Network Management

last person joined: 15 hours ago 

Keep an informative eye on your network with HPE Aruba Networking network management solutions
Back to discussions
Expand all | Collapse all

PCI Compliance Report and Wireless Guest Networks

This thread has been viewed 5 times

  • 1.  PCI Compliance Report and Wireless Guest Networks

    Posted Jan 18, 2018 06:06 AM

    Hello,

     

    One of my customers has been observing the failure of the "Daily PCI Compliance Report" in Airwave (ver. 8.2.5). The failure is on point 4.1.1.  Use strong encryption in wireless networks.

     

    When investigating further, I was able to discover that the failure was caused by wireless clients joining the Guest Wi-Fi which, of course, has no encryption at Layer 2.

     

    Several APs are reporting the following message for various clients in the compliance section: "Client: XX:XX:XX:XX:XX:XX not using strong encryption."

     

    My questions are:

     

    1. Is this normal? Shouldn't PCI compliance take into account that Guest networks use HTTPS encryption at Layer 3?

    2. Is it possible to run a report in Airwave only for non-guest wireless networks, so that it shows a pass instead of a fail?

     

    I can provide additional details upon request.

     

    Many thanks in advance,

     

    Giuseppe Damiano/



  • 2.  RE: PCI Compliance Report and Wireless Guest Networks

    EMPLOYEE
    Posted Jan 18, 2018 01:22 PM

    Under AMP Setup -> PCI Compliance -> 4.1.1 -> you can set toggle for 'ignore client sessions w/ specific role' = yes, and then input the role that the users get from that Guest SSID.  Hopefully the authentication is setup so that they get something that's easy to distinguish like 'guest-access-ok' instead of the universal 'authenticated' role.