Deactivate Wireless Network Interfaces

Docs > Datadog Security > OOTB Rules > Deactivate Wireless Network Interfaces

Classification:

compliance

Framework:

Control:

Description

Deactivating wireless network interfaces should prevent normal usage of the wireless capability.

Configure the system to disable all wireless network interfaces with the following command:

$ sudo nmcli radio all off

Rationale

The use of wireless networking can introduce many different attack vectors into the organization’s network. Common attack vectors such as malicious association and ad hoc networks will allow an attacker to spoof a wireless access point (AP), allowing validated systems to connect to the malicious AP and enabling the attacker to monitor and record network traffic. These malicious APs can also serve to create a man-in-the-middle attack or be used to create a denial of service to valid network resources.

Remediation

Shell script

The following script can be run on the host to remediate the issue.

DEBIAN\_FRONTEND=noninteractive apt-get install -y "network-manager"

nmcli radio all off

Ansible playbook

The following playbook can be run with Ansible to remediate the issue.

- name: Gather the package facts
 package\_facts:
 manager: auto
 tags:
 - DISA-STIG-UBTU-20-010455
 - NIST-800-171-3.1.16
 - NIST-800-53-AC-18(3)
 - NIST-800-53-AC-18(a)
 - NIST-800-53-CM-6(a)
 - NIST-800-53-CM-7(a)
 - NIST-800-53-CM-7(b)
 - NIST-800-53-MP-7
 - PCI-DSS-Req-1.3.3
 - PCI-DSSv4-1.4.3
 - low\_complexity
 - medium\_disruption
 - medium\_severity
 - no\_reboot\_needed
 - unknown\_strategy
 - wireless\_disable\_interfaces

- name: Ensure NetworkManager is installed
 ansible.builtin.package:
 name: '{{ item }}'
 state: present
 with\_items:
 - NetworkManager
 tags:
 - DISA-STIG-UBTU-20-010455
 - NIST-800-171-3.1.16
 - NIST-800-53-AC-18(3)
 - NIST-800-53-AC-18(a)
 - NIST-800-53-CM-6(a)
 - NIST-800-53-CM-7(a)
 - NIST-800-53-CM-7(b)
 - NIST-800-53-MP-7
 - PCI-DSS-Req-1.3.3
 - PCI-DSSv4-1.4.3
 - low\_complexity
 - medium\_disruption
 - medium\_severity
 - no\_reboot\_needed
 - unknown\_strategy
 - wireless\_disable\_interfaces

- name: Deactivate Wireless Network Interfaces
 command: nmcli radio wifi off
 when: '''NetworkManager'' in ansible\_facts.packages'
 tags:
 - DISA-STIG-UBTU-20-010455
 - NIST-800-171-3.1.16
 - NIST-800-53-AC-18(3)
 - NIST-800-53-AC-18(a)
 - NIST-800-53-CM-6(a)
 - NIST-800-53-CM-7(a)
 - NIST-800-53-CM-7(b)
 - NIST-800-53-MP-7
 - PCI-DSS-Req-1.3.3
 - PCI-DSSv4-1.4.3
 - low\_complexity
 - medium\_disruption
 - medium\_severity
 - no\_reboot\_needed
 - unknown\_strategy
 - wireless\_disable\_interfaces