Asset Inventories


How do you know what you need to apply your PCI DSS controls to? Simple, you check your asset inventory. You do have one, right? You know, PCI DSS requirement 2.4? Oh. You haven’t got one, have you.

Never fear, creating one is relatively simple providing you know your scope. Creating the asset inventory is really just a case of listing all the components that are in-scope for you. What should you include though?

Well, all system components so that’s things like network devices, firewalls, servers, desktops, laptops, wireless access points (important enough they get their own requirement, 11.1.1) and POI machines. You should also include at least key software that is used within your environment (think operating systems, payment applications, server software etc.)

You also need to include enough information to satisfy PCI DSS so for each item that is:

  • Enough information to uniquely identify the component (host…

View original post 263 more words

PenTest Edition: Cracking WEP, WPS, WPA, and WPA2 Wi-Fi Networks with the “Fern Wi-Fi Cracker” Tool

The Cybersecurity Man

Here’s a fun assessment you can perform on your home network. I’m running Kali Linux 2018.1 in a virtual machine using VMware Workstation Player. My wireless network adapter is an Alfa AWUS036NHA with a 9dBi omni-directional antenna. Penetration testers may use the Fern Wi-Fi cracker as a security auditing tool to test the security of an organization’s wireless network.


The information provided on the cybersecurityman is for educational purposes only. I am in no way responsible for any misuse of the information provided. All the information here is meant to provide the reader with the knowledge to defend against hackers and prevent the attacks discussed here. At no time should any reader attempt to use this information for illegal purposes.

The “Fern Wi-Fi Cracker” tool, from hereon abbreviated as “FWC,” is a security auditing and attack software program provided in the Kali Linux distribution. FWC has the ability to…

View original post 1,225 more words

The Great Multi-Factor Authentication Debate — PCI Guru

The Council brings back the Assessor Session to this year’s Community Meeting and it takes only one question to get passions flowing. The question was to get a clarification of a comment made by Ralph Poore, Director, Emerging Standards at the Council, about multi-factor authentication (MFA). First a little background to get everyone up to […]

via The Great Multi-Factor Authentication Debate — PCI Guru