Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-25319 | WIR0123 | SV-31432r4_rule | Medium |
Description |
---|
If the access point or its supporting authentication server is placed in front of the perimeter firewall, then it has no firewall protection against an attack. If the access point or its supporting authentication server is placed behind the perimeter firewall (on the internal network), then any breach of these devices could lead to attacks on other DoD information systems. |
STIG | Date |
---|---|
Network Infrastructure Policy Security Technical Implementation Guide | 2018-09-27 |
Check Text ( C-31754r3_chk ) |
---|
Have the SA show how the guest WLAN is physically connected to the firewall or supporting switch and how it is logically connected through firewall or switch configuration settings. Verify the equipment is connected via a separate WLAN or logical segmentation of the host WLAN (e.g., separate service set identifier (SSID) and virtual LAN). If a guest WLAN is set up as a separate WLAN from the DoD network or not set up as a logical segmentation from the DoD network or DoD WLAN, this is a finding. |
Fix Text (F-28238r1_fix) |
---|
Reconfigure physical and logical connections as needed so the Internet-only WLAN infrastructure resides in a dedicated subnet off the perimeter firewall. |