The IDPS must detect rogue wireless devices, attack attempts, and potential compromises or breaches to the wireless network.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-34781	SRG-NET-000266-IDPS-00191	SV-45706r1_rule		Medium

Description
DoD information could be compromised if wireless monitoring is not performed to identify unauthorized WLAN clients and access points connected to or attempting to connect to the network. A WIDS sensor must be installed and placed to monitor wireless network transmissions for possible attacks and unauthorized traffic. Rogue devices are unauthorized wireless devices which are either connected to the enclave or are being used by personnel in DoD spaces. These devices may either provide attackers with a way into the enclave or attempt to breach the network.

Description

DoD information could be compromised if wireless monitoring is not performed to identify unauthorized WLAN clients and access points connected to or attempting to connect to the network. A WIDS sensor must be installed and placed to monitor wireless network transmissions for possible attacks and unauthorized traffic. Rogue devices are unauthorized wireless devices which are either connected to the enclave or are being used by personnel in DoD spaces. These devices may either provide attackers with a way into the enclave or attempt to breach the network.

STIG	Date
Intrusion Detection and Prevention Systems (IDPS) Security Requirements Guide	2012-11-19

Details

Check Text ( C-43072r1_chk )
Verify the WIDS is configured to monitor the network for unauthorized wireless devices. Verify the configuration will detect devices which are using non-standard wireless protocols. Verify the placement of the WIDS will detect devices transmitting in all offices and work spaces for the site. If the WIDS is not configured to detect rogue wireless devices, this is a finding.

Fix Text (F-39104r1_fix)
Configure the WIDS to monitor for rogue wireless devices.