The PCI DSS requires changing default settings on the wireless access points. Are there any best practices or recommended settings?
Change the default password of your wireless AP with a stronger password (at least eight characters and a mix of alphanumeric characters). This will prevent unauthorized users from logging into your AP and manipulating its settings. Replace the default SSID on your wireless APs with a unique name that does not reveal the identity or other private information about your organization. Turn off default services such as Web-based remote management, zero configuration, and SNMP based monitoring that you may not be using. If you use SNMP, prefer SNMPv3 that supports stronger authentication than its predecessors. Most wireless APs come with wireless security turned off by default. Cardholder data sent over an unsecured wireless connection is up for grabs and can be passively sniffed by unauthorized users. Turn on the security on your wireless APs and use strong encryption (e.g., WPA/WPA2) and authentication (802.1x based).
