Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-80255 | KNOX-08-018100 | SV-94959r1_rule | Medium |
Description |
---|
If no authentication is required to establish personal hotspot connections, an adversary may be able to use that device to perform attacks on other devices or networks without detection. A sophisticated adversary may also be able to exploit unknown system vulnerabilities to access information and computing resources on the device. Requiring authentication to establish personal hotspot connections mitigates this risk. Application note: If hotspot functionality is permitted, it must be authenticated via a pre-shared key. There is no requirement to enable hotspot functionality. SFR ID: FMT_SMF_EXT.1.1 #41a |
STIG | Date |
---|---|
Samsung Android OS 8 with Knox 3.x COBO Use Case Security Technical Implementation Guide | 2018-11-30 |
Check Text ( C-79927r1_chk ) |
---|
Review Samsung Android 8 with Knox configuration settings to determine if the mobile device has enabled authentication of personal hotspot connections to the device using a pre-shared key. This validation procedure is performed on both the MDM Administration Console and the Samsung Android 8 with Knox device. On the MDM console, do the following: 1. Ask the MDM Administrator to display the "Allow Unsecured Hotspot" check box in the "WiFi Policy" rule. 2. Verify the check box is not selected. On the Samsung Android 8 with Knox device, do the following: 1. Open the device settings. 2. Select "Connections". 3. Select "Mobile Hotspot and Tethering". 4. Select "Mobile hotspot". 5. Select "Configure Mobile hotspot" more options. 6. Verify the user cannot save the configuration with security set to "Open". If the MDM console "Allow Unsecured Hotspot" check box is selected or the Samsung Android 8 with Knox device can be configured as a Mobile Hotspot with Open Security, this is a finding. |
Fix Text (F-87061r1_fix) |
---|
Configure Samsung Android 8 with Knox to enable authentication of personal hotspot connections to the device using a pre-shared key. On the MDM console, deselect the "Allow Unsecured Hotspot" check box in the "WiFi Policy" rule. |