Detections
Analytics

2.4.1 Ensure Show Wi-Fi status in Menu Bar Is Enabled

Information

The Wi-Fi status in the menu bar indicates if the system's wireless internet capabilities are enabled. If so, the system will scan for available wireless networks in order to connect. At the time of this revision, all computers Apple builds have wireless network capability, which has not always been the case. This control only pertains to systems that have a wireless NIC available. Operating systems running in a virtual environment may not score as expected, either.

Rationale:

Enabling 'Show Wi-Fi status in menu bar' is a security awareness method that helps mitigate public area wireless exploits by making the user aware of their wireless connectivity status.

Impact:

The user of the system should have a quick check on their wireless network status available.

Solution

Profile Method:
Create or edit a configuration profile with the following information:

The PayloadType string is com.apple.controlcenter

The key to include is WiFi

The key must be set to <integer>18</integer>

Additional Information:

AirPort is Apple's marketing name for its 802.11x based wireless network interfaces.

Option-click the Wifi icon in the menu bar to find out more information about the connected wireless network.

To verify individual users:

Audit:

Graphical Method:

Perform the following steps to verify that the Wi-Fi status shows in the menu bar:

Open System Settings

Select Control Center

Verify that Wi-Fi is set to Show in Menu Bar

Terminal Method:

For each user, run the following command to verify that Wi-Fi status is enabled in the menu bar:

$ /usr/bin/sudo -u <username> /usr/bin/defaults -currentHost read com.apple.controlcenter.plist WiFi

2

Note: If the settings has not been changed from the default, then this audit will fail on the command line. Follow the remediation instructions to verify that it is set to a disabled status.

example:

$ /usr/bin/sudo -u firstuser /usr/bin/defaults -currentHost read com.apple.controlcenter.plist WiFi

2

Remediation:

Graphical Method:

Perform the following steps to enable Wi-Fi status in the menu bar:

Open System Settings

Select Control Center

Set Wi-Fi to Show in Menu Bar

Terminal Method:

For each user, run the following command to enable Wi-Fi status in the menu bar:

$ /usr/bin/sudo -u <username> /usr/bin/defaults -currentHost write com.apple.controlcenter.plist WiFi -int 2

example:

$ /usr/bin/sudo -u firstuser /usr/bin/defaults -currentHost write com.apple.controlcenter.plist WiFi -int 2

See Also

https://workbench.cisecurity.org/benchmarks/14561

Item Details

Category: ACCESS CONTROL, CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION

References: 800-53|AC-18, 800-53|CM-6, 800-53|CM-7, 800-53|SC-23, CSCv7|15.4, CSCv7|15.5

Plugin: Unix

Control ID: f69cb0e4724f25af824ae3eed28340dd94b07cebb812ca7051a0ab8a0e1360bd