3.1.2 Ensure wireless interfaces are not available

Information

Wireless networking is used when wired networks are unavailable.

-IF- wireless is not to be used, wireless devices can be disabled to reduce the potential attack surface.

Solution

Run the following command to disable any wireless interfaces:

# find /lib/modules/`uname -r`/kernel/drivers/net/wireless -name '*.ko' -printf 'install %f /bin/false\nblacklist %f\n\n' | sed 's/\.ko//1' >> /etc/modprobe.d/blacklist-wireless.conf

Note: the *.conf file in /etc/modprobe.d/ in the above command can renamed as needed.

Impact:

Many if not all laptop workstations and some desktop workstations will connect via wireless requiring these interfaces be enabled.

See Also

https://workbench.cisecurity.org/benchmarks/21369

Item Details

Category: CONFIGURATION MANAGEMENT

References: 800-53|CM-6, 800-53|CM-7, CSCv7|15.4, CSCv7|15.5

Plugin: Unix

Control ID: fc55de285ff0604f91a40de19af9de30dd023e7e4247e7282e3d2ab55486646e