WEP
Last Post: April 5, 2010:
-
Actually we have had this discussion several times internally about what PCI requires. Our PCI auditors say its all about where the cardholder data goes. PCI doesn't require you to specifically lock down a certain segment unless it is accessible to get at cardholder data. So for example, I had a customer who was fully aware of the WEP vulnerabilities and PCI requirements. They were retail and is would cost them millions to upgrade their WEP based weighing machines that they used, simply not feasible. Their solution? Setup their WLAN and devices using the WLAN behind a separate firewall segmented away from all cardholder transactions. This met PCI as the had _no_ wireless on their cardholder data network. It also saved them a bunch of money they couldn't afford to spend.
To answer the OP's question, I still see a lot of WEP out there. Its slowly going away and its mostly in distribution and retail where the cost of upgrading handhelds used for stock control holds them back. I hardly see it in carpeted space anymore.
- 1