Wireless Access Points

Theatre Manager does not require use of any wireless network for operation as all workstations and servers are to be connected via ethernet cabling. Since many venues use wireless networks in the lobby for customers and green rooms for actor, or volunteer use, it is important to ensure that wireless routers are separated from the cardholder network and are on their own VLAN and all default settings are changed from factory. PCI requirement 1.2.3 and PCI requirement 2.1.1

The following must also be changed every time somebody with knowledge of the security changes positions or leaves the company. PCI requirement 4.1.1

Configuration of these should include:

• Turn off all SSID broadcasting
• Enter the MAC addresses (00:00:xx:xx:xx:xx) of the scanners into the acceptable list of devices at the remote site and only allow those devices to gain access to the network
• Use strong encryption such as WPA2 (also sometimes called IEEE 802.11i) or better for access control.
• Update the router to the latest firmware
• Change the default user ID and password for the router to be different than the manufacturer-supplied defaults.
• Change all wireless default encryption keys and SNMP community strings