4.3 Create network specific locations

Information

Network locations allow the computer to have specific configurations ready for network access when required. Locations can be used to manage which network interfaces are available for specialized network access.

Open System Preferences: Network
Verify each network location is set up properly.

NOTE: Nessus has not performed this check. Please review the benchmark to ensure target compliance.

Solution

Create multiple network locations as needed.
Delete the Automatic location for any device that does not use multiple network services set for DHCP or dynamic addressing. If network services like FireWire, VPN, AirPort or Ethernet are not used by a specific device class those services should be deleted:
1. Select Edit Locations from the Locations popup menu.
2. Select the Automatic location.
3. Click the minus button for any unneeded service.

Unneeded network interfaces increases the attack surface and could lead to a successful exploit.

See Also

https://workbench.cisecurity.org/files/301