TD0751: Update to Wireless Threat Location Detection Scope
Publication Date
2023.06.05
Protection Profiles
MOD_WIDS_V1.0
Other References
FAU_INV_EXT.3.1, MOD_WIDS_V1.0-SD
Issue Description
The SFR FAU_INV_EXT.3.1 contains the following requirement for MOD_WIDS_V1.0: FAU_INV_EXT.3.1: The TSF shall detect the physical location of APs and EUDs to within [assignment: value equal or less than 25] feet of their actual location.
The following test is required for the above: Test 1: Step 1: Deploy an AP within range of the sensors. Step 2: Verify the TSF provides location tracking information about the AP. Step 3: Verify the AP location presented is within 25 feet actual location. The above SFR/test can be interpreted that it is required that the locations of all AP/EUDs in the sensors range be tracked. This could be an issue when the wireless sensor is deployed in an RF-dense area, such as an un-shielded building in a dense, urban environment, or in a multi-tenant office space. This would dramatically increase the number of benign devices that need to be identified and tracked, and likely will lead to a high false positive ratio and performance degradation. Limiting the scope of the requirement to APs/EUDs that have been deemed rogue due to hitting a wireless threat signature and/or allowlist APs/EUDs would prevent the wireless sensors from suffering with performance in large environments. Resolution
FAU_INV_EXT.3.1 in MOD_WIDS_V1.0 is modified as follows, with red highlighted strikethroughs denoting deletions and green highlighted underlines denoting additions: FAU_INV_EXT.3.1 The TSF shall detect the physical location of rogue APs and EUDs, and [selection: allow-listed APs, allow-listed EUDS, neighboring AP, and EUDs, no other devices] to within [assignment: value equal or less than 25 feet]. Test 1 for FAU_INV_EXT.1 in the MOD_WIDS_V1.0 SD is modified as follows, with red highlighted strikethroughs enoting deletions and green highlighted underlines denoting additions: Test 1: Step 1: Deploy an AP within range 25 feet of the sensors. Step 2: Verify the TSF provides location tracking information about the AP. Step 3: Verify the AP location presented is within 25 feet of the actual location.
Justification
See issue description. |