Comments on: Nothing New In “New” PCI Wireless Guidelines http://storefrontbacktalk.com/securityfraud/nothing-new-in-new-pci-wireless-guidelines/ Techniques, Tools and Tirades about Retail Technology and E-Commerce Sun, 20 May 2012 01:49:40 +0000 hourly 1 http://wordpress.org/?v=3.2.1 By: Samir Palnitkar http://storefrontbacktalk.com/securityfraud/nothing-new-in-new-pci-wireless-guidelines/comment-page-1/#comment-62947 Samir Palnitkar Fri, 31 Jul 2009 13:08:18 +0000 http://www.storefrontbacktalk.com/?p=3376#comment-62947 As I mentioned in my earlier comment, the PCI wireless guidelines are fairly precise in what they recommend. They identify the types of cardholder data environments (CDEs) and precisely define how wireless security requirements apply to them. Therefore, I do not believe that they are meaningless. I see them as an attempt to clarify the PCI DSS in an area that was previously ambiguous. As I mentioned in my earlier comment, the PCI wireless guidelines are fairly precise in what they recommend. They identify the types of cardholder data environments (CDEs) and precisely define how wireless security requirements apply to them. Therefore, I do not believe that they are meaningless. I see them as an attempt to clarify the PCI DSS in an area that was previously ambiguous.

]]> By: Cranston Snoard http://storefrontbacktalk.com/securityfraud/nothing-new-in-new-pci-wireless-guidelines/comment-page-1/#comment-62940 Cranston Snoard Wed, 29 Jul 2009 22:44:10 +0000 http://www.storefrontbacktalk.com/?p=3376#comment-62940 The real question then is if PCI's guidelines on wireless security are nothing new, why did they bother to produce them? It's not as if reasonable guidelines aren;t already available. Or is this just an attempt at security theater - appear to be doing something even if it is meaningless... The real question then is if PCI’s guidelines on wireless security are nothing new, why did they bother to produce them? It’s not as if reasonable guidelines aren;t already available.

Or is this just an attempt at security theater – appear to be doing something even if it is meaningless…

]]> By: Samir Palnitkar http://storefrontbacktalk.com/securityfraud/nothing-new-in-new-pci-wireless-guidelines/comment-page-1/#comment-62934 Samir Palnitkar Thu, 23 Jul 2009 14:44:31 +0000 http://www.storefrontbacktalk.com/?p=3376#comment-62934 I agree with Fred that wireless security is a hard problem. Additionally, retail environments are not the best to implement wireless security practices. However, I disagree that there is nothing new in the PCI wireless guidelines. In fact, this the first time, wireless security guidelines have been described so unambiguously. This clarity was desperately need to help retail organizations really do something about the wireless security problem. Additionally, the ad-hoc walkaround wireless audits of sites via random sampling was simply an eyewash and not aimed at true security. Use of a wireless IPS is the only effective way achieve both security and compliance with wireless guidelines. I agree with Fred that wireless security is a hard problem. Additionally, retail environments are not the best to implement wireless security practices.

However, I disagree that there is nothing new in the PCI wireless guidelines. In fact, this the first time, wireless security guidelines have been described so unambiguously. This clarity was desperately need to help retail organizations really do something about the wireless security problem.

Additionally, the ad-hoc walkaround wireless audits of sites via random sampling was simply an eyewash and not aimed at true security. Use of a wireless IPS is the only effective way achieve both security and compliance with wireless guidelines.

]]>