Forum

WEP

1 posts by 1 authors in: Forums > CWSP - Enterprise Wi-Fi Security
Last Post: April 5, 2010:

By wifikiwi April 5, 2010

Reply

Actually we have had this discussion several times internally about what PCI requires. Our PCI auditors say its all about where the cardholder data goes. PCI doesn't require you to specifically lock down a certain segment unless it is accessible to get at cardholder data. So for example, I had a customer who was fully aware of the WEP vulnerabilities and PCI requirements. They were retail and is would cost them millions to upgrade their WEP based weighing machines that they used, simply not feasible. Their solution? Setup their WLAN and devices using the WLAN behind a separate firewall segmented away from all cardholder transactions. This met PCI as the had _no_ wireless on their cardholder data network. It also saved them a bunch of money they couldn't afford to spend.
To answer the OP's question, I still see a lot of WEP out there. Its slowly going away and its mostly in distribution and retail where the cost of upgrading handhelds used for stock control holds them back. I hardly see it in carpeted space anymore.

Page 1 of 1

1

Success Stories

I literally just came out of the testing centre having taken the CWDP exam. The certification process opened my mind to different techniques and solutions. This knowledge can only broaden your perspective. Great job, CWNP, you have a great thing going on here.
-Darren

Working through the CWNP coursework and certifications helped not only to deepen my technical knowledge and understanding, but also it boosted my confidence. The hard work it took to earn my CWNE has been rewarding in so many ways.
-Ben

I want to commend you and all at CWNP for having a great organization. You really 'raise the bar' on knowing Wi-Fi well. I have learned a ton of information that is helping my job experience and personal career goals, because of my CWAP/CWDP/CWSP studies. Kudos to all at CWNP.
-Glenn