Documentation Center
AlienVault® USM Appliance™

PCI DSS 3.2 Requirement 4: Encrypt Transmission of Cardholder Data Across Open, Public Networks

Applies to Product: USM Appliance™ AlienVault OSSIM®

Testing Procedure

How USM Appliance Delivers

USM Appliance Instructions

USM Appliance Documentation

4.1.a Identify all locations where cardholder data is transmitted or received over open, public networks. Examine documented standards and compare to system configurations to verify the use of security protocols and strong cryptography for all locations.

AlienVault NIDS is capable of detecting PAN in NIDS traffic in plaintext, and alerts on it.

Existing correlation directives will generate alarms on credit card information detected in clear text.

Event Correlation

To verify that credit card data is not being stored in plain text, create a Security Events View with the search on Event Name containing "Credit Card". And then export the view as report module and run the report.

Create Custom Reports from SIEM Events or Raw Logs

4.1.c Select and observe a sample of inbound and outbound transmissions as they occur (for example, by observing system processes or network traffic) to verify that all cardholder data is encrypted with strong cryptography during transit.

AlienVault NIDS is capable of detecting PAN in NIDS traffic in plaintext, and alerts on it.

Existing correlation directives will generate alarms on credit card information detected in clear text.

Event Correlation

To verify that credit card data is not being stored in plain text, create a Security Events View with the search on Event Name containing "Credit Card". And then export the view as report module and run the report.

Create Custom Reports from SIEM Events or Raw Logs

4.1.e Examine system configurations to verify that the protocol is implemented to use only secure configurations and does not support insecure versions or configurations.

USM Appliance can test for the use of insecure versions of SSL and TLS. NIDS data and Vulnerability Scan data combined can assist with this.

Create a custom scan profile, and in the "Autoenable plugins option", select the "Autoenable by family" option.  Then enable the following checks in the scanning profile for the target host:

  • Family: General

Creating a Custom Scan Profile

Run a Vulnerability Scan using the custom scan profile that was created.

Performing Vulnerability Scans

Export successful scan results and identify findings to determine if system is configured correctly.

Viewing the Scan Results

4.1.f Examine system configurations to verify that the proper encryption strength is implemented for the encryption methodology in use. (Check vendor recommendations/best practices.)

The Vulnerability Scan in USM Appliance and AlienVault NIDS can test for the use of insecure versions of SSL and TLS.

Create a custom scan profile, and in the "Autoenable plugins option", select the "Autoenable by family" option.  Then enable the following checks in the scanning profile for the target host:

  • Family: General

Creating a Custom Scan Profile

Run a Vulnerability Scan using the custom scan profile that was created.

Performing Vulnerability Scans

Export successful scan results and identify findings to determine if system is configured correctly.

Viewing the Scan Results

4.2.a If end-user messaging technologies are used to send cardholder data, observe processes for sending PAN and examine a sample of outbound transmissions as they occur to verify that PAN is rendered unreadable or secured with strong cryptography whenever it is sent via end-user messaging technologies.

AlienVault NIDS is capable of detecting PAN in NIDS traffic in plaintext, and alerts on it.

Existing correlation directives will generate alarms on credit card information detected in clear text.

Event Correlation

To verify that credit card data is not being stored in plain text, create a Security Events View with the search on Event Name containing "Credit Card". And then export the view as report module and run the report.

Create Custom Reports from SIEM Events or Raw Logs