2.5.1 Disable "Wake for network access"

Information

This feature allows other users to be able to access your computer#x2019;s shared resources, such as shared printers or iTunes playlists, even when your computer is in sleep mode Disabling this feature mitigates the risk of an attacker remotely waking the system and gaining access.

Solution

Perform the following to implement the prescribed state: Run the following command in Terminal: sudo pmset -a womp 0 Note: The -c flag means "wall power." Different settings must be used for other power sources. Impact: Management programs like Apple Remote Desktop Administrator use this feature to wake computers. If turned off, such management programs will not be able to wake a computer over the LAN. If the wake-on-LAN feature is needed, do not turn off this feature.

See Also

https://workbench.cisecurity.org/files/299

Item Details

Category: ACCESS CONTROL

References: 800-53|AC-11

Plugin: Unix

Control ID: 82f2118c458fb7aed290e07cb864649f4924457cff57ead48cbc7bb8d4242939