DoD network users authorized to remotely connect to the DoD network from a residential WLAN must change the default SSID to an SSID that does not reveal the WLAN is used to transmit DoD data.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-18747 | WIR0935 | SV-20435r5_rule | ECWN-1 | Low |
| Description |
|---|
| WLANs that can be identified as carrying DoD traffic by the SSID will be targeted for attack by hackers more readily than other WLANs. Similarly, the use of manufacturer default SSIDs can provide hackers with information about the access point that they could potentially use to breach system security. |
| STIG | Date |
|---|---|
| WLAN Client Security Technical Implementation Guide | 2011-10-07 |
Details
| Check Text ( C-22469r4_chk ) |
|---|
| Detailed requirements: When DoD network users are authorized to remotely connect to the DoD network via a home wireless LAN (WLAN) the the SSID must be changed from the manufacturer’s default to an SSID that does not identify the DoD organization or the fact that the access point is used for DoD traffic. Check procedures: Interview the IAO to determine that a procedure has been implemented to verify these requirements have been met. NOTE: It is recommended the IAO require the home WLAN users provide a screen shot of the management screen of the home WLAN to verify this requirement has been met. Mark as a finding if a procedure does not exist or does not adequately cover the SSID naming requirements. |
| Fix Text (F-19397r2_fix) |
|---|
| Change SSID of the home access point to an SSID that meets the requirement. |