A Zebra Technologies White Paper. Achieving PCI DSS v1.2 Compliance on Wireless Printers



Similar documents
A Zebra Technologies White Paper. Why is my printer printing code?

A Zebra Technologies White Paper. Bar Code Printing from Oracle WMS and MSCA

Network Monitor - ZXP

A Zebra Technologies White Paper. Creating and processing encrypted files

Bar Code Printing Options for Zebra Printers with Oracle WMS and MSCA A ZEBRA BLACK&WHITE

Issues and Opportunities for Introducing Bar Code Systems in Hospitals A ZEBRA BLACK&WHITE

Reducing Cycle Times and Work in Process Management Costs: Aerospace and Defense Industry

Link-OS Printer Operating System Syslog AppNote October 5, 2014

Using SAP Smart Forms for Bar Code Label Printing from mysap Business Suite A ZEBRA BLACK&WHITE

A Zebra Technologies White Paper. Managing Printers for Maximum Reliability, Performance, and Value

CISCO WIRELESS SECURITY SUITE

RACK AND CONTAINER TRACKING SOLUTION

A Zebra Technologies White Paper. Zebra Bar Code Solution for Oracle Retail Store Inventory Management

Zebra Link-OS Environment Version 2.0

PCI Compliance - A Realistic Approach. Harshul Joshi, CISM, CISA, CISSP Director, Information Technology CBIZ MHM hjoshi@cbiz.com

Barcode Labeling in the Lab Closing the Loop of Patient Safety

CENTRALIZED DEVICE MANAGEMENT HELPS DRIVE BUSINESS EFFICIENCIES Improve device security, availability and cost-effectiveness

Zebra Lab Labeling Solutions for Healthcare

Magnetic Stripe Reader on ZQ500 Series Printers AppNote October 6, 2014

Barcode-Based Patient Safety Initiatives in Hospital Pharmacies

The following chart provides the breakdown of exam as to the weight of each section of the exam.

PCI DSS Policies Outline. PCI DSS Policies. All Rights Reserved. ecfirst Page 1 of 7

RTLS 101 What It Is and Why You Need It

PCI PA - DSS. Point XSA Implementation Guide. Atos Worldline Banksys XENTA SA. Version 1.00

PCI v2.0 Compliance for Wireless LAN

Implementation Guide

Did you know your security solution can help with PCI compliance too?

PCI Data Security Standards (DSS)

WHITE PAPER. The Need for Wireless Intrusion Prevention in Retail Networks

PCI Wireless Compliance with AirTight WIPS

PCI COMPLIANCE GUIDE For Merchants and Service Members

PCI PA - DSS. Point ipos Implementation Guide. Version VeriFone Vx820 using the Point ipos Payment Core

AUTOMATING AUDITS AND ENSURING CONTINUOUS COMPLIANCE WITH ALGOSEC

Achieving PCI-Compliance through Cyberoam

PA-DSS Implementation Guide for. Sage MAS 90 and 200 ERP. Credit Card Processing

Enforcing PCI Data Security Standard Compliance

Section 3.9 PCI DSS Information Security Policy Issued: June 2016 Replaces: January 2015

Payment Card Industry (PCI) Data Security Standard Self-Assessment Questionnaire C and Attestation of Compliance

DRIVE VALUE ACROSS YOUR SUPPLY CHAIN WITH CHIP-BASED RFID SERIALIZATION A simpler, more cost effective solution for deploying item-level tagging

Wi-Fi Client Device Security and Compliance with PCI DSS

Catapult PCI Compliance

PCI PA - DSS. Point BKX Implementation Guide. Version Atos Xenta, Atos Xenteo and Atos Yomani using the Point BKX Payment Core

Getting Started with Windows Mobile Development Windows Mobile SDK C#

A Division of Cisco Systems, Inc. GHz g. Wireless-G. USB Network Adapter with RangeBooster. User Guide WIRELESS WUSB54GR. Model No.

Visa U.S.A Cardholder Information Security Program (CISP) Payment Application Best Practices

PCI Requirements Coverage Summary Table

Zebra Link-OS Environment Version 2.0

Wireless Security. New Standards for Encryption and Authentication. Ann Geyer

Cisco IOS Public-Key Infrastructure: Deployment Benefits and Features

Zebra Technologies Healthcare Solutions SIMPLE SOLUTIONS TO COMPLEX PROBLEMS HELPING YOU DELIVER BEST PRACTICE IN HEALTHCARE

The Importance of Wireless Security

Solutions that track, identify and locate in a fast-moving world

Step 4. Advanced inventory and storage capabilities

PCI Requirements Coverage Summary Table

Qualified Integrators and Resellers (QIR) Implementation Statement

Policies and Procedures

PCI DSS Requirements - Security Controls and Processes

General Information. About This Document. MD RES PCI Data Standard November 14, 2007 Page 1 of 19

Wireless Security for Mobile Computers

Table of Contents. Cisco Wi Fi Protected Access 2 (WPA 2) Configuration Example

PCI Compliance Can Make Your Organization Stronger and Fitter. Brent Harman Manager, Systems Consultant Team West NetPro Computing, Inc.

Visa Asia Pacific Account Information Security (AIS) Program Payment Application Best Practices (PABP)

CHEAT SHEET: PCI DSS 3.1 COMPLIANCE

Lucas POS V4 for Windows

Conquering PCI DSS Compliance

Best Practices for PCI DSS V3.0 Network Security Compliance

PCI DSS FAQ. The twelve requirements of the PCI DSS are defined as follows:

A Zebra Technologies White Paper. Enterprise-Wide Data Collection and RFID/Bar Code Printing for SCM

A Zebra Technologies White Paper. Understanding Mobile Printing Technology and Capabilities

Becoming PCI Compliant

WIRELESS SECURITY IN (WI-FI ) NETWORKS

Payment Card Industry (PCI) Compliance. Management Guidelines

AlienVault for Regulatory Compliance

Payment Card Industry (PCI) Data Security Standard

Oracle Hospitality OPERA Cloud Services Security Guide Release 1.20 Part Number: E April 2016

Deploying iphone and ipad Virtual Private Networks

Payment Card Industry Data Security Standard

Cyber-Ark Software and the PCI Data Security Standard

Customers have noticed that we are very responsive, meet our service level agreements, and are more cost conscious. MIKE ROBINSON

Particularities of security design for wireless networks in small and medium business (SMB)

PCI implementation guide for L-POS

Transcription:

A Zebra Technologies White Paper Achieving PCI DSS v1.2 Compliance on Wireless Printers

2 A Zebra Technologies White Paper

Executive Summary The challenges of meeting Payment Card Industry (PCI) security standards and the horror stories of failing to comply continue to grow. Security breaches at several major retailers have resulted in estimated costs of as high as $1 billion per retailer. The U.S. Identity Theft Protection Act has established fines of up to $11,000 per customer record for databases breaches. In fact, 14 percent of retailers have suffered a breach and only 28 percent of retailers are fully compliant with PCI requirements, according to the Retail Systems Alert Group 2006-2007 Retail Data Security study. Since that study, retailers are taking notice, and compliance rates are steadily increasing. Merchants who do not comply are at risk for fines, higher processing fees and even the loss of card-processing privileges. PCI implementation costs are a major concern for many businesses, even if the cost of noncompliance is potentially so much higher. Consider that the cost of new preventative measures only averages 4 percent of the total breach cost, or $180,000. 1 Amid these concerns, it is easy for retailers to lose sight of both the big picture and important details. PCI compliance is a major milestone, but it is only a means to an end of having secure processes, networks, data, devices, and peripherals. If a single networked device is non-compliant, the entire network and the retail information systems behind it are all non-compliant. This is why protecting peripherals is an essential, if somewhat overlooked, component of PCI compliance. This white paper explains how PCI Data Security Standard (DSS) version 1.2 applies to wireless peripherals and presents options for including secure wireless printers in PCI-compliant wireless networks. Take Network Security Seriously Many retailers are unwittingly out of compliance with PCI DSS v1.2 because they do not realize its scope, particularly how the standard applies to peripherals. Because of the tougher wireless security requirements included in PCI DSS v1.2, many wireless computers, printers and other peripherals retailers use every day do not comply. There is no reason for a printer to be a weak link in wireless network security. Wireless printers can support PCI requirements and other advanced protocols and strategies used to protect mobile computers, POS stations and other wireless devices. Supported security includes 802.11i, 802.1x, LEAP, WPA, and WPA2 security protocols. Wireless printers support AES, IPSec, SSL and other advanced encryption and authentication protocols, and can be included in virtual private networks (VPNs). How PCI DSS v1.2 Applies to Printers The primary changes from PCI version 1.1 to version 1.2 that affect wireless printers include: Wireless networks and devices should implement the latest industry best practices (802.11x). Wireless networks and devices can no longer use WEP after June 30, 2010. Wireless networks and devices can no longer send unencrypted primary account numbers (PANs) using end-user messaging systems. 1. PGP Research Study, 2010 Annual Study: Cost of a Data Breach, February 2010. A Zebra Technologies White Paper 3

The new revisions to PCI DSS version 1.2 increases data security and helps minimize the risk of data breaches that can challenge the positive public perception of the security practices of retail merchants and financial institutions involved in the payments chain. There are 12 major requirements that all must be met to comply with PCI DSS v1.2. The sections that follow present the most relevant requirements, and tips for meeting them. 2 PCI DSS v1.2 Requirement 2 Do not use vendor-supplied defaults for system passwords and other security parameters. At one time, it was common to deploy wireless LANs secured with default passwords and security configurations, but the industry has largely abandoned this practice in favor of more secure methods. To comply, activate security settings during installation (some systems default to security turned off), and create original passwords. Businesses should review older systems to make sure they are compliant. Requirement 4 Encrypt transmission of cardholder data across open, public networks. PCI considers wireless LANs to be public networks. This requirement also covers Internet and cellular transmissions, which therefore applies to merchants who wirelessly process payments for delivery, service, home sales, and other remote commerce. WPA, WPA2, 802.1x, 802.11i and other standard wireless LAN security protocols provide data encryption, as do wide-area cellular networks. New wireless networks should now start implementing industry best practices such as IEEE 801.11x. Requirement 4.1 Use strong cryptography and security protocols such as secure sockets layer (SSL)/ transport layer security (TLS) or Internet protocol security (IPsec) to safeguard sensitive cardholder data during transmission over open, public networks. This requirement applies to wired and wireless, stationary and mobile, and local or Web communications over public networks. Support for SSL, TLS, and IPsec is available for wireless printers. Pay careful attention to specifications because there are different varieties of these protocols (e.g., EAP, LEAP, PEAP), so compatibility with the network infrastructure is not assured. Requirement 4.1.1 Ensure wireless networks transmitting cardholder data, or connected to the cardholder data environment, use industry best practices (for example, IEEE 802.11i) to implement strong encryption for authentication and transmission. For new wireless implementations, it is prohibited to implement WEP after March 31, 2009. For current wireless implementations, it is prohibited to use WEP after June 30, 2010. New wireless implementations can no longer deploy WEP. Existing wireless implementations must cease using WEP after June 30, 2010. Until that date, networks and devices can use WEP if the network also deploys WPA, WPA2, or a VPN. If WEP is used, do the following: Use with a minimum 104-bit encryption key and 24 bit-initialization value. Rotate shared WEP keys at least quarterly and whenever there are changes in personnel with key access. Restrict access to MAC addresses. 2. PCI Security Standards Council, The Prioritized Approach to Pursue PCI DSS Compliance, February 2009. 4 A Zebra Technologies White Paper

Requirement 4.2 Never send unencrypted PANs by end-user messaging technologies (for example, e-mail, instant messaging, chat). The new requirement disallows sending primary account numbers (PANs) through text-based communications without first encrypting the PAN. Test-based communications include e-mail, instant messaging, chat, and short message service (SMS). Other requirements of PCI DSS v1.2 relate to networks, applications and IT infrastructure, so printers and other peripherals must be compatible with enterprise IT policies and standards. Additional PCI components that may impact printers include: Requirement 1 Install and maintain a firewall to protect cardholder data. Requirement 6 Develop and maintain secure systems and applications. Requirement 8 Assign a unique ID to each person with computer access. Requirement 10 Track and monitor all access to network resources and cardholder data. Requirement 11 Regularly test security systems and processes. Requirement 12 Maintain a policy that addresses information security for employees and contractors. Meeting all these requirements may seem complex and burdensome, but in fact, it is quite manageable. Many retailers have complied with PCI DSS v1.2 and use wireless printers for shelf labeling, markdown management, stock keeping, returns processing, assisted shopping, portable POS, and other applications daily. None of the PCI DSS v1.2 wireless requirements calls for products or technologies that do not yet exist. In fact, securing wireless printers may be one of the easier aspects of PCI compliance because products are already available that support the necessary security protocols. In addition, automated management applications are available to reduce much of the traditional configuration and upgrade time requirements and costs, especially for remote devices. The following sections describe specific security capabilities and management options for wireless printers from Zebra Technologies. Security Options for Zebra Wireless Printers Zebra Technologies provides flexible, standard, and current security solutions configurable on mobile, tabletop, and cart-mounted printers. Many models support WPA, WPA2, and other PCI requirements and are fully compatible with LEAP and other security protocols used in 802.11b/g/i/x wireless networks from Cisco Systems, Motorola and other providers. Different security levels and protocols can be implemented in each type of Zebra printer mobile, tabletop and cart-mounted. The exact security available depends on the printer model, connection method and radio model used. Support referenced in this white paper applies only to radios tested and approved by Zebra for use with its printers. Zebra frequently updates security support, so check www.zebra.com, or speak with a Zebra representative for the most current information. Mobile models work on wireless networks through integrated radios, while cart-mounted and stationary wireless printers use a print server for access to the wireless network. Table 1 summarizes the security available for Zebra wireless printers. A Zebra Technologies White Paper 5

Table 1: Quick Reference to Wireless Security Available for Zebra Printers WLAN-SECURITY QL Plus, RW Motorola Symbol 11b (LA-4137 CF) QL Plus, RW, MZ, PS4000 Zebra 802.11b/g GX series, HC100 Zebra 802.11b/g ZebraNet Wireless Plus Print Server Motorola Symbol 11b (LA-4137 CF) Cisco 802.11b/g (CB21) ZebraNet Internal Wireless Plus Print Server Zebra 802.11b/g WEP Yes Yes Yes Yes Yes Yes IEEE 802.1X Authentication schemes LEAP Yes Yes Yes Yes Yes Yes EAP-FAST Yes Yes Yes Yes Yes Yes PEAP Yes Yes Yes Yes Yes Yes EAP-TLS Yes Yes Yes Yes Yes Yes EAP-TTLS Yes Yes Yes Yes Yes Yes (WPA) Wi-Fi protected Access: 802.1X + WPA TKIP with LEAP Yes Yes Yes Yes Yes Yes with EAP-FAST Yes Yes Yes Yes Yes Yes with PSK (Pre-shared Key) Yes Yes Yes Yes Yes Yes with PEAP Yes Yes Yes Yes Yes Yes with EAP-TLS Yes Yes Yes Yes Yes Yes with EAP-TTLS Yes Yes Yes Yes Yes Yes IEEE 802.11i =(WPA2):802.11x + AES encryption w/psk, EAP-TLS, EAP-TTLS, LEAP, PEAP, EAP-FAST No Yes Yes No Yes Yes Airbeam Safe-VPN Yes Yes No No No No Managing Security on Zebra Printers Wireless security is dynamic and evolving. Wireless infrastructures including printers and their management tools must be flexible enough to enable change so users can easily implement the latest upgrades and options to optimize their network security. Zebra offers powerful management options that make it simple to deploy, monitor, configure, and upgrade security protocols on Zebra printers, such as ZebraNet Bridge Enterprise. Businesses can also manage select Zebra mobile printers with Motorola s Mobility Services Platform (MSP) and Wavelink Corp. s Avalanche software both applications provide a complete management environment for multiple types of wireless devices from different manufacturers. Using ZebraNet Bridge Enterprise, Motorola MSP or Wavelink Avalanche network management utilities, system administrators can remotely implement software updates and security upgrades, configure devices, and modify settings. With these tools and Zebra wireless printers, IT administrators can maintain complete visibility and control over the devices from a single, remote console without ever having to physically touch the printers. The ability to effectively manage and secure all types of mobile devices from a single point significantly reduces the support costs across an enterprise s wireless network. 6 A Zebra Technologies White Paper

Lock Down Wireless Network Security In the major effort to bring data centers and enterprise systems into PCI compliance, it is easy to overlook a legacy stock keeping or shelf labeling application at a distant store. However, it only takes one oversight to put your entire system, your customers data, and your merchant status at risk. Protecting wireless printers is necessary for PCI compliance, but it is not necessarily difficult because of the advanced security and support available. Zebra offers a wide range of wireless printer solutions, networking tools and management resources to help retailers meet their security and business needs. Zebra Technologies Corporation (NASDAQ: ZBRA) provides the broadest range of innovative technology solutions to identify, track, manage, and optimize the deployment of critical assets for improved business efficiency. Zebra s core technologies include reliable on-demand printer and state-of-the-art software and hardware solutions. By enabling improvements in sourcing, visibility, security and accuracy, Zebra helps its customers to put the right asset in the right place at the right time. Zebra operates in over 100 countries and serves more than 90 percent of Fortune 500 companies worldwide. For more information about Zebra s solutions visit www.zebra.com. A Zebra Technologies White Paper 7

CORPORATE HEADQUARTERS Zebra Technologies Corporation 475 Half Day Road, Suite 500 Lincolnshire, IL 60069 USA T: +1 847 634 6700 +1 800 268 1736 F: +1 847 913 8766 www.zebra.com USA Zebra Technologies Corporation 333 Corporate Woods Parkway Vernon Hills, IL 60061-3109 U.S.A. T: +1 847 793 2600 or +1 800 423 0442 F: +1 847 913 8766 LATIN AMERICA Zebra Technologies International, LLC 9800 NW 41st Street, Suite 200 Doral, FL 33178 USA T: +1 305 558 8470 F: +1 305 558 8485 EMEA Zebra Technologies Europe Limited Dukes Meadow Millboard Road Bourne End Buckinghamshire SL8 5XF, UK T: +44 (0)1628 556000 F: +44 (0)1628 556001 ASIA-PACIFIC Zebra Technologies Asia Pacific, LLC 120 Robinson Road #06-01 Parakou Building Singapore 068913 T: +65 6858 0722 F: +65 6885 0838 OTHER LOCATIONS USA California, Georgia, Rhode Island, Texas, Wisconsin EUROPE France, Germany, Italy, Netherlands, Poland, Spain, Sweden ASIA-PACIFIC Australia, China, India, Japan, South Korea LATIN AMERICA Argentina, Brazil, Florida (USA), Mexico AFRICA/MIDDLE EAST Russia, South Africa, United Arab Emirates Copyrights 2010 ZIH Corp. All product names and numbers are Zebra trademarks, and Zebra, the Zebra head graphic and ZebraNet are registered trademarks of ZIH Corp. All rights reserved. Wi-Fi is a registered trademark of the Wireless Ethernet Compatibility Alliance, Inc. Motorola is a trademark of Motorola, Inc., registered in the U.S. Patent & Trademark Office. Cisco is a registered trademark of Cisco Systems, Inc. Wavelink Avanlanche is a registered trademark of Wavelink Corporation. All other trademarks are the property of their respective owners. P1027475 (5/10)

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information