Aruba Instant & Cloud Wi-Fi

Reply
New Contributor
Posts: 4
Registered: ‎06-27-2014

SSID Failed PCI Compliance

2.1.1 Change vendor-supplied defaults for wireless environments. A device fails if the passphrases, SSIDs or other security-related settings are on a list of forbidden values. This list includes common manufacturer defaults.

 

Could it be the name or if the SSID contains "GUEST"?

Moderator
Posts: 681
Registered: ‎04-16-2009

Re: SSID Failed PCI Compliance

Can you provide more detail?

 

-What tool generated this audit?

-Does that tool offer a list of "forbidden values"?

-What version of InstantOS?

Guru Elite
Posts: 8,325
Registered: ‎09-08-2010

Re: SSID Failed PCI Compliance

Are you using a pre-shared key?

Sent from Surface Pro

Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
New Contributor
Posts: 4
Registered: ‎06-27-2014

Re: SSID Failed PCI Compliance

PCI Compliance Report from Aruba Central

 

Yes, using a pre-shared key on guest wireless/VLAN

 

Guru Elite
Posts: 8,325
Registered: ‎09-08-2010

Re: SSID Failed PCI Compliance

Is the PSK a well known word?

Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
New Contributor
Posts: 4
Registered: ‎06-27-2014

Re: SSID Failed PCI Compliance

probably but includes numbers/uppercase - should I change and run scan again?

Moderator
Posts: 681
Registered: ‎04-16-2009

Re: SSID Failed PCI Compliance

Did you change the admin password on the IAP?

New Contributor
Posts: 4
Registered: ‎06-27-2014

Re: SSID Failed PCI Compliance

[ Edited ]

Yes what is the CDE Subnets/SSIDs on the report? Maybe if I exclude Guest..

 

EDIT: Nope still failed

 Report.PNG

MVP
Posts: 707
Registered: ‎12-01-2010

Re: SSID Failed PCI Compliance

There isn't a list in the PCI-DSS of pre or pro-scribed settings, just this:

2.1.1
For wireless environments connected to the cardholder data
environment or transmitting cardholder data, change wireless
vendor defaults, including but not limited to default wireless encryption
keys, passwords, and SNMP community strings.

 I don't know what Aruba's tool checks for, so I can't really tell you what else to look at.

So better go back and check that you're on WPA2 and using a good key.

Also move to SNMP3 with good keys if you haven't already.

--Matthew

if I've helped, please give kudos
if I've provided a solution, please mark the solution so others can find it
Search Airheads
Showing results for 
Search instead for 
Did you mean: