Cracking down on wireless credit card security

Wireless in the Enterprise This newsletter is sponsored by EMC Get Your Infrastructure Under Control Accurately manage change impact and enrich your configuration management database. EMC Smarts ADM software discovers and creates a real-time, interactive model of a business' overall application environment. Discover the steps required to automate the management of IT environments to effectively respond to changing business demands. Click here to download this whitepaper today! Network World's Wireless in the Enterprise Newsletter, 05/14/07 Cracking down on wireless credit card security By Joanie Wexler Recent reports of massive credit card theft from retailers that haven’t adequately secured their Wi-Fi networks are unsettling, to say the least. Organized gang members have been grabbing customer card data out of the air, where it has been unconscionably unencrypted, en route to a banking processing company for authorization. Other breaches are thought to have occurred when hackers tapped into Wi-Fi data streams generated by weakly encrypted wireless barcode scanners, broke the encryption code, and eavesdropped on user sessions to steal their network access credentials. Barcode devices are perhaps most prone to the exclusive use of Wired Equivalent Privacy, or WEP, the older and easily crackable Wi-Fi encryption scheme. Many handheld barcode scanners don’t yet support stronger Wi-Fi Protected Access (WPA) and WPA2 forms of encryption, often because of the older devices’ limited memory and CPU power. Make the most of your Mobile Gear Download our Free Executive Guide and learn how Network IT professionals are getting the most out of their mobile devices and improving mobile security. You'll also get the scoop on upcoming mobile tools and technologies and how they may impact your enterprise. Click Here to download today! To protect against an outsider piggybacking on the barcode connection, regularly scan your airwaves for intruders. The Payment Card Industry Data Security Standard (PCI DSS) v.1.1, in effect since January 2007, requires internal and external vulnerability scans at least quarterly and every time a network topology or configuration change is made. Quarterly scans seem pretty minimal, actually. Who’s to know if the breach is occurring (and the threat is identifiable) on the day and time the scan is done? Wireless intrusion detection and protection systems (IDS/IPS), on the other hand, scan the airwaves continually in search of unauthorized devices compromising the network. PCI DSS v.1.1 also requires strong encryption of any wireless links (Wi-Fi or cellular) carrying credit card data. It specifies the use of WPA, WPA2, Layer 3 IPSec or Layer 7 Secure Sockets Layer/Transport Layer Security (SSL/TLS). Specifically, PCI DSS v.1.1 Requirement 4 mandates to “never rely exclusively on WEP to protect confidentiality and access to a wireless LAN.” It remains to be seen just how the payment card industry will batten down the hatches and enforce compliance to these and other wireless DSSs other than by levying fines after a breach, when damage has already been done. For the full set of PCI DSS specs, click here.   What do you think? Post a comment on this newsletter

TODAY'S MOST-READ STORIES: 1. Top 15 controversial Microsoft quotes 2. Microsoft cuts key Longhorn virtualization features 3. Analysts squash IBM layoff rumors 4. 7 green products that can save you dough 5. 5 cool future IT positions 6. 10 ways to boost your IT org now 7. Is organized crime moving into cybersphere? 8. IPv4: No way to slow down 9. With Yahoo deal off, what next for Microsoft? 10. IMS networks face security challenges MOST DOWNLOADED PODCAST: 5 Cool iPod Tricks and Tips

Contact the author: Joanie Wexler is an independent networking technology writer/editor in California's Silicon Valley who has spent most of her career analyzing trends and news in the computer networking industry. She welcomes your comments on the articles published in this newsletter, as well as your ideas for future article topics. Reach her at joanie@jwexler.com. This newsletter is sponsored by EMC Get Your Infrastructure Under Control Accurately manage change impact and enrich your configuration management database. EMC Smarts ADM software discovers and creates a real-time, interactive model of a business' overall application environment. Discover the steps required to automate the management of IT environments to effectively respond to changing business demands. Click here to download this whitepaper today! ARCHIVE Archive of the Wireless in the Enterprise Newsletter. BONUS FEATURE IT PRODUCT RESEARCH AT YOUR FINGERTIPS Get detailed information on thousands of products, conduct side-by-side comparisons and read product test and review results with Network World’s IT Buyer’s Guides. Find the best solution faster than ever with over 100 distinct categories across the security, storage, management, wireless, infrastructure and convergence markets. Click here for details. PRINT SUBSCRIPTIONS AVAILABLE You've got the technology snapshot of your choice delivered to your inbox each day. Extend your knowledge with a print subscription to the Network World newsweekly, Apply here today. International subscribers, click here. SUBSCRIPTION SERVICES To subscribe or unsubscribe to any Network World newsletter, change your e-mail address or contact us, click here. This message was sent to: networking.world@gmail.com. Please use this address when modifying your subscription. Advertising information: Write to Associate Publisher Online Susan Cardoza Network World, Inc., 118 Turnpike Road, Southborough, MA 01772 Copyright Network World, Inc., 2007