BlackBerry 10 OS must prevent a user from using a browser that does not direct its Wi-Fi traffic to a DoD proxy server.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-38313	BB10-00-000330	SV-50113r2_rule		Medium

Description
Proxy servers can inspect traffic for malware and other signs of a security attack. Allowing a mobile device to access the public Internet without proxy server inspection forgoes the protection that the proxy server would otherwise provide. Malware downloaded onto the device could have a wide variety of malicious consequences, including loss of sensitive DoD information. Forcing traffic to flow through a proxy server greatly mitigates the risk of access to public Internet resources.

Description

Proxy servers can inspect traffic for malware and other signs of a security attack. Allowing a mobile device to access the public Internet without proxy server inspection forgoes the protection that the proxy server would otherwise provide. Malware downloaded onto the device could have a wide variety of malicious consequences, including loss of sensitive DoD information. Forcing traffic to flow through a proxy server greatly mitigates the risk of access to public Internet resources.

STIG	Date
BlackBerry 10 OS Security Technical Implementation Guide	2014-08-27

Details

Check Text ( C-45860r3_chk )
From either the Work Space or Personal Space, navigate to "Settings -> Network Connections -> Wi-Fi -> Saved Networks". For each saved network, ensure "Use HTTP Proxy" is set to "On" and grayed out with appropriate proxy information filled out (such as: "Proxy Server", "Proxy Port", "Username", "Password"). If "Use HTTP Proxy" is set to "Off", this is a finding. NOTE: Proxy server information can be configured on the Wi-Fi profile. When configured, all traffic, including browser traffic, will flow through the configured proxy server.

Check Text ( C-45860r3_chk )

From either the Work Space or Personal Space, navigate to "Settings -> Network Connections -> Wi-Fi -> Saved Networks". For each saved network, ensure "Use HTTP Proxy" is set to "On" and grayed out with appropriate proxy information filled out (such as: "Proxy Server", "Proxy Port", "Username", "Password"). If "Use HTTP Proxy" is set to "Off", this is a finding.

NOTE: Proxy server information can be configured on the Wi-Fi profile. When configured, all traffic, including browser traffic, will flow through the configured proxy server.

Fix Text (F-43251r2_fix)
On BlackBerry Device Service, open the affected Wi-Fi Profile for edit, and set "Associated Proxy Profile" to the preconfigured Proxy Profile for DoD use.