Information
Wireless networking is used when wired networks are unavailable.
-IF- wireless is not to be used, wireless devices can be disabled to reduce the potential attack surface.
Solution
Run the following command to disable any wireless interfaces:
# find /lib/modules/`uname -r`/kernel/drivers/net/wireless -name '*.ko' -printf 'install %f /bin/false\nblacklist %f\n\n' | sed 's/\.ko//1' >> /etc/modprobe.d/blacklist-wireless.conf
Note: the *.conf file in /etc/modprobe.d/ in the above command can renamed as needed.
Impact:
Many if not all laptop workstations and some desktop workstations will connect via wireless requiring these interfaces be enabled.