The Payment Card Industry (PCI) Data Security Standard (DSS) is a set of requirements for enhancing payment account data security, developed by leading payment companies in the PCI Security Standards Council, including American Express, Discover Financial Services, JCB International, MasterCard Worldwide and Visa Inc. to help adoption of consistent data security measures World-wide.
The requirements for PCI DSS compliance applies to all businesses, large and small, in any industry that processes, transmits, or stores credit card transactions and cardholder information.
The objectives of PCI DSS are to increase the protection of credit card information and data from related transactions. PCI DSS includes deadlines for wireless installations and deployments using Wired Equivalent Privacy (WEP).
Wireless networks that are part of the Cardholder Data Environment must comply with all PCI DSS requirements.
PCI DSS compliance for systems that include wireless networks requires extra attention to the use and configuration of a range of Wireless LAN technologies and processes.
LEVER Technology Group PLC provide practical, industry-leading advice in wireless network security.
LEVER have worked with some of the biggest household names in banking and retail on wireless network security. We also have extensive experience with leading companies in the IT industry and national securty agencies, providing advice and guidance on how wireless networks can be made secure down to the bit level.
With more than 9 years experience in WiFi security policy, LEVER are the World’s ONLY Certified Wireless Network Professional (CWNP) Learning Partner, and Europe’s longest-established CWNP partner.
LEVER is a World-recognised authority in WiFi security education, with unique credentials, including many years of work for Government wireless security agencies and notable contracts for major names in Commercial, Health, Manufacturing and Education sectors.
LEVER provide industry-leading advice and consultancy in wireless network security and wireless security policy, to help you design and implement secure wireless networks, and to help you assess the security of existing wireless networks.
- Is your wireless network as secure as you think?
- What re the vulnerabilities in your wireless network?
- What improvements can and should be made to your wireless?
- Is your wireless network compliant with PCI DSS and other security standards?
- Is your wireless network protected effectively against intrusion?
- To what extent are you wireless user’s systems exposed?
- Is your wireless network susceptible to wireless packet sniffing?
- What protection does your wireless network have against denial of services (DoS) attacks?
- How can you easily improve the levels of Logging, Alerting, Auditing and Reporting?
- Are there rogue access points in your network, or around your facilities; and what is their impact?
- How can you automatically detect and protect your users and your network against rogue APs?
- Do you have a Wireless Intrusion Detection System (WIDS) and is it properly configured?
- Do you have a Wireless Intrusion Protection System (WIPS) and how effectively is it working for you?
- Is all of your wireless data strongly encrypted?
- Is your WPA Passphrase sufficiently strong?
- Are you using the most effective and appropriate EAP type for 802.1x / Enterprise auithentication.
- Is WEP used in your wireless network? (It shouldn’t be)
- Is Cisco LEAP used in your wireless network? (It shouldn’t be)
LEVER conduct industry-leading wireless security surveys of existing networks and produce the most comprehensive and authoritative wireless security audit reports.
Are you already the victim of some of the most common wireless security configuration mistakes that we regularly find in enterprise wireless networks?
- Weak or non-existent wireless user authentication.
- No wireless packet encryption.
- Using WEP (Wired Equivalent Privacy).
- Using an insufficiently strong WPA Passphrase (WPA-PSK).
- Using Cisco LEAP.
- Using the wrong EAP type.
- Revealing Windows Active Directory user names in the clear – unencryted – with every wireless user logon.
- Exposing wireless users to peer attacks.
- Not employing Wireless VLANs.
- No effective Wireless Intrusion Detection or Monitoring.
- No effective Security Audit Trail.
- Using out-of-date firmware in your Wireless APs or WLAN Controller.
- Ineffective Change Control procedures.
- Inadequate training for IT staff supporting wireless networks.
and the most common problem:
No written, effective Wireless Security Policy.
Wireless networking technologies provide convenience and mobility, but they can also introduce security risks if they are not properly planned, designed, implemented, supported and maintained.
LEVER can help you define, write, implement and audit an optimal, effective and robust effective wireless security policy.
Contact us for cost-effective, industry-leading advice on any aspect of wireless network security, policy or auditing.