UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

WLAN access points and supporting authentication servers used for Internet-only connections must reside in a dedicated subnet off of the perimeter firewall.


Overview

Finding ID Version Rule ID IA Controls Severity
V-25319 WIR0123 SV-31432r2_rule ECWN-1 Medium
Description
If the access point or its supporting authentication server is placed in front of the perimeter firewall, then it has no firewall protection against an attack. If the access point or its supporting authentication server is placed behind the perimeter firewall (on the internal network), then any breach of these devices could lead to attacks on other DoD information systems.
STIG Date
WLAN Access Point (Internet Gateway Only Connection) Security Technical Implementation Guide (STIG) 2013-03-14

Details

Check Text ( C-31754r2_chk )
Have the SA show how the access point and authentication server (if used) is physically connected to the firewall or supporting switch and how it is logically connected through firewall or switch configuration settings. Verify the equipment is connected to a subnet off of the perimeter firewall and the subnet only contains devices that support wireless connectivity to the Internet (WLAN Access Point, WLAN Authentication Server, etc.). The dedicated WLAN subnet required for Internet-only WLAN connections can be configured using logical separation. A separate physical infrastructure is not required.

Mark as a finding if:
- Any WLAN infrastructure device supporting Internet-only access is located somewhere other than a dedicated subnet off the perimeter firewall;
- Any device not supporting the Internet-only WLAN resides in the subnet dedicated to the Internet-only WLAN.
Fix Text (F-28238r1_fix)
Reconfigure physical and logical connections as needed so the Internet-only WLAN infrastructure resides in a dedicated subnet off the perimeter firewall.