Applies to Product: | USM Appliance™ | LevelBlue OSSIM® |
Testing Procedure |
How USM Appliance Delivers |
USM Appliance Instructions |
USM Appliance Documentation |
---|---|---|---|
4.1.a Identify all locations where cardholder data is transmitted or received over open, public networks. Examine documented standards and compare to system configurations to verify the use of security protocols and strong cryptography for all locations. |
AlienVault NIDS is capable of detecting PAN in NIDS traffic in plaintext, and alerts on it. |
Existing correlation directives will generate alarms on credit card information detected in clear text. |
|
To verify that credit card data is not being stored in plain text, create a Security Events View with the search on Event Name containing "Credit Card". And then export the view as report module and run the report. |
|||
4.1.c Select and observe a sample of inbound and outbound transmissions as they occur (for example, by observing system processes or network traffic) to verify that all cardholder data is encrypted with strong cryptography during transit. |
AlienVault NIDS is capable of detecting PAN in NIDS traffic in plaintext, and alerts on it. |
Existing correlation directives will generate alarms on credit card information detected in clear text. |
|
To verify that credit card data is not being stored in plain text, create a Security Events View with the search on Event Name containing "Credit Card". And then export the view as report module and run the report. |
|||
4.1.e Examine system configurations to verify that the protocol is implemented to use only secure configurations and does not support insecure versions or configurations. |
USM Appliance can test for the use of insecure versions of SSL and TLS. NIDS data and Vulnerability Scan data combined can assist with this. |
Create a custom scan profile, and in the "Autoenable plugins option", select the "Autoenable by family" option. Then enable the following checks in the scanning profile for the target host:
|
|
Run a Vulnerability Scan using the custom scan profile that was created. |
|||
Export successful scan results and identify findings to determine if system is configured correctly. |
|||
4.1.f Examine system configurations to verify that the proper encryption strength is implemented for the encryption methodology in use. (Check vendor recommendations/best practices.) |
The Vulnerability Scan in USM Appliance and AlienVault NIDS can test for the use of insecure versions of SSL and TLS. |
Create a custom scan profile, and in the "Autoenable plugins option", select the "Autoenable by family" option. Then enable the following checks in the scanning profile for the target host:
|
|
Run a Vulnerability Scan using the custom scan profile that was created. |
|||
Export successful scan results and identify findings to determine if system is configured correctly. |
|||
4.2.a If end-user messaging technologies are used to send cardholder data, observe processes for sending PAN and examine a sample of outbound transmissions as they occur to verify that PAN is rendered unreadable or secured with strong cryptography whenever it is sent via end-user messaging technologies. |
AlienVault NIDS is capable of detecting PAN in NIDS traffic in plaintext, and alerts on it. |
Existing correlation directives will generate alarms on credit card information detected in clear text. |
|
To verify that credit card data is not being stored in plain text, create a Security Events View with the search on Event Name containing "Credit Card". And then export the view as report module and run the report. |