Samsung Knox Android must be able to filter both inbound and outbound traffic based on IP address and UDP/TCP port.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-48273 | KNOX-23-012900 | SV-61145r1_rule | Low |
| Description |
|---|
| Open ports provide an attack surface that an adversary can then potentially use to breach system security. If an adversary can communicate with the mobile device from any IP address, then the device may be open to any other device on the Internet. Reducing the attack surface through IP address and port restrictions mitigates this risk. SFR ID: FMT_SMF.1.1 #42 |
| STIG | Date |
|---|---|
| Samsung Android (with Knox 1.x) STIG | 2014-04-22 |
Details
| Check Text ( C-50705r3_chk ) |
|---|
| Note: This validation procedure is not applicable where the command responsible for the mobile device does not have a host-based firewall policy for such devices. There is no DoD-wide rule set for mobile operating systems. This validation procedure is performed on both the MDM Administration Console and the Samsung Knox Android device. Check whether the appropriate setting is configured on the MDM Administration Console: 1. Ask the MDM administrator to display the address/port restrictions configured in the "Android Firewall" rule. 2. Print or copy these so that they are available for the validation procedure to be performed on each sampled device. On the Samsung Knox Android device: 1. Open the device Internet Browser. 2. Attempt to navigate to a blocked IP address or port. 3. Verify the attempt fails. If it is feasible to access a blocked IP address or port, this is a finding. |
| Fix Text (F-51881r1_fix) |
|---|
| Configure the mobile operating system to filter both inbound and outbound traffic based on IP address and UDP/TCP port. On the MDM Console, enter the allowed and denied IP addresses and ports in the "Android Firewall" rule. |