Enabling Or Disabling Pci Auditing - Dell PowerConnect W-Airwave User Manual

Table 37 PCI Requirements and Support in AMP
Requirement Description
1.1
1.2.3
2.1
2.1.1
4.1.1
11.4

Enabling or Disabling PCI Auditing

Perform these steps to verify status and to enable or disable AMP support for PCI 1.2 requirements. enabling one
or all PCI standards on AMP enables real-time information and generated reports that advise on Pass or Fail
status. The PCI auditing supported in AMP is reported in
1. To determine what PCI Compliance standards are enabled or disabled on AMP, navigate to the AMP Setup
> PCI Compliance page, illustrated in
66 | Configuring AMP
Monitoring configuration standards for network firewall devices
When Enabled: PCI Requirement 1.1 establishes firewall and router configuration standards.
A device fails Requirement 1.1 if there are mismatches between the desired configuration and the
configuration on the device.
When Disabled: firewall router and device configurations are not checked for PCI compliance, and
Pass or Fail status is not reported or monitored.
Monitoring firewall installation between any wireless networks and the cardholder data environment
When Enabled: A device passes requirement 1.2.3 if it can function as a stateful firewall.
When Disabled: firewall router and device installation are not checked for PCI compliance.
Monitoring the presence of vendor-supplied default security settings
When Enabled: PCI Requirement 2 establishes the standard in which all vendor-supplied default
passwords are changed prior to a device's presence and operation in the network.
A device fails requirement 2.1 if the username, passwords or SNMP credentials being used by AMP to
communicate with the device are on a list of forbidden default credentials. The list includes common
vendor default passwords, for example.
When Disabled: device passwords and other vendor default settings are not checked for PCI
compliance.
Changing vendor-supplied defaults for wireless environments
When Enabled: A device fails requirement 2.1.1 if the passphrases, SSIDs, or other security-related
settings are on a list of forbidden values that AMP establishes and tracks. The list includes common
vendor default passwords. The user can input new values to achieve compliance.
When Disabled: network devices are not checked for forbidden information and PCI Compliance is not
established.
Using strong encryption in wireless networks
When Enabled: PCI Requirement 4 establishes the standard by which payment cardholder data is
encrypted prior to transmission across open public networks. PCI disallows WEP encryption as an
approved encryption method after June 20, 2010. A device fails requirement 4.1.1 if the desired or actual
configuration reflect that WEP is enabled on the network, or if associated users can connect with WEP.
When Disabled: AMP cannot establish a pass or fail status with regard to PCI encryption requirements
on the network.
Using intrusion-detection or intrusion-prevention systems to monitor all traffic
When Enabled: AMP reports pass or fail status when monitoring devices capable of reporting IDS
events. Recent IDS events are summarized in the PCI Compliance report or the IDS Report.
When Disabled: AMP does not monitor the presence of PCI-compliant intrusion detection or prevention
systems, nor can it report Pass or Fail status with regard to IDS events.
Table 37.
Figure 35.
Dell PowerConnect W-AirWave | Version 7.3