of their device. WEP encryption can be cracked in a few minutes. WPA Pre- Shared Key is easy to implement and does not have the vulnerabilities of WEP; however, one common key is used between many devices. Hackers have been known to steal portable data terminals or use social engineering to obtain the preshared key. Once the key is stolen, the entire network is vulnerable until administrators manually change the key at every AP and every portable data terminal. effect on October 1st, 2008. PCI DSS version 1.2 is the global standard adopted by the card brands for all organizations that process, store or transmit cardholder data. 1

In July 2009, the PCI Security Standards Council released the PCI DSS Wireless Guideline, as a supplement to DSS 1.2, to help organizations understand how PCI DSS applies to wireless environments, how to limit the PCI DSS scope as it pertains to wireless, and practical methods and concepts for deployment of secure wireless in payment card transaction environments. Non-Compliant APs Wireless APs are frequently misconfigured. According to Gartner, a majority of all wireless security incidents will happen as a result of misconfigured devices. Misconfigurations happen for a variety of reasons including human error and bugs in wireless management software. A misconfigured AP in a store or distribution center can be detected and exploited by a hacker to gain access to the network allowing them to attack internal servers and applications. Denial of Service Attacks Hackers can easily perform wireless denial of service (DoS) attacks preventing devices from operating properly and stopping critical business operations. Wireless DoS attacks can cripple a distribution center or store despite the best security standards like WPA2. Hackers can insert malicious multicast or broadcast frames via wireless APs that can wreak havoc on the internal wired infrastructure of retail network. PCI Wireless Requirements The alarming increase in credit/debit card numbers and identity theft in retail has led to the creation and enforcement of stricter information security standards. Wireless specific requirements have also become stricter and retailers often find wireless as the Achilles heel from a security and compliance perspective. The Payment Card Industry (PCI) is now mandating stricter wireless security measures and the cost of non-compliance is significant. PCI DSS version 1.2 places special emphasis on WLAN security. It requires all organizations with Cardholder Data Environments (CDE) to change wireless defaults (passwords, SSIDs, keys, etc.), use strong encryption, eliminate rogue/unauthorized wireless devices, restrict physical access to wireless devices, log wireless activity, and define wireless usage policies. Recently, the PCI Security Standards Council officially released the PCI Wireless Guidelines Document to help organizations understand how PCI DSS applies to wireless environments, how to limit the PCI DSS scope as it pertains to wireless, and practical methods and concepts for deployment of secure wireless in payment card transaction environments. Both of these documents consists of steps that mirror security best practices. Here are the top 5 steps retailers can take to secure wireless. 1. Monitor the retail airspace 24x7 to eliminate rogue devices and block unauthorized wireless access. PCI compliance requires quarterly scanning for rogue devices at the very least. Using laptop based sniffers at each location quickly becomes an expensive and untenable solution for large retailers and can leave networks vulnerable for months. 2. Install a stateful wireless firewall between wireless networks and the card holder environment to restrict wireless traffic. 3. Prevent wireless attacks and intrusions by using a specialized Wireless Intrusion Prevention System (WIPS) that can detect and prevent identity theft and denial of service attacks. 4. Maintain detail forensic records of wireless activity for all stores, distribution centers 2

and headquarters with the ability to generate compliance reports and provide an auditable trail of wireless events. 5. Upgrade to WPA based wireless security. The Motorola AirDefense Solution Wireless Intrusion Prevention Systems (WIPS) thwart wireless attacks and provide the most cost effective solution to meet PCI wireless security requirements. The Motorola AirDefense Enterprise wireless security solution is based on patented technology that incorporates distributed smart IEEE 802.11a/b/ g/n sensors reporting to a central server appliance. The remote sensors are deployed in stores, distributions centers and the retail headquarters. Sensors are vendor agnostic 24x7 WLAN radios available as standalone units or can be embedded in Motorola APs to reduce deployment costs. They monitor all WLAN activities 24x7 in the local airspace and communicate with the Motorola AirDefense server, which correlates and analyzes the data to provide scalable, centralized management for security and operational support of the WLAN. Administrators access the system via management console software installed on their computer. The Motorola AirDefense solution addresses three key areas for retailers: Comprehensive Wireless Security Motorola AirDefense Enterprise provides the industry leading solution for rogue wireless detection and containment and 24x7 wireless intrusion prevention. Motorola AirDefense Enterprise can accurately distinguish neighboring devices from rogue devices that are connected to the retail network and can be setup to automatically terminate a rogue device over the air. Alternatively, the device can be blocked on the wired side using the Motorola AirDefense switch port suppression feature. To find the location of the rogue device, Motorola AirDefense provides accurate map based location tracking using signal strength triangulation. Motorola AirDefense Enterprise has the largest wireless attack library with over 200 alarms that can detect a range of attacks such as reconnaissance activity, identity theft, session hijacking or Man-in-the-Middle (MITM) attacks, multiple DoS attacks, wired side leakage, dictionary based attacks, etc. Motorola AirDefense reduces false positives by correlating wireless and wired side information in conjunction with rich historical context maintained in its forensic database instead of just looking at the present snapshot. Motorola AirDefense recognizes documented and undocumented (day-zero) attacks, because it does not rely solely on attack signatures but also on advanced anomalous behavior analysis. Once an accurate assessment of an intrusion is made, Motorola AirDefense Enterprise provides wireless and wired termination capabilities to mitigate the threat in real-time. Motorola wireless APs and switches include a built-in layer 2-7 wireless firewall, capable of blocking several attacks (e.g. DHCP spoofing or ARP cache poisoning) that cannot be detected by traditional layer 3 firewalls, right at the edge of the WLAN. The Motorola wireless firewall contains sophisticated, distributed, stateful packet inspection technology, protecting users as they roam across the enterprise, while avoiding performance bottlenecks that arise when all traffic is funneled to a central choke point for inspection. The Motorola wireless firewall can effectively segregate WLAN traffic from the card holder environment and integrates with leading enterprise authentication systems, including LDAP and Active Directory, and can leverage a built-in location tracking engine to enforce user identity, role and location based security policies. 3

PCI Wireless Compliance Motorola AirDefense Enterprise provides the most cost-effective mechanism to comply with PCI DSS wireless requirements. Complying with the PCI wireless requirements is tedious and expensive for most retailers. PCI DSS Section 11.1 requires that retailers use a wireless analyzer at least every quarter to identify all wireless devices in use. Note that this is required regardless of WLAN deployment status, the intent being to neutralize rogue wireless devices that can show up even if WLANs have not been deployed. wired infrastructure or on isolated network segments may not show up on a wiredside scan. Motorola AirDefense Enterprise sensors perform wireless scans 24x7 above and beyond the quarterly PCI requirement. Every device is centrally logged in the server s forensic database and PCI compliance reports can be scheduled and automatically generated by the system. Motorola AirDefense Enterprise updates and maintains around 300 different statistics for every wireless device, every minute, and is capable of storing this data for months. The forensic data is mined to produce detailed PCI compliance reports. Scanning a few stores and assuming that the rest are similar is not sufficient. The PCI Wireless Guideline clearly specifies that wireless scanning has to be done for all locations, regardless of wireless deployment status and that the scan results should clearly classify authorized, neighboring and rogue wireless devices at each location. Further, relying on wired-side scanning alone will not meet the requirement since wireless devices not actively connected to the 4

Remote Wireless Network Assurance The Motorola AirDefense solution offers a unique set of tools for vendor agnostic, remote WLAN performance management. Motorola AirDefense can significantly reduce the management cost of store and distribution center wireless networks by providing powerful tools for optimizing network performance and remote troubleshooting. Motorola analyzes traffic flow to interpret WLAN performance and identify usage characteristics, interference from neighboring WLANs, channel overlap, and performance degradation. The innovative add-on modules integrated into the Motorola performance management and troubleshooting suite include Motorola AirDefense Advance Troubleshooting, Motorola AirDefense Spectrum Analysis, Motorola AirDefense LiveRF, and Motorola AirDefense Advanced Forensics. These tools provide a real-time view of all WLAN traffic, enabling network administrators to remotely troubleshoot problems, identify and respond to network mis-configurations, and monitor the networks availability. The net result is a system that provides retailers the ability to maximize the availability of their WLAN while simultaneously reducing operational expenses. About Motorola AirDefense Motorola offers a comprehensive portfolio of wireless LAN (WLAN) infrastructure solutions designed to enable the truly wireless enterprise, regardless of the size of your business from large enterprises with locations all over the world to branch offices and small businesses. As the market leader and innovator of 24x7 monitoring solutions, Motorola AirDefense provides a complete suite of wireless security and operation support solutions to enable risk-free wireless LANs. Motorola AirDefense provides the most advanced solutions for vendor agnostic rogue wireless detection, network performance management, remote troubleshooting, policy enforcement and intrusion prevention. Only Motorola delivers wireless agility inside the enterprise, between locations and out to end-user devices. With time-proven resiliency, security and performance equal to or greater than that of a wired network, Motorola s solutions substantially reduce network deployment and maintenance costs, and ensure the availability of cost-effective wireless connectivity in every corner of the enterprise. Motorola AirDefense Solutions belong to the broader One Point Wireless Suite, a set of powerful and innovative software solutions that reflect Motorola s holistic approach to network design, management, security and network assurance. Motorola delivers both an unrivaled indoor/outdoor wireless portfolio and the software tools you need to build and operate a trusted high-performance wireless network. For more information on Motorola AirDefense Solutions, please visit us on the web at motorola.com/ airdefensesolutions. 5

6

motorola.com Part Number SB-RETL. Printed in USA 04/10. MOTOROLA and the Stylized M Logo are registered in the US Patent & Trademark Office. All other product or service names are the property of their respective owners. Motorola, Inc. 2010. All rights reserved.

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback