Comments for Brian Klumpp, CISSP, PCI-QSA

Comment on Clarifications on WPA/TKIP Vulnerabilities by Tobias Englund

Tobias Englund — Thu, 11 Feb 2010 00:19:53 +0000

Well put Brian,

not only is it an isssue with TKIP and its weaknesses, it is often left out what is what. To protect an enterprise connected to a publicly available network (all wireless networks should be considered as such), there are the same fundamental requirements as any enterprise connecting to the Internet:
Authentication, Encryption and Integrity verification.
It is disturbing to see how more focus is put on encryption than authentication and with the common practice of a global passphrase jeopardizing access to the entire corporate network.
WPA2 is a subset of the equation and typically stands for encryption whereas the whole 802.11i standard also calls for the practice of the 802.1X standard for authentication. How the latter then is used is key to the strength of the actual protection. WPA2 is used by hardware manufacturers as to say that security is not an issue anymore. Anybody with insight to a typical retailer network can testify to the many potential inroads for an attacker. I wish the same standards would apply in the WiFi world as for any enterprise remote user with access to sensitive assets.

Comment on 3rd Party Applications Open Holes Too! by hotspot shield

hotspot shield — Fri, 06 Nov 2009 05:33:33 +0000

It is a great post thanks for posting it!

Comment on 3rd Party Applications Open Holes Too! by Sue Massey

Sue Massey — Thu, 05 Nov 2009 23:31:52 +0000

Would you be interested in exchanging blogrolls links with my site? Please email me if you are interested

Comment on Security Steps for Compliance Purposes? Why Not Just for the Sake of Security? by derekpm

derekpm — Mon, 13 Jul 2009 01:35:14 +0000

Rather interesting. Has few times re-read for this purpose to remember. Thanks for interesting article. Waiting for trackback

Comment on Security Steps for Compliance Purposes? Why Not Just for the Sake of Security? by flash

flash — Sun, 05 Jul 2009 06:08:52 +0000

Perfect!

Comment on Small Merchants and PCI Compliance - Part 2: Management Buy-in by How I Make $5000 a Month Posting Links on Google

How I Make $5000 a Month Posting Links on Google — Fri, 26 Jun 2009 00:38:51 +0000

Loved your latest post, by the way.

Comment on Small Merchants and PCI Compliance - Part 2: Management Buy-in by Katy

Katy — Wed, 24 Jun 2009 02:58:28 +0000

Pretty nice post. I just came across your site and wanted to say
that I have really liked reading your posts. Anyway
I’ll be subscribing to your feed and I hope you write again soon!

Comment on Small Merchants and PCI Compliance - Part 2: Management Buy-in by Edwin Alanouf

Edwin Alanouf — Sat, 20 Jun 2009 16:27:55 +0000

That is some great information Brian. I think it it would also be helpful if the trainer had enough knowledge, or preperation to show the parallal relevancies of PCI to other compliancies standards that company possibly may have to adhere to in the future, or when dealing with over seas regulations.

Comment on Small Merchants and PCI Compliance by brian.klumpp

brian.klumpp — Thu, 18 Jun 2009 22:28:42 +0000

Part 2: http://blogs.nuspire.com/bkblog/?p=42
More to come!

Comment on Small Merchants and PCI Compliance by Brian Klumpp, CISSP, PCI-QSA » Small Merchants and PCI Compliance - Part 2

Brian Klumpp, CISSP, PCI-QSA » Small Merchants and PCI Compliance - Part 2 — Thu, 18 Jun 2009 22:23:50 +0000

[...] small merchant you now know that you have to be PCI compliant. If not, you can read my last post here on the topic. As discussed in my last post, you should start with an IT Policy and an IT Security [...]