Chapter 7 – PCI DSS Compliance

 

Viewing the results of rogue AP scanning

Go to Monitor > Rogue AP Monitor to view information about detected rogue wireless access points.

 

Logging the results of rogue AP scanning

To ensure that detection of rogue access points is logged, go to Log & Report > Log Settings, enable Event

Logging and select WiFi activity event.

Securing a CDE network wireless access point

If your wireless network is within PCI DSS scope, it must meet the following requirements:

  • Default settings such as SSID and passphrases must be changed.
  • Use WPA/WPA2 security.
  • Log wireless activity.

 

Setting wireless security

On FortiGate units, go to WiFi & Switch Controller > SSID to configure wireless security settings for either a new or existing virtual access point.

The default SSID for the FortiAP is “fortinet”. You must change this.

The Security Mode must be set to one of the WPA2 modes. Both WPA or WPA2 clients can be served. In the CLI, you can optionally select exclusively WPA or WPA2 operation.

WPA/WPA2-Enterprise Authentication uses separate logon credentials for each user. Either FortiGate user group security or an external RADIUS server performs the authentication. Optionally, certificate-based security can also be applied. WPA/WPA2-Personal authentication requires a single pre-shared key that is used by all clients and is thus less secure.

For detailed information about wireless access points, see the Deploying Wireless Networks chapter of the FortiOS Handbook.

 

This entry was posted in FortiOS 5.4 Handbook on by .

About Mike

Michael Pruett, CISSP has a wide range of cyber-security and network engineering expertise. The plethora of vendors that resell hardware but have zero engineering knowledge resulting in the wrong hardware or configuration being deployed is a major pet peeve of Michael's. This site was started in an effort to spread information while providing the option of quality consulting services at a much lower price than Fortinet Professional Services. Owns PacketLlama.Com (Fortinet Hardware Sales) and Office Of The CISO, LLC (Cybersecurity consulting firm).

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.