The site must scan the radio frequency spectrum for unauthorized WLAN devices.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
SRG-NET-000071-IDPS-000017	SRG-NET-000071-IDPS-000017	SRG-NET-000071-IDPS-000017_rule		Medium

Description
Unauthorized WLAN devices threaten DoD networks in a variety of ways. If someone installs an access point on a DoD network, then people may use that access point to access network resources without any perimeter security controls, which significantly degrades the IA posture of that network. If someone installs an unauthorized access point in the site's vicinity, even if not connected to a DoD network, then site users may unknowingly or inadvertently connect to it. Once this connection occurs, the user's traffic may be diverted to spoofed web sites and other servers to capture the user's authentication credentials and sensitive DoD data. Finally, if an unauthorized WLAN client is operating inside or near the site, it may improperly connect to the site's WLAN infrastructure or other network devices that improperly have left open active Wi-Fi interfaces. WIDS can help counter all of these threats. DoDD 8100.2 requires ALL DoD networks must use a wireless IDS to scan for unauthorized wireless devices. The WIDS sensor and server must be configured as either a continuous WIDS or a periodic WIDS.

Description

Unauthorized WLAN devices threaten DoD networks in a variety of ways. If someone installs an access point on a DoD network, then people may use that access point to access network resources without any perimeter security controls, which significantly degrades the IA posture of that network. If someone installs an unauthorized access point in the site's vicinity, even if not connected to a DoD network, then site users may unknowingly or inadvertently connect to it. Once this connection occurs, the user's traffic may be diverted to spoofed web sites and other servers to capture the user's authentication credentials and sensitive DoD data. Finally, if an unauthorized WLAN client is operating inside or near the site, it may improperly connect to the site's WLAN infrastructure or other network devices that improperly have left open active Wi-Fi interfaces. WIDS can help counter all of these threats. DoDD 8100.2 requires ALL DoD networks must use a wireless IDS to scan for unauthorized wireless devices. The WIDS sensor and server must be configured as either a continuous WIDS or a periodic WIDS.

STIG	Date
IDPS Security Requirements Guide (SRG)	2012-03-08

Details

Check Text ( C-43133_chk )
Review the network architecture diagrams. Determine if a WIDS is installed on the network. If the site does not have a WIDS installed, this is a finding.

Fix Text (F-43133_fix)
Install and operate a WIDS in a manner consistent with policy requirements.