BlackBerry 10 OS must prevent a user from using a browser that does not direct its VPN traffic to a DoD proxy server.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-38314	BB10-00-000340	SV-50114r2_rule		Medium

Description
Proxy servers can inspect traffic for malware and other signs of a security attack. Allowing a mobile device to access the public Internet without proxy server inspection forgoes the protection that the proxy server would otherwise provide. Malware downloaded onto the device could have a wide variety of malicious consequences, including loss of sensitive DoD information. Forcing traffic to flow through a proxy server greatly mitigates the risk of access to public Internet resources.

Description

Proxy servers can inspect traffic for malware and other signs of a security attack. Allowing a mobile device to access the public Internet without proxy server inspection forgoes the protection that the proxy server would otherwise provide. Malware downloaded onto the device could have a wide variety of malicious consequences, including loss of sensitive DoD information. Forcing traffic to flow through a proxy server greatly mitigates the risk of access to public Internet resources.

STIG	Date
BlackBerry 10 OS Security Technical Implementation Guide	2014-08-27

Details

Check Text ( C-45861r3_chk )
From either the Work Space or Personal Space, navigate to "Settings -> Network Connections -> VPN -> Edit". For each VPN profile, expand the configuration to "Advanced" and ensure the "Use Proxy" checkbox is checked and grayed out, with appropriate proxy information filled out (such as: "Proxy Server", "Proxy Port", "Username", "Password"). If the "Use Proxy" checkbox is unchecked, this is a finding. NOTE: Proxy server information can be configured on the VPN profile. When configured, all traffic, including browser traffic, will flow through the configured proxy server.

Check Text ( C-45861r3_chk )

From either the Work Space or Personal Space, navigate to "Settings -> Network Connections -> VPN -> Edit". For each VPN profile, expand the configuration to "Advanced" and ensure the "Use Proxy" checkbox is checked and grayed out, with appropriate proxy information filled out (such as: "Proxy Server", "Proxy Port", "Username", "Password"). If the "Use Proxy" checkbox is unchecked, this is a finding.

NOTE: Proxy server information can be configured on the VPN profile. When configured, all traffic, including browser traffic, will flow through the configured proxy server.

Fix Text (F-43252r2_fix)
On BlackBerry Device Service, open the affected VPN Profile for edit, and set "Associated Proxy Profile" to the preconfigured Proxy Profile for DoD use.