DoD network users authorized to remotely connect to the DoD network from a residential WLAN must ensure that the access point uses Network Address Translation (NAT).
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-18748 | WIR0940 | SV-20436r5_rule | ECWN-1 | Medium |
| Description |
|---|
| An access point routes traffic between a WLAN and a distribution network, typically the Internet for residential WLANs. NAT prevents computers on the distribution network from directly addressing computers on the WLAN, which protects WLAN computers from many common network attacks including port scanning and other surveillance actions. As a result, government furnished mobile devices on the WLAN have a safer environment to establish a VPN connections than they would without NAT. |
| STIG | Date |
|---|---|
| WLAN Client Security Technical Implementation Guide | 2011-10-07 |
Details
| Check Text ( C-22470r4_chk ) |
|---|
| If DoD network users authorized to remotely connect to the DoD network via from a residential WLAN, interview the IAO to determine if a procedure has been implemented to verify the requirement to use NAT on residential access points. It is recommended the IAO require the home WLAN users provide documentation for the WLAN equipment used for the DoD Residential WLAN showing the system including a firewall with NAT capability. In most cases, the firewall (with NAT) is included with the access point. In addition, it is recommended the IAO require the users provide a screen shot of the management interface screen of the DoD residential WLAN router showing that NAT firewall is enabled. Mark as a finding if the procedure does not exist or if it is inadequate. |
| Fix Text (F-19398r3_fix) |
|---|
| Ensure DoD network users who are authorized to remotely connect to the DoD network from a home WLAN configure their access points to use NAT. |