Entries by Randy Bartels

PCI Requirement 2.1.1 – Change all Wireless Vendor Defaults

Hardening Your Wireless Network – Similar to the parent requirement, PCI Requirement 2.1, PCI Requirement 2.1.1 focuses on changing vendor-supplied defaults. PCI Requirement 2.1.1, though, relates to all wireless environments. If you’re using a wireless network or device that’s within scope of the PCI DSS, you must ensure that you change all wireless vendor defaults upon installation. You must also ensure that all security-related functions and features are enabled and that you are using secure protocols, ports, and services as part of the authentication.

PCI Requirement 2.1 – Always Change Vendor-Supplied Defaults

Why should you change vendor-supplied defaults? Vendor-supplied accounts and passwords pose a serious threat to your organization’s security. Although defaults might make installation or even support easier, PCI Requirement 2.1 instructs service organizations to always change vendor-supplied defaults because it is pretty simple for hackers to find the vendor-supplied information needed to attack and exploit your system. PCI Requirement 2.1 states, “Always change vendor-supplied defaults and remove or disable unnecessary default accounts before installing a system on the network.”

Introduction to PCI Requirement 2

What is PCI Requirement 2? PCI Requirement 2 mandates, “Do not use vendor-supplied defaults for system passwords and other security parameters.” Were you aware that vendor-supplied default passwords and settings are well-known among the hacker community? PCI Requirement 2 was created to fight the malicious individuals who try to compromise systems with the vendor-supplied default information.