An error occurred:

Check: WIR0165

WLAN Client STIG (STIG): WIR0165 (in version v6 r9)

Title

WLAN-capable devices must not use wireless peer-to-peer networks to connect to other devices. (Cat II impact)

Discussion

WLANs may be configured into a peer-to-peer (also known as ad hoc) network that permits devices to communicate directly rather than through an access point. It is difficult to ensure required IA mechanisms are in place for such networks, because they inherently are not subject to centralized management. Consequently, there is a significant risk an adversary will defeat or circumvent authentication or encryption controls (if they even exist) on a peer-to-peer or ad hoc WLANs.

Check Content

1. Use the site’s WIDS capability or any WLAN capable device to identify available WLAN connections. If the scan reveals there are devices supporting anything other than infrastructure connections (i.e., connections using peer-to-peer services rather via an access point), then record the advertised network names of these devices. Work with the SA or IAO to determine if any of these devices is associated with the site. 2. Check a sample (3-4) of WLAN client devices at the site. In the WLAN client management software, verify that the WLAN interfaces are configured to support WLAN infrastructure connections only. This may be indicated by check boxes stating “Infrastructure mode only” or “Connect to access point only” or “Disable peer-to-peer networking”. 3. Mark as a finding if: - If there are any WLAN clients advertising their availability for ad hoc WLAN connections. - If there are WLAN clients that have not configured WLAN interfaces to support infrastructure connections only (and thus prohibiting peer-to-peer or ad hoc connections). 4. Notify the IAM or IAO if there devices unaffiliated with the site advertising their availability for WLAN connections. This is not a finding because such devices are not under the site’s control, but they nonetheless pose an IA risk to the site of which IA and other personnel should be aware.

Fix Text

Configure WLAN client interfaces to support infrastructure connections only. Procure WLAN software and devices that have the capability to turn off or otherwise disable peer-to-peer WLAN communications.

Additional Identifiers

Rule ID: SV-3503r1_rule

Vulnerability ID: V-3503

Group Title: No peer-to-peer WLANs

Expert Comments

Expert comments are only available to logged-in users.

CCIs

CCIs tied to check.
Number Definition
No CCIs are assigned to this check

Controls

Controls tied to check. These are derived from the CCIs shown above.
Number Title
No controls are assigned to this check