Home    About Us   How to Buy  

              OVERVIEW CORP. ENTERPRISE Healthcare Government Retail Financial Compliance Center


Retail Industry Solutions

PCI DSS 1.2 Wireless Requirements
Scope Section Requirement
11.1 Identify rogue
and unauthorized
wireless devices

Motorola AirDefense wireless IPS provides

  • Accurate classification of rogues from neighboring wireless devices
  • Detection capabilities across segmented and firewalled networks
  • Vendor agnostic detection of WLAN devices
  • Location tracking of devices on a map
  • Minute-by-minute granular forensic information for any device
  • Scalability to thousands of distributed locations
  • Dual-radio Motorola APs for 24x7 monitoring and full-time AP function
12.9 Responding to
unauthorized
wireless

Motorola AirDefense wireless IPS provides

  • 24x7 wireless monitoring
  • Automatic rogue termination using wireless and wired techniques
  • Flexible reporting and alerting options with integration capabilities into various Security Information Management (SIM) systems
  • Ability to automatically create ACLs for suspicious devices
1.2.3 Firewall wireless
from card holder
network
  • Motorola wireless switches supports stateful Layer 2 and rolebased firewalls.
    Base the security policy on user, group, location, encryption strength, etc.
  • Follow a user as they move across different APs and switches
  • Provide a stateful firewall at Layer 2, without having to create Layer 3 subnets
  • Allow established sessions to continue uninterrupted after mobile unit roams between AP & switch
  • Handle Layer 2 attacks, including ARP cache poisoning and ARP spoofing, DHCP rogue server attacks, DHCP starvation, broadcast storms, incomplete fragment attack checks, suspicious activity checks,   several DoS attacks, etc.
  • Lock down the protocols a POS device can access; role based firewall allows separate firewall policies for laptops and POS equipment even if they are on the same WLAN
  • Block POS devices that are compromised and attempt non-standard
  • Verify configuration of perimeter firewalls installed between any wireless networks and systems that store cardholder data
2.1.1 Changing default
wireless settings

Motorola WLAN infrastructure is centrally managed and monitored to prevent
default backdoors

  • Centrally configured and managed APs
  • 24x7 monitoring and alerting of misconfigured devices based on actual over the air analysis
4.1.1 Encryption in
wireless networks

Motorola’s WLAN infrastructure is fully compatible with IEEE 802.11i and supports

  • WPA-TKIP
  • WPA2-CCMP (AES)
  • WPA2 TKIP
  • 802.1X EAP-TLS and EAP-TTLS
  • Protected EAP (PEAP)
  • Kerberos
  • Integrated AAA/RADIUS Server

Motorola provides legacy encryption protection solutions providing a secure
and compliant upgrade path for legacy WEP networks

  • KeyGuard – Per packet WEP key rotation for devices that cannot be upgraded to WPA
  • WEP CloakingTM – WEP key protection for legacy networks without requiring hardware or software upgrades to the infrastructure
  • VPN capabilities on mobile devices for enc
9.1.3 Physically secure
wireless devices

Motorola’s wireless LAN APs and mobile clients support multiple features to
mitigate risks due to physical access

  • APs with wall, ceiling and above-ceiling tile mounting options
  • Thin APs with no local sensitive data storage
  • Tamper resistant and tamper evident enclosures
  • Mobile units with encrypted passwords
10.5.4 Audit logging of
wireless activity

Motorola AirDefense wireless IPS has the most detailed wireless forensic
database available in the industry

  • Over 300 wireless statistics per device per minute logged
  • Ability to log wireless data for months
  • Instant analysis using the forensic wizard
  • Digitally signed and fully customizable reports
11.4 Intrusion
prevention (IPS) for
wireless traffic

Motorola AirDefense wireless IPS utilizes its 24x7, real-time monitoring of 802.11a/b/g networks for the most accurate intrusion detection of known and unknown attacks.

  • 200+ attacks and policy violations detected
  • Rogue device containment
  • Stateful monitoring of all WLAN activity based on attack signatures, protocol analysis, statistical anomaly and policy violations
  • Reconnaissance detection (e.g. NetStumbler, Wellenreiter, etc.)
  • Identity theft detection
  • Multiple forms of Denial-of-Service (DoS) attacks detected
  • Session hijacking or Man-in-the-Middle (MITM) attack detection
  • EAP attacks
  • Anomalous behavior alarms
  • Wireless termination of unauthorized connections
  • Wired side port suppression and access control lists
12.3 Usage policies and
procedures for
wireless

Motorola AirDefense Wireless IPS can be used to define and enforce wireless
policies

  • Encryption and Authentication policies
  • Approved data rates, operating channels, traffic thresholds and usage times
  • WLAN device and roaming policies
  • Vendor policies
  • Ability to automatically notify policy violations
  • Ability to terminate wireless connections based on policies

Motorola wireless switches support Network Access Control (NAC)

  • User and client authorization check for resources without a NAC agent.
  • Blocking or quarantining non-compliant devices from connecting to a WLAN
  • 802.1x based pre-admission control

 
www.motorola.com    Careers    Contact Motorola   Investors   Media Center   Privacy   Terms of Use    RSS
© Copyright 1994 - 2010 Motorola, Inc. All rights reserved