UCF STIG Viewer Logo

WLAN clients must not be configured to connect to other WLAN devices without the user initiating a request to establish such a connection.


Overview

Finding ID Version Rule ID IA Controls Severity
V-7072 WIR0185 SV-7456r1_rule ECSC-1 Low
Description
Many WLAN clients have the capability to automatically connect to particular WLANs when they are available. This behavior means the user may not know to which WLAN they are connected or even be aware that a WLAN connection is active. This increases the probability that these open connections may be used for nefarious purposes, especially if an adversary is able to set up WLAN infrastructure to masquerade as the user’s preferred WLAN. Once the WLAN client is breached, the adversary may be able to obtain DoD sensitive information or use the client device to attack other systems.
STIG Date
WLAN Client Security Technical Implementation Guide (STIG) 2014-08-26

Details

Check Text ( C-16041r1_chk )
NOTE: This requirement does not apply to tactical wireless systems where the client is configured to connect only specified tactical access point(s).
Detailed Requirement:

- The wireless client must not automatically connect to any wireless network, whether preferred or non-preferred.

Check Procedures:
Review the configuration settings of the WLAN client on a sample of wireless clients (3-4) and verify it is not configured so that the wireless client automatically connects to any preferred or non-preferred network. In some wireless client management software, there is a list of preferred or known networks. There may also be a configuration option such as “Connect when this network is in range”. These options should be disabled or not selected.
Mark as a finding if the wireless client is configured to automatically connect to a wireless network.
Fix Text (F-15751r1_fix)
Disable all auto-connect preferences in wireless client devices.