Title

Wireless network adapters must be turned off when the system is connected to a wired network. (Cat II impact)

Discussion

If a client device supports simultaneous use of wireless and wired connections, then this increases the probability that an adversary who can access the device using its wireless interface can then route traffic through the device’s wired interface to attack devices on the wired network or obtain sensitive DoD information.

Check Content

This is NA for systems that do not have wireless network adapters. Disabling of wired network adapters can be accomplished through various means. Third-party software that manages this is the most reliable solution. Some network adapters may have a configuration option to address this locally. At minimum, the organization must have a policy that users turn off wireless network adapters when connected to a wired network. If wireless network adapters are not turned off when the system is connected to a wired network, this is a finding.

Fix Text

Configure systems to turn off wireless network adapters when systems are connected to wired networks. If this is not possible, develop and implement a policy that users must turn off wireless network adapters when systems are connected to wired networks.

Additional Identifiers

Rule ID: SV-87203r1_rule

Vulnerability ID: V-72573

Group Title: WIN00-000200

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.