Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-33241 | SRG-OS-000231-MOS-000121 | SV-43659r2_rule | Medium |
Description |
---|
The device acts as a personal hotspot when it accepts remote connections on a local area network interface for the purposes of routing traffic to a wide area network interface. The most common implementation is to accept local area Wi-Fi connections to reach ISP service provided by a cellular data carrier. The objective is to ensure the remote devices are not able to access any applications, data, or other operating system functionality on the device. A core assumption of the MOS SRG is that mobile devices do not serve applications to remote devices. This control concerns remote access to the devices OS; if remote access to applications and data were feasible, this would open up a wide variety of vulnerabilities in which an adversary with a remote wireless capability could breach system security. Precluding this possibility greatly mitigates the risk of such an attack. |
STIG | Date |
---|---|
Mobile Operating System Security Requirements Guide | 2013-07-03 |
Check Text ( C-41537r2_chk ) |
---|
Review the mobile operating system configuration to assess how the mobile OS handles remote connections. Establish a remote connection to the device over its local area network interface. Determine if applications or data are accessible. If either an application or data is accessible, this is a finding. |
Fix Text (F-37171r1_fix) |
---|
Configure the operating system to prohibit remote access connections for anything other than personal hotspot service. |