The site must monitor the radio frequency spectrum for unauthorized WLAN devices.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-34564	SRG-NET-999999-IDPS-00236	SV-45413r1_rule		Medium

Description
Unauthorized WLAN devices threaten the network in a variety of ways. If an unauthorized access point is installed on the network, people may use it to access network resources, thus bypassing perimeter security controls. If an unauthorized access point is installed in the site’s vicinity, even if not connected to a DoD network, then users may unknowingly or inadvertently connect. Once this connection occurs, the user’s traffic may be diverted to spoofed web sites and other servers to capture authentication credentials and restricted data. Finally, if an unauthorized WLAN client is operating inside or near the site, it may improperly connect to the site’s WLAN infrastructure or other network devices with improperly configured Wi-Fi interfaces. DoDD 8100.2 requires all DoD networks use a wireless IDPS to monitor for unauthorized wireless devices. The policy for installing a wireless sensor is an architecture requirement which is out of scope for the technical STIG. However, this control requires the configuration of the wireless sensors to include the entire radio spectrum, not just the authorized wireless frequencies. The wireless monitoring must cover all WLAN frequencies. The WLAN frequency band can vary by country and the WIDS must cover all channels being used in a country the equipment is being used in. For example, the allowed WLAN channels are different in the U.S., Japan, and many European countries.

Description

Unauthorized WLAN devices threaten the network in a variety of ways. If an unauthorized access point is installed on the network, people may use it to access network resources, thus bypassing perimeter security controls. If an unauthorized access point is installed in the site’s vicinity, even if not connected to a DoD network, then users may unknowingly or inadvertently connect. Once this connection occurs, the user’s traffic may be diverted to spoofed web sites and other servers to capture authentication credentials and restricted data. Finally, if an unauthorized WLAN client is operating inside or near the site, it may improperly connect to the site’s WLAN infrastructure or other network devices with improperly configured Wi-Fi interfaces. DoDD 8100.2 requires all DoD networks use a wireless IDPS to monitor for unauthorized wireless devices. The policy for installing a wireless sensor is an architecture requirement which is out of scope for the technical STIG. However, this control requires the configuration of the wireless sensors to include the entire radio spectrum, not just the authorized wireless frequencies. The wireless monitoring must cover all WLAN frequencies. The WLAN frequency band can vary by country and the WIDS must cover all channels being used in a country the equipment is being used in. For example, the allowed WLAN channels are different in the U.S., Japan, and many European countries.

STIG	Date
Intrusion Detection and Prevention Systems (IDPS) Security Requirements Guide	2012-11-19

Details

Check Text ( C-42762r1_chk )
If the site does not have a WIDS installed, this is a finding. Verify the WIDS is configured to monitor the entire spectrum for unauthorized (rogue) devices. If the site does not have a wireless IDPS configured to monitor the radio frequency spectrum for unauthorized WLAN devices, this is a finding.

Fix Text (F-38810r1_fix)
Install and operate a wireless sensor(s). Configure the IDPS to monitor the entire radio spectrum for unauthorized wireless access points and other wireless devices.