Disable Wireless Network Administrative Interfaces
Ensure that administrative access to wireless routers cannot be done through wireless connections.
Plain language
This control ensures that people cannot access the admin settings of a wireless network through a wireless connection. This matters because if someone with bad intentions gets admin access over wireless, they could change settings and cause major problems for your network and business operations.
Framework
ASD Information Security Manual (ISM)
Control effect
Preventative
Classifications
NC, OS, P, S, TS
ISM last updated
Aug 2018
Control Stack last updated
19 Mar 2026
E8 maturity levels
N/A
Guideline
Guidelines for networkingSection
Wireless networksOfficial control statement
The administrative interface on wireless access points is disabled for wireless network connections.
Why it matters
If wireless admin access isn’t disabled on access points, nearby attackers can change settings, weakening security and causing outages.
Operational notes
Periodically confirm AP management interfaces are blocked on wireless SSIDs; manage via wired admin VLAN or VPN/jump host only.
Implementation tips
- The IT team should configure each wireless router to disable remote admin access via wireless. Use the router's settings interface to ensure that any admin access can only be done over a wired connection.
- IT support staff should review and update network policies to clearly state that admin interfaces for wireless routers are not allowed to be accessed wirelessly. Use internal documentation to communicate this policy to staff and stakeholders.
- Network administrators should regularly check router settings to confirm that wireless admin access remains disabled. Use a checklist to verify that no changes have accidentally enabled this access over time.
- The procurement officer should ensure that any new routers purchased allow admin access restrictions to be configured easily. Consult with suppliers to select equipment that supports this security feature before buying.
- The IT security team should develop a training session for relevant staff on why admin access restrictions are crucial and how to manage router settings safely. Schedule and deliver the training using easy-to-follow instructions and practical examples.
Audit / evidence tips
-
Askaccess to the network configuration documents: Request network setup procedures and router configurations
-
Aska demonstration of the current router settings: Request a live or recorded walkthrough of a router's settings showing disabled wireless admin access. Look to confirm that the option is indeed turned off
Goodoutcome is seeing this setting disabled across all wireless routers used in the organisation
-
Asklogs of changes to router settings: Request logs that detail recent changes made to router settings, including who made them and when
-
Asknetwork policy documents: Request the documents outlining network management policies related to this control
Goodincludes explicitly stated policies and dates of approval or review by management
-
Asktraining session records: Request evidence of training sessions conducted regarding this control
Cross-framework mappings
How ISM-1315 relates to controls across ISO/IEC 27001, Essential Eight, and ASD ISM.
ISO 27001
| Control | Notes | Details |
|---|---|---|
| layers Partially meets (1) expand_less | ||
| Annex A 8.20 | ISM-1315 requires organisations to disable the administrative interface on wireless access points for wireless network connections, preve... | |
| handshake Supports (1) expand_less | ||
| Annex A 8.22 | ISM-1315 requires organisations to prevent administration of wireless access points via wireless connections by disabling the wireless ad... | |
These mappings show relationships between controls across frameworks. They do not imply full equivalence or certification.