rogue wireless device scanning and pci

Need to comply with PCI? Whether you have wireless devices or not, you do need to scan and make sure you don’t have any popping up. This SPSP report goes into detail on this subject.

My biggest concern was the mention that using Netstumbler or Kismet to discover rogue access points is sufficient. I agree, but only if you’re constantly analyzing the results, i.e. not just doing a walk-through every quarter, month, or week, but rather have a dedicated system always looking. Not some point-in-time crap.

Why? Because an idle SSID-hiding AP will still be invisible to Netstumbler and Kismet (even a chatty SSID-hiding AP will hide from Netstumbler!). You need to capture even the small window where a wireless AP is talking.

By the way, I’m hoping some answers to EthicalHacker.net’s latest challenge will not only answer the second question (How were the kids able to access Greg’s rogue access point even though it was not detected during Mr. Phillips PCI compliance assessment?), but also explain how to detect a rogue wireless device that isn’t talking at the moment. I wasn’t sure if that is possible short of brute-forcing an SSID response or trying to get the AP to talk from wired to wireless somehow…