Title

NixOS must protect wireless access to and from the system using encryption. (Cat I impact)

Discussion

Allowing devices and users to connect to or from the system without first authenticating them allows untrusted access and can lead to a compromise or attack. Since wireless communications can be intercepted, it is necessary to use encryption to protect the confidentiality of information in transit. Wireless technologies include, for example, microwave, packet radio (UHF/VHF), 802.11x, and Bluetooth. Wireless networks use authentication protocols (e.g., EAP/TLS, PEAP), which provide credential protection and mutual authentication. This requirement applies to those operating systems that control wireless devices. Satisfies: SRG-OS-000299-GPOS-00117, SRG-OS-000481-GPOS-00481

Check Content

Verify NixOS disables wireless adapters by running the following command: $ grep -R networking.wireless /etc/nixos/ /etc/nixos/configuratino.nix:networking.wireless.enable = false; If " networking.wireless.enable", does not equal false, is missing, or is commented out, this is a finding.

Fix Text

Configure /etc/nixos/configuration.nix to disable wireless interfaces by adding the following configuration settings: networking.wireless.enable = false; Rebuild the system with the following command: $ sudo nixos-rebuild switch

Additional Identifiers

Rule ID: SV-268146r1039326_rule

Vulnerability ID: V-268146

Group Title: SRG-OS-000299-GPOS-00117

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.