Chain store use of NS

Thorn · 07-22-2008

A friend who knows my involvement with NS just sent this. He works for a chain store that just issued this memo to their IT Teams.

Quote:

[Company Name Removed]
Information Technology Team
Northern California Region

Payment Card Industry Data Security Standard

Requirement 11.1B - Use a wireless analyzer at least quarterly to identify all wireless devices in use.

The Network Asset PCI asset team recommends the Network Stumbler application as a wireless network analyzer, which is available for download from the NetStumbler download site. This document provides instructions on how to use Network Stumbler.

Network Stumbler needs to be installed on a laptop computer with wireless network capability as it uses the system’s wireless network interface to scan for wireless access points. The wireless interface radio needs to be enabled before running the application.

All locations in Northern California must be scanned at least once a quarter. All scan results will be stored here: [redacted]

Start Network Stumbler and follow these steps:

1. Click Device in the top menu bar and select the wireless interface card to use for scanning.
2. Select File > Enable Scan.
3. The application will begin to populate the user interface with all wireless access points detected in range.

When the list of detected access points is complete, a report can be exported with the following steps:

1. Click File > Export > Summary. This will bring up a Save File dialog box.
2. Enter a filename including the location code and date stamp and give it an .xls file extension.
3. Save** the file; it will be viewable in Microsoft Excel.
4. Email the scan file to [redacted]

**When saving the scan report, please use this naming convention:
11.1b-Store Abbreviation–FYnumberQnumber.xls

I sure hope they send Marius some cash for the corporate use. The chain is one of these new-age places that yaps about "social responsibility" and sells $180 t-shirts.

Oh, yeah; Be prepared for the inevitable "how come my card doesn't work" questions.

brwrdrvr · 07-22-2008

Quote:

Originally Posted by Thorn

A friend who knows my involvement with NS just sent this. He works for a chain store that just issued this memo to their IT Teams.

I sure hope they send Marius some cash for the corporate use. The chain is one of these new-age places that yaps about "social responsibility" and sells $180 t-shirts.

Oh, yeah; Be prepared for the inevitable "how come my card doesn't work" questions.

These were the first things to come to mind as I read this. I need to make sure the gaskets on the flame thrower are up to snuff and with no leaks. I need to also go to the store and stock up on popcorn and caffeine drinks/coffee.

streaker69 · 07-22-2008

I'm just gonna be my normal self.

beakmyn · 07-23-2008

Quote:

Originally Posted by faq

To*comply*with*PCI*DSS*11.1,*can*I*use*a*wired*net work*scanning*tool*instead*of*a*wireless*
analyzer?*
No. To comply with 11.1, a company must mitigate the risk of unauthorized or rogue wireless
devices. This is most often achieved by the use of a wireless analyzer. Scanning the wired network
for wireless devices may identify some unauthorized wireless devices but may not identify other
important wireless attack vectors. The first omission of wired network scanning is that it may miss
cleverly hidden and disguised rogue wireless devices that are connected to isolated network segments.
Another omission of wired scanning is that it cannot detect rogue wireless clients. A rogue wireless
client is any device that has a wireless interface that is not intended to be present in the environment.
Although insufficient on their own, wired analysis tools can be very valuable when used in
conjunction with wireless analyzers to improve the quality of the scan results.

Oh here's why they're doing it. It's right there in the FAQ

Quote:

Originally Posted by http://www.aegenis.com/whitepaper/PCI%20DSS%20Wireless%20Security%20FAQ.pdf

To*comply*with*PCI*DSS*11.1,*may*I*have*technical* staff*members*physically*walk*through*each*of*
my*sites*with*a*wireless*analyzer*instead*of*autom ating*the*process?*
Yes. Although this method is technically possible it is often times operationally tedious, error prone,
and costly. Companies can use freely available tools such as NetStumbler or Kismet as wireless
analyzers. Using one of these tools, a technician or auditor can physically visit each site and obtain a
list of the wireless devices nearby. The technician is then required to manually investigate each
device to determine if it allows access to CDE.

Thorn · 07-23-2008

Yeah, since they aren't giving further instructions, my assumption is that the PCI team is going to review the xls files and see if there are any wireless networks and MACs on the list that aren't part of the various stores networks.

Of course, they may have a whole pile of false positives when they first start doing these scans.

streaker69 · 07-23-2008

Quote:

Originally Posted by Thorn

Yeah, since they aren't giving further instructions, my assumption is that the PCI team is going to review the xls files and see if there are any wireless networks and MACs on the list that aren't part of the various stores networks.

Of course, they may have a whole pile of false positives when they first start doing these scans.

Hmm, wasn't there something announced a while ago at Shmoo that would generate thousands of fake AP's?

Barry · 07-23-2008

Quote:

Originally Posted by streaker69

Hmm, wasn't there something announced a while ago at Shmoo that would generate thousands of fake AP's?

I believe there was. Pretty sure it's in backtrack as well.

G8tK33per · 07-24-2008

Quote:

Originally Posted by Thorn

A friend who knows my involvement with NS just sent this. He works for a chain store that just issued this memo to their IT Teams.

I sure hope they send Marius some cash for the corporate use. The chain is one of these new-age places that yaps about "social responsibility" and sells $180 t-shirts.

Oh, yeah; Be prepared for the inevitable "how come my card doesn't work" questions.

/breaks out the pine tar for 'The Bat'

beakmyn · 07-24-2008

Quote:

Originally Posted by Thorn

A friend who knows my involvement with NS just sent this. He works for a chain store that just issued this memo to their IT Teams.

I sure hope they send Marius some cash for the corporate use. The chain is one of these new-age places that yaps about "social responsibility" and sells $180 t-shirts.

Oh, yeah; Be prepared for the inevitable "how come my card doesn't work" questions.

Actually, I was having issues with my F@nera+ and going back and forth with emails with F@n and I they suggested:

Quote:

Originally Posted by f@n support

6. You may use a tool like ‘Netstumbler’, to visualize the signal
strength. If you believe it to be weak and you are close to La
F@nera, please send a screenshot from this measurement to a Customer
Care representative.

To which I replied:

Quote:

Originally Posted by beakmyn

6. Please understand that Netstumbler will only report proper signal
levels for the Orinoco Classic card and only if using the Orinoco
driver. If you are using the NDIS, atheros, etc driver then the
signals levels as reported by Netstumbler are completely bogus. I am a
member of the Netstumbler software forums and well versed in this.

They didn't say anything back about that. So, basically the router would reboot if I tried to connect to it wirelessly or wired using my Sager, weird.

They also insisted that it had the current firmware. It didn't, this I'm sure of

and instead of sending me the firmware they opted to send me another one. The old one is no longer a F@n it's dd-wrt and it's working nicely. Now to re-create the script that changes the color of the LED from orange to green when the internets is running.

Barry · 07-24-2008

Quote:

Originally Posted by beakmyn

Actually, I was having issues with my F@nera+ and going back and forth with emails with F@n and I they suggested:

To which I replied:

They didn't say anything back about that. So, basically the router would reboot if I tried to connect to it wirelessly or wired using my Sager, weird.

They also insisted that it had the current firmware. It didn't, this I'm sure of

and instead of sending me the firmware they opted to send me another one. The old one is no longer a F@n it's dd-wrt and it's working nicely. Now to re-create the script that changes the color of the LED from orange to green when the internets is running.

Handy!

brwrdrvr · 07-24-2008

Quote:

Originally Posted by f@n support
6. You may use a tool like ‘Netstumbler’, to visualize the signal
strength. If you believe it to be weak and you are close to La
F@nera, please send a screenshot from this measurement to a Customer
Care representative.

HAHAH

The person that wrote that must have been one of the newbs that came in the forum, posted a question without reading/research, got flamed out and run off, and decided to write the script anyway.

07-22-2008	#3 (permalink)
streaker69 Psychic Amish Stumbler Join Date: Jul 2004 Location: Virginville, BlueBall, Bird In Hand, Intercourse, Paradise, PA Posts: 11,837	I'm just gonna be my normal self. __________________ "One of these days, I'm going to cut you to pieces." If you're offended by this post, please feel free to report it to one of the many helpful moderators of this forum. Thank you.

07-23-2008	#5 (permalink)
Thorn Did you do the math? Join Date: Apr 2002 Location: Villa Straylight Posts: 10,096	Yeah, since they aren't giving further instructions, my assumption is that the PCI team is going to review the xls files and see if there are any wireless networks and MACs on the list that aren't part of the various stores networks. Of course, they may have a whole pile of false positives when they first start doing these scans. __________________ Thorn "I'm The Doctor. I'm a Time Lord. I am from the planet Gallifrey in the constellation Kasterborous. I'm 903 years old and I am the man who is going to save your lives and all 6 billion people on the planet below... You got a problem with that?"

Thread Tools
Show Printable Version Email this Page
Display Modes
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode