WLAN signals must not be intercepted outside areas authorized for WLAN access.
An XCCDF Rule
Description
Most commercially available WLAN equipment is preconfigured for signal power appropriate to most applications of the WLAN equipment. In some cases, this may permit the signals to be received outside the physical areas for which they are intended. This can occur when the intended area is relatively small, such as a conference room, or when the access point is placed near or window or wall, thereby allowing signals to be received in neighboring areas. In such cases, an adversary may be able to compromise the site's posture by measuring the presence of the signal and the quantity of data transmitted to obtain information about when personnel are active and what they are doing. If the signal is not appropriately protected through defense-in-depth mechanisms, the adversary could possibly use the connection to access DoD networks and sensitive information.
- ID
- SV-243211r856608_rule
- Version
- WLAN-NW-000800
- Severity
- Low
- References
- Updated
Remediation Templates
A Manual Procedure
Move access points to areas in which signals do not emanate in a way that makes them usable outside the areas authorized for WLAN access.
Alternatively, replace omni-directional antennae with directional antennae if this will solve the problem.
If these solutions are not effective, adjust the transmission power settings on the access point to reduce the usability of signals in unauthorized areas.
If the WLAN equipment does not allow the transmission power to be adjusted, and the access points are placed in a location where the ISSO determines there is significant risk that an adversary could be present where signals may be intercepted, the site should procure WLAN equipment that permits power adjustment.