Skip to content
Log In

HPE Aruba Networking AOS Wireless Security Technical Implementation Guide

Rules, Groups, and Values defined within the XCCDF Benchmark

  • SRG-NET-000062

    Group
    Show

  • SRG-NET-000069

    Group
    Show

  • AOS must protect wireless access to the network using authentication of users and/or devices.

    Allowing devices and users to connect to the system without first authenticating them allows untrusted access and can lead to a compromise or attack. The security boundary of a wireless local area...
    Rule Medium Severity
    Show

  • SRG-NET-000070

    Group
    Show

  • The network element must protect wireless access to the system using Federal Information Processing Standard (FIPS)-validated Advanced Encryption Standard (AES) block cipher algorithms with an approved confidentiality mode.

    Allowing devices and users to connect to the system without first authenticating them allows untrusted access and can lead to a compromise or attack. Because wireless communications can be intercep...
    Rule Medium Severity
    Show

  • SRG-NET-000131

    Group
    Show

  • SRG-NET-000193

    Group
    Show

  • AOS must manage excess bandwidth to limit the effects of packet flooding types of denial-of-service (DoS) attacks.

    A network element experiencing a DoS attack will not be able to handle production traffic load. The high utilization and CPU caused by a DoS attack will also have an effect on control keep-alives a...
    Rule Medium Severity
    Show

  • SRG-NET-000338

    Group
    Show

  • AOS must require devices to reauthenticate when organization-defined circumstances or situations requiring reauthentication.

    Without authenticating devices, unidentified or unknown devices may be introduced, thereby facilitating malicious activity on the network. In addition to the reauthentication requirements associa...
    Rule Medium Severity
    Show

  • SRG-NET-000343

    Group
    Show

  • The network element must authenticate all network-connected endpoint devices before establishing any connection.

    Without authenticating devices, unidentified or unknown devices may be introduced, thereby facilitating malicious activity. For distributed architectures (e.g., service-oriented architectures), th...
    Rule Medium Severity
    Show

  • SRG-NET-000352

    Group
    Show

  • SRG-NET-000369

    Group
    Show

  • AOS, in conjunction with a remote device, must prevent the device from simultaneously establishing nonremote connections with the system and communicating via some other connection to resources in external networks.

    Split tunneling would in effect allow unauthorized external connections, making the system more vulnerable to attack and to exfiltration of organizational information. This requirement applies to ...
    Rule Medium Severity
    Show

  • SRG-NET-000070

    Group
    Show

  • SRG-NET-000512

    Group
    Show

  • The site must conduct continuous wireless Intrusion Detection System (IDS) scanning.

    DOD networks are at risk and DOD data could be compromised if wireless scanning is not conducted to identify unauthorized wireless local area network (WLAN) clients and access points connected to o...
    Rule Medium Severity
    Show

  • SRG-NET-000131

    Group
    Show

  • AOS, when configured as a WLAN bridge, must not be configured to have any feature enabled that calls home to the vendor.

    Call-home services will routinely send data such as configuration and diagnostic information to the vendor for routine or emergency analysis and troubleshooting. There is a risk that transmission...
    Rule Medium Severity
    Show

Node 2

siemur/test-space

The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.

Capacity
Modules