Check: AOSX-09-000070
Apple OS X 10.9 Workstation STIG:
AOSX-09-000070
(in version v1 r2)
Title
Wi-Fi support software must be disabled. (Cat II impact)
Discussion
The kernel extension for Wi-Fi network devices such as Airport must be removed to ensure that users will not be able to reactivate wireless networking at a later time. System updates will sometimes replace deleted kernel extensions. Administrator users may need to periodically check to ensure that the file remains deleted. Alternately, the wireless card hardware may be removed from the system.
Check Content
If the system requires Wi-Fi to connect to an authorized network, this is not applicable. To check if the Wi-Fi network device is disabled, run the following command: sudo networksetup -listallnetworkservices A disabled device will have an asterisk in front of its name. If the Wi-Fi device is missing this asterisk, this is a finding.
Fix Text
To disable the Wi-Fi network device, run the following command: sudo networksetup -setnetworkserviceenabled 'Wi-Fi' off
Additional Identifiers
Rule ID: SV-72699r1_rule
Vulnerability ID: V-58269
Group Title:
Expert Comments
CCIs
Number | Definition |
---|---|
CCI-001443 |
The information system protects wireless access to the system using authentication of users and/or devices. |
CCI-001444 |
The information system protects wireless access to the system using encryption. |
CCI-002418 |
The information system protects the confidentiality and/or integrity of transmitted information. |