WLAN signals must not be intercepted outside areas authorized for WLAN access.
An XCCDF Rule
Description
<VulnDiscussion>Most commercially available WLAN equipment is preconfigured for signal power appropriate to most applications of the WLAN equipment. In some cases, this may permit the signals to be received outside the physical areas for which they are intended. This can occur when the intended area is relatively small, such as a conference room, or when the access point is placed near or window or wall, thereby allowing signals to be received in neighboring areas. In such cases, an adversary may be able to compromise the site's posture by measuring the presence of the signal and the quantity of data transmitted to obtain information about when personnel are active and what they are doing. If the signal is not appropriately protected through defense-in-depth mechanisms, the adversary could possibly use the connection to access DoD networks and sensitive information.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>
- ID
- SV-243223r720124_rule
- Severity
- Low
- References
- Updated
Remediation - Manual Procedure
Move access points to areas in which signals do not emanate in a way that makes them usable outside the areas authorized for WLAN access.
Alternatively, replace omni-directional antennae with directional antennae if this will solve the problem.
If these solutions are not effective, adjust the transmission power settings on the access point to reduce the usability of signals in unauthorized areas.