PCI DSS Requirement 11


PCI DSS Requirement 11: Regularly test security systems and processes



> Baseline / Vulnerability Assessment – Required

> Maintain an inventory of authorised wireless access points

> Penetration testing MUST validate segmentation



Requirements Addressed



11.2 Run internal and external network vulnerability scans at least quarterly and after any significant change in the network (such as new system component installations, changes in network topology, firewall rule modifications, product upgrades).



11.4 Use network intrusion detection systems, host based intrusion detection systems, and intrusion prevention systems to monitor all network traffic and alert personnel to suspected compromises. Keep all intrusion detection and prevention engines up to date.
11.5 Protect critical system files

Deploy file-integrity monitoring software to alert personnel to unauthorised modification of critical system files, configuration files, or content files; and configure the software to perform critical file comparisons at least weekly.
 



Solution Features




> Scanning
 
- Continuously scanning computers that attempt to access your network, then quarantining or fixing any that do not comply with your security policy.
 
- Regularly runs PCI DSS vulnerability scans on the Email appliance to ensure system compliance.

 
> Host-based intrusion protection
 
Checks anti-virus is installed, working and up to date with the latest protection.

 
> Traffic Management / Load Balancing
 
- Facilitate security scanning, managing the traffic in such a way as to minimise the effect on the live systems.
 
- Can be used to segregate back-end clustered servers so that each can be tested in turn, while user traffic is directed to the remaining servers.
> File Integrity
 
- File-integrity control prevents unauthorised modification of critical system files and content files while ensuring only authorised processes can write to these files.

 
> Alerting
 
- Alerting the administrator of any unauthorised file modification of the Email and Web appliances.

 
> Wireless Security
 
- Requirement 11 contains several components related to Wireless Access and the need to inventory Wireless Access Points and detect Rogue Access Points.
 
- Extend you network visibility by monitoring wireless air space.





Contact us today to discuss your requirements in more detail.

P: +44(0)7714 209927

S: +44(0)1273 329753

info@securenetconsulting.co.uk