Visa Security Alert, 8/25/2008: 'Packet Sniffing Vulnerability'

Visa released a data security alert yesterday on packet sniffers.

Computer hackers are using packet sniffers to breach data security and obtain cardholder data.

Packet sniffers are malicious software or “malware” and may be referred to as a network or protocol analyzer. The sniffers seize a stream or block of data (a packet) being transmitted or passed on a network.

Sniffers are often used for legitimate business purposes such as network analysis, monitoring of network usage or firewall testing. An increase in data security breaches from packet sniffers has prompted the alert. Investigations have shown packet sniffers capturing cardholder data on transactions passed on the compromised businesses’ computer networks.

Visa recommends the following best practices to mitigate your vulnerability to a packet sniffer attack in their alert:

"Although packet sniffing is difficult to detect, you can utilize tactics to mitigate the risk of exposure to critical systems, such as point-of-sale (POS) systems, payment processing servers, database servers or other servers where cardholder data resides. To get started, follow these best practices:

• Utilize host-based Intrusion Detection Systems (IDS)
• Monitor firewalls for suspicious traffic, particularly outbound traffic to unknown addresses
• Implement file integrity monitoring
• Secure workstations so packet sniffers or other malware cannot be installed
• Utilize encrypted protocols or encryption to protect sensitive data
• Use packet sniffers legitimately to detect network intrusion attempts or suspicious activity on a network
• Ensure that anti-virus and anti-spyware software programs are up-to-date
• Routinely examine systems and networks for newly-added hardware devices"

More information on packet sniffing is available at www.visa.com/cisp or netsecurity.about.com/cs/hackertools/a/aa121403.htm