Back

Disable Wireless Zero Configuration service unless Wireless Zero Configuration service use is absolutely necessary.


CONTROL ID
04294
CONTROL TYPE
Configuration
CLASSIFICATION
Preventive

SUPPORTING AND SUPPORTED CONTROLS



This Control directly supports the implied Control(s):
  • Disable all unnecessary services unless otherwise noted in a policy exception., CC ID: 00880

There are no implementation support Controls.


SELECTED AUTHORITY DOCUMENTS COMPLIED WITH



  • The Windows Wireless Zero Configuration (WZC) has several existing vulnerabilities. To reduce the possibility of the exploitation of these vulnerabilities, the organization should disable WZC on Windows 2000 and should install SP2 or greater for Windows XP systems. Verify wireless NICs can operate w… (§ 2.3.2 (2.3.2.070), The Center for Internet Security Wireless Networking Benchmark, 1)
  • For Windows 2003 Server, the organization must configure the permissions for Wireless Configuration (WZCSVC) to Administrators: Full Control; System: Read; and System: Start, Stop, and Pause. (Table F-2, CMS Business Partners Systems Security Manual, Rev. 10)
  • The Wireless Zero Configuration service should be disabled. The service should be documented if enabling it is required. (§ 5.2.2.1, DISA Windows Server 2003 Security Checklist, Version 6 Release 1.11)
  • The Wireless Zero Configuration service should be Disabled, unless absolutely necessary. If it is Enabled, there should be a documented and justified reason. (§ 5.2.2.1, DISA Windows XP Security Checklist, Version 6 Release 1.11)
  • Laptops running any version of Windows should ensure that the Windows Zero Configuration (WZC) service is disabled. This setting should be verified each time new software is added or the operating system software is updated. Use the following steps to inspect all Windows laptops with WLAN access to… (§ 3.2 (WIR0163), DISA WIRELESS SECURITY CHECKLIST, Version 5, Release 2.2, Version 5, Release 2.2)
  • If a computer has a wireless NIC, it will automatically attempt to join a wireless network. This could lead to the computer connecting to a hostile network and being attacked. This setting should be set to not automatically connect to wireless networks. (§ 3.1.1, Guidance for Securing Microsoft Windows XP Systems for IT Professionals, NIST SP 800-68, Revision 1)