Pci Auditing - Dell PowerConnect W-AirWave 7.6 User Manual

PCI Auditing

PCI Auditing in AirWave allows you to monitor, audit, and demonstrate PCI compliance on the network. There are
five primary pages in which you establish, monitor, and access PCI auditing, as follows:
The AMP Setup > PCI Compliance page enables or disables PCI Compliance monitoring on the network, and
l
displays the current compliance status on the network. See
The Reports > Definitions page allows you to create custom-configured and custom-scheduled PCI Compliance
l
reports. See "Reports > Definitions Page Overview" on page
The Reports > Generated page lists PCI Compliance reports currently available, and allows you to generate the
l
latest daily version of the PCI Compliance Report with a single select. Refer to
Overview" on page
The APs/Devices > PCI Compliance page enables you to analyze PCI Compliance for any specific device on the
l
network. This page is accessible when you select a specific device from the APs/Devices > Monitor page. First,
you must enable this function through AMP Setup. See
The PCI Compliance Report offers additional information. Refer to
l
page 252. This report not only contains Pass or Fail status for each PCI requirement, but cites the action
required to resolve a Fail status when sufficient information is available.
NOTE: When any PCI requirement is enabled on AirWave, then AirWave grades the network as pass or fail for the respective PCI
requirement. Whenever a PCI requirement is not enabled in AirWave, then AirWave does not monitor the network's status in relation
to that requirement, and cannot designate Pass or Fail network status. AirWave users without RAPIDS visibility enabled will not see
the 11.1 PCI requirements in the PCI Compliance Report.
Table 37:
PCI Requirements and Support in AirWave
Requirement
1.1
1.2.3
2.1
2.1.1
Dell PowerConnect W-AirWave 7.6 | User Guide
237.
Description
Monitoring configuration standards for network firewall devices
When Enabled: PCI Requirement 1.1 establishes firewall and router configuration standards.
A device fails Requirement 1.1 if there are mismatches between the desired configuration and the
configuration on the device.
When Disabled: firewall router and device configurations are not checked for PCI compliance, and
Pass or Fail status is not reported or monitored.
Monitoring firewall installation between any wireless networks and the cardholder data
environment
When Enabled: A device passes requirement 1.2.3 if it can function as a stateful firewall.
When Disabled: firewall router and device installation are not checked for PCI compliance.
Monitoring the presence of vendor-supplied default security settings
When Enabled: PCI Requirement 2 establishes the standard in which all vendor-supplied default
passwords are changed prior to a device's presence and operation in the network.
A device fails requirement 2.1 if the username, passwords or SNMP credentials being used by
AirWave to communicate with the device are on a list of forbidden default credentials. The list
includes common vendor default passwords, for example.
When Disabled: device passwords and other vendor default settings are not checked for PCI
compliance.
Changing vendor-supplied defaults for wireless environments
When Enabled: A device fails requirement 2.1.1 if the passphrases, SSIDs, or other security-related
settings are on a list of forbidden values that AirWave establishes and tracks. The list includes
common vendor default passwords. The user can input new values to achieve compliance.
When Disabled: network devices are not checked for forbidden information and PCI Compliance is
not established.
"Enabling or Disabling PCI Auditing" on page
235.
"Reports > Generated Page
"Enabling or Disabling PCI Auditing" on page
"Using the PCI Compliance Report" on
56.
56.
Configuring AirWave | 55