Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-48289 | KNOX-23-013400 | SV-61161r1_rule | Medium |
Description |
---|
Proxy servers can inspect traffic for malware and other signs of a security attack. Allowing a mobile device to access the public Internet without proxy server inspection forgoes the protection that the proxy server would otherwise provide. Malware downloaded onto the device could have a wide variety of malicious consequences, including loss of sensitive DoD information. Forcing traffic to flow through a proxy server greatly mitigates the risk of access to public Internet resources. SFR ID: FMT_SMF.1.1 #42 |
STIG | Date |
---|---|
Samsung Android (with Knox 1.x) STIG | 2014-04-22 |
Check Text ( C-50719r3_chk ) |
---|
This validation procedure is performed on the MDM Administration Console only. Check whether the appropriate setting is configured on the MDM Administration Console: 1. Ask the MDM administrator to display the "Web Proxy" field in the "Android Restrictions" rule. 2. Verify this field contains both an IP address and port of a DoD proxy or content filtering server using the format [IP Address]:[port number]. Note: If the format is not correct, the setting may not be enforced. If a proxy or web content filtering server is not configured on the MDM console using the format [IP Address]:[port number], this is a finding. |
Fix Text (F-51895r2_fix) |
---|
Disable browsers that do not support a feature to direct all traffic to a designated proxy server. Configure browsers that support this functionality to direct all traffic to a designated proxy server. On the MDM Administration Console, enter the both IP address and port of the DoD proxy in the "Web Proxy" field in the "Android Knox Restrictions" rule. The format must be [IP Address]:[port number]. Note: This setting only applies to the stock browser, but third party browsers would have to be whitelisted prior to operation. |