iCompaas Support

Profile Applicability:
 • Level 1

Description:
 Wireless network interfaces can introduce security risks if left enabled on systems that do not require wireless connectivity. Disabling these interfaces reduces the attack surface and prevents unauthorized wireless connections.

Rationale:
 Disabling unused wireless interfaces helps minimize potential unauthorized access and mitigates risks associated with wireless communication vulnerabilities.

Impact:
 Pros:

• Reduces attack surface related to wireless networks.
  

• Limits exposure to wireless-based attacks.
  

Cons:

• Disabling wireless on systems that require it may disrupt connectivity.
  

Default Value:
 Wireless interfaces may be enabled or disabled by default depending on system configuration.

Pre-requisites:

• Root or sudo privileges to manage network interfaces.
  

Remediation:

Test Plan:

Using Linux command line:

1. List wireless interfaces:

iw dev

2. Check status of wireless interfaces:

nmcli radio wifi

3. Verify wireless interfaces are disabled or down.

Implementation Plan:

Using Linux command line:

1. Disable wireless interfaces:

nmcli radio wifi off

2. Alternatively, bring interfaces down manually:

ip link set <interface_name> down

3. Verify interfaces are disabled:

nmcli radio wifi  
iw dev

Backout Plan:

Using Linux command line:

1. Re-enable wireless interfaces if needed:

nmcli radio wifi on

2. Bring interfaces up manually:

ip link set <interface_name> up

3. Verify connectivity.

References:

• CIS Amazon Linux 2 Benchmark v3.0.0
  

• NetworkManager nmcli Documentation
  

• Linux Wireless Tools