User Guide Part 2
Wi-Fi Array
422 Appendix D: Implementing PCI DSS
Additional information regarding implementation of PCI DSS on the Wi-Fi Array
is described in the Xirrus White Paper, PCI Data Security Standard, available on
the Xirrus web site.
The pci-audit Command
The Array provides a CLI command, pci-audit, that checks whether the Array’s
configuration satisfies PCI DSS wireless requirements. This command does not
change any parameters, but will inform you of any violations that exist.
Furthermore, the command pci-audit enable will put the Array in PCI Mode and
monitor changes that you make to the Array’s configuration in CLI or the WMI.
PCI Mode will warn you (and issue a Syslog message) if the change violates PCI
DSS requirements. A warning is issued when a non-compliant change is first
applied to the Array, and also if you attempt to save a configuration that is non-
compliant. Use this command in conjunction with The Xirrus Array PCI
( )
( )
Check that external RADIUS servers have been
configured for use with 802.1x and WPA/WPA2
wireless security.
Ensure that Array Administration Accounts are
being validated by External RADIUS servers.
SSIDs, p. 235 and
Global Settings, p. 225
Admin RADIUS,
p. 216
( ) Ensure that each Xirrus Array is physically
inaccessible such that console ports and
management ports are not accessible.
Securing the Array,
p. 94
See Indoor Enclosure
( )
( )
Enable syslog messaging and define a syslog
server on the wired network to receive syslog
messages.
Enable NTP and define an NTP server (optional).
System Log, p. 197
Time Settings (NTP),
p. 194
( ) Enable the RF Monitor radio in the Xirrus Array.
Categorize known or approved devices as such.
Respond to any alert of unknown or unapproved
wireless devices discovered by the RF Monitor.
IAP Settings, p. 255
Rogue Control List,
p. 233
Intrusion Detection,
p. 148
3
Xirrus Wi-Fi Array Configuration for PCI DSS See...