STIGQter: STIG Summary: WLAN Access Point (Internet Gateway Only Connection) Security Technical Implementation Guide (STIG) Version: 6 Release: 14 Benchmark Date: 27 Apr 2018: STIGQter: STIG Summary: WLAN Access Point (Internet Gateway Only Connection) Security Technical Implementation Guide (STIG) Version: 6 Release: 14 Benchmark Date: 27 Apr 2018:SV-15657r1_rule
V-14889
Interception of WLAN signals
WIR0120
CAT III
10
Move APs to areas in which signals do not emanate in a manner making them usable outside the areas authorized for WLAN access. Alternatively, replace omni-directional antennae with directional antennae if this will solve the problem. If these solutions are not effective, then adjust the transmission power settings on the AP to reduce the usability of signals in unauthorized areas. If the WLAN equipment does not allow the transmission power to be adjusted, and the APs are placed in a location where the IAO determines there is significant risk that an adversary could be present in location where signals may be intercepted, then the site should procure WLAN equipment that permits power adjustment.
Review documentation and inspect AP locations.
1. Review documentation showing signal strength analysis from site survey activities, if available.
2. Use testing equipment or WLAN clients to determine if the signal strength is, in the reviewer’s judgment, excessively outside the required area (e.g., strong signal in the parking area, public areas, or uncontrolled spaces).
3. Lower end APs will not have this setting available—in this case, the site should locate the APs away from exterior walls to achieve compliance with this requirement.
4. Mark as a finding if any of the following is found.
o Visual inspection of equipment shows obvious improper placement of APs where it will emanate into uncontrolled spaces (e.g., next to external walls, windows, or doors; uncontrolled areas; or public areas).
o Building walk-through testing shows signals of sufficient quality and strength to allow wireless access to exist in areas not authorized for WLAN access.
V-14889
False
WIR0120
Review documentation and inspect AP locations.
1. Review documentation showing signal strength analysis from site survey activities, if available.
2. Use testing equipment or WLAN clients to determine if the signal strength is, in the reviewer’s judgment, excessively outside the required area (e.g., strong signal in the parking area, public areas, or uncontrolled spaces).
3. Lower end APs will not have this setting available—in this case, the site should locate the APs away from exterior walls to achieve compliance with this requirement.
4. Mark as a finding if any of the following is found.
o Visual inspection of equipment shows obvious improper placement of APs where it will emanate into uncontrolled spaces (e.g., next to external walls, windows, or doors; uncontrolled areas; or public areas).
o Building walk-through testing shows signals of sufficient quality and strength to allow wireless access to exist in areas not authorized for WLAN access.
M
System Administrator
545