Chain store use of NS

Questions and configuration information about the NetStumbler software

Chain store use of NS

Postby Thorn » Tue Jul 22, 2008 6:55 pm

A friend who knows my involvement with NS just sent this. He works for a chain store that just issued this memo to their IT Teams.

[Company Name Removed]
Information Technology Team
Northern California Region

Payment Card Industry Data Security Standard

Requirement 11.1B - Use a wireless analyzer at least quarterly to identify all wireless devices in use.

The Network Asset PCI asset team recommends the Network Stumbler application as a wireless network analyzer, which is available for download from the NetStumbler download site. This document provides instructions on how to use Network Stumbler.

Network Stumbler needs to be installed on a laptop computer with wireless network capability as it uses the system’s wireless network interface to scan for wireless access points. The wireless interface radio needs to be enabled before running the application.

All locations in Northern California must be scanned at least once a quarter. All scan results will be stored here: [redacted]


Start Network Stumbler and follow these steps:

1. Click Device in the top menu bar and select the wireless interface card to use for scanning.
2. Select File > Enable Scan.
3. The application will begin to populate the user interface with all wireless access points detected in range.


When the list of detected access points is complete, a report can be exported with the following steps:

1. Click File > Export > Summary. This will bring up a Save File dialog box.
2. Enter a filename including the location code and date stamp and give it an .xls file extension.
3. Save** the file; it will be viewable in Microsoft Excel.
4. Email the scan file to [redacted]

**When saving the scan report, please use this naming convention:
11.1b-Store Abbreviation–FYnumberQnumber.xls
I sure hope they send Marius some cash for the corporate use. The chain is one of these new-age places that yaps about "social responsibility" and sells $180 t-shirts.

Oh, yeah; Be prepared for the inevitable "how come my card doesn't work" questions. :rolleyes:
Thorn
Stop the TSA now! Boycott the airlines.
Thorn
 
Posts: 10340
Joined: Sat Apr 13, 2002 3:00 am
Location: Villa Straylight

Postby brwrdrvr » Tue Jul 22, 2008 7:45 pm

Thorn wrote:A friend who knows my involvement with NS just sent this. He works for a chain store that just issued this memo to their IT Teams.

I sure hope they send Marius some cash for the corporate use. The chain is one of these new-age places that yaps about "social responsibility" and sells $180 t-shirts.

Oh, yeah; Be prepared for the inevitable "how come my card doesn't work" questions. :rolleyes:


These were the first things to come to mind as I read this. I need to make sure the gaskets on the flame thrower are up to snuff and with no leaks. I need to also go to the store and stock up on popcorn and caffeine drinks/coffee. :D
Real Linux users write the zeros and ones directly to the hard drive using a refrigerator magnet. ~ bobfunland
User avatar
brwrdrvr
 
Posts: 3381
Joined: Fri Feb 18, 2005 9:26 pm
Location: Capitol City, Louisiana

Postby streaker69 » Tue Jul 22, 2008 8:22 pm

I'm just gonna be my normal self.
Treat your gun like your genitals, only whip it out when it's absolutely necessary.
User avatar
streaker69
 
Posts: 11867
Joined: Thu Jul 08, 2004 10:09 am
Location: Virginville, BlueBall, Bird In Hand, Intercourse, Paradise, PA

Postby beakmyn » Wed Jul 23, 2008 4:11 am

faq wrote:To*comply*with*PCI*DSS*11.1,*can*I*use*a*wired*network*scanning*tool*instead*of*a*wireless*
analyzer?*
No. To comply with 11.1, a company must mitigate the risk of unauthorized or rogue wireless
devices. This is most often achieved by the use of a wireless analyzer. Scanning the wired network
for wireless devices may identify some unauthorized wireless devices but may not identify other
important wireless attack vectors. The first omission of wired network scanning is that it may miss
cleverly hidden and disguised rogue wireless devices that are connected to isolated network segments.
Another omission of wired scanning is that it cannot detect rogue wireless clients. A rogue wireless
client is any device that has a wireless interface that is not intended to be present in the environment.
Although insufficient on their own, wired analysis tools can be very valuable when used in
conjunction with wireless analyzers to improve the quality of the scan results.


Oh here's why they're doing it. It's right there in the FAQ

http://www.aegenis.com/whitepaper/PCI%20DSS%20Wireless%20Security%20FAQ.pdf wrote:To*comply*with*PCI*DSS*11.1,*may*I*have*technical*staff*members*physically*walk*through*each*of*
my*sites*with*a*wireless*analyzer*instead*of*automating*the*process?*
Yes. Although this method is technically possible it is often times operationally tedious, error prone,
and costly. Companies can use freely available tools such as NetStumbler or Kismet as wireless
analyzers. Using one of these tools, a technician or auditor can physically visit each site and obtain a
list of the wireless devices nearby. The technician is then required to manually investigate each
device to determine if it allows access to CDE.
beakmyn
 
Posts: 4858
Joined: Sun Aug 03, 2003 1:53 pm

Postby Thorn » Wed Jul 23, 2008 6:37 am

Yeah, since they aren't giving further instructions, my assumption is that the PCI team is going to review the xls files and see if there are any wireless networks and MACs on the list that aren't part of the various stores networks.

Of course, they may have a whole pile of false positives when they first start doing these scans.
Thorn
Stop the TSA now! Boycott the airlines.
Thorn
 
Posts: 10340
Joined: Sat Apr 13, 2002 3:00 am
Location: Villa Straylight

Postby streaker69 » Wed Jul 23, 2008 6:57 am

Thorn wrote:Yeah, since they aren't giving further instructions, my assumption is that the PCI team is going to review the xls files and see if there are any wireless networks and MACs on the list that aren't part of the various stores networks.

Of course, they may have a whole pile of false positives when they first start doing these scans.


Hmm, wasn't there something announced a while ago at Shmoo that would generate thousands of fake AP's?
Treat your gun like your genitals, only whip it out when it's absolutely necessary.
User avatar
streaker69
 
Posts: 11867
Joined: Thu Jul 08, 2004 10:09 am
Location: Virginville, BlueBall, Bird In Hand, Intercourse, Paradise, PA

Postby Barry » Wed Jul 23, 2008 7:07 am

streaker69 wrote:Hmm, wasn't there something announced a while ago at Shmoo that would generate thousands of fake AP's?


I believe there was. Pretty sure it's in backtrack as well. ;)
Never do anything you don't want to explain to the paramedics.
User avatar
Barry
 
Posts: 5713
Joined: Sat Dec 28, 2002 11:10 pm
Location: Ohio

Postby G8tK33per » Thu Jul 24, 2008 4:24 am

Thorn wrote:A friend who knows my involvement with NS just sent this. He works for a chain store that just issued this memo to their IT Teams.

I sure hope they send Marius some cash for the corporate use. The chain is one of these new-age places that yaps about "social responsibility" and sells $180 t-shirts.

Oh, yeah; Be prepared for the inevitable "how come my card doesn't work" questions. :rolleyes:

/breaks out the pine tar for 'The Bat'
"Make yourselves sheep and the wolves will eat you." ~ Benjamin Franklin

Sons of Confederate Veterans
User avatar
G8tK33per
 
Posts: 6078
Joined: Fri May 09, 2003 4:00 am
Location: Goomba's Booty Boardwalk

Postby beakmyn » Thu Jul 24, 2008 11:25 am

Thorn wrote:A friend who knows my involvement with NS just sent this. He works for a chain store that just issued this memo to their IT Teams.

I sure hope they send Marius some cash for the corporate use. The chain is one of these new-age places that yaps about "social responsibility" and sells $180 t-shirts.

Oh, yeah; Be prepared for the inevitable "how come my card doesn't work" questions. :rolleyes:



Actually, I was having issues with my F@nera+ and going back and forth with emails with F@n and I they suggested:

f@n support wrote:6. You may use a tool like ‘Netstumbler’, to visualize the signal
strength. If you believe it to be weak and you are close to La
F@nera, please send a screenshot from this measurement to a Customer
Care representative.


To which I replied:
beakmyn wrote:6. Please understand that Netstumbler will only report proper signal
levels for the Orinoco Classic card and only if using the Orinoco
driver. If you are using the NDIS, atheros, etc driver then the
signals levels as reported by Netstumbler are completely bogus. I am a
member of the Netstumbler software forums and well versed in this.


They didn't say anything back about that. So, basically the router would reboot if I tried to connect to it wirelessly or wired using my Sager, weird.

They also insisted that it had the current firmware. It didn't, this I'm sure of ;) and instead of sending me the firmware they opted to send me another one. The old one is no longer a F@n it's dd-wrt and it's working nicely. Now to re-create the script that changes the color of the LED from orange to green when the internets is running.
beakmyn
 
Posts: 4858
Joined: Sun Aug 03, 2003 1:53 pm

Postby Barry » Thu Jul 24, 2008 1:55 pm

beakmyn wrote:Actually, I was having issues with my F@nera+ and going back and forth with emails with F@n and I they suggested:



To which I replied:


They didn't say anything back about that. So, basically the router would reboot if I tried to connect to it wirelessly or wired using my Sager, weird.

They also insisted that it had the current firmware. It didn't, this I'm sure of ;) and instead of sending me the firmware they opted to send me another one. The old one is no longer a F@n it's dd-wrt and it's working nicely. Now to re-create the script that changes the color of the LED from orange to green when the internets is running.


Handy!
Never do anything you don't want to explain to the paramedics.
User avatar
Barry
 
Posts: 5713
Joined: Sat Dec 28, 2002 11:10 pm
Location: Ohio

Postby brwrdrvr » Thu Jul 24, 2008 4:51 pm

Originally Posted by f@n support
6. You may use a tool like ‘Netstumbler’, to visualize the signal
strength. If you believe it to be weak and you are close to La
F@nera, please send a screenshot from this measurement to a Customer
Care representative.


HAHAH

The person that wrote that must have been one of the newbs that came in the forum, posted a question without reading/research, got flamed out and run off, and decided to write the script anyway.
Real Linux users write the zeros and ones directly to the hard drive using a refrigerator magnet. ~ bobfunland
User avatar
brwrdrvr
 
Posts: 3381
Joined: Fri Feb 18, 2005 9:26 pm
Location: Capitol City, Louisiana


Return to NetStumbler

Who is online

Users browsing this forum: No registered users and 7 guests

cron