UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

Samsung Knox Android must be able to filter both inbound and outbound traffic based on IP address and UDP/TCP port.


Overview

Finding ID Version Rule ID IA Controls Severity
V-48273 KNOX-23-012900 SV-61145r1_rule Low
Description
Open ports provide an attack surface that an adversary can then potentially use to breach system security. If an adversary can communicate with the mobile device from any IP address, then the device may be open to any other device on the Internet. Reducing the attack surface through IP address and port restrictions mitigates this risk. SFR ID: FMT_SMF.1.1 #42
STIG Date
Samsung Android (with Knox 1.x) STIG 2014-04-22

Details

Check Text ( C-50705r3_chk )
Note: This validation procedure is not applicable where the command responsible for the mobile device does not have a host-based firewall policy for such devices. There is no DoD-wide rule set for mobile operating systems.

This validation procedure is performed on both the MDM Administration Console and the Samsung Knox Android device.

Check whether the appropriate setting is configured on the MDM Administration Console:
1. Ask the MDM administrator to display the address/port restrictions configured in the "Android Firewall" rule.
2. Print or copy these so that they are available for the validation procedure to be performed on each sampled device.

On the Samsung Knox Android device:
1. Open the device Internet Browser.
2. Attempt to navigate to a blocked IP address or port.
3. Verify the attempt fails.

If it is feasible to access a blocked IP address or port, this is a finding.
Fix Text (F-51881r1_fix)
Configure the mobile operating system to filter both inbound and outbound traffic based on IP address and UDP/TCP port.

On the MDM Console, enter the allowed and denied IP addresses and ports in the "Android Firewall" rule.