BlackBerry 10 OS must prevent a user from using a browser that does not direct its traffic to a DoD proxy server.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-47209	BB10-2X-000330	SV-60081r1_rule		Medium

Description
Proxy servers can inspect traffic for malware and other signs of a security attack. Allowing a mobile device to access the public Internet without proxy server inspection forgoes the protection that the proxy server would otherwise provide. Malware downloaded onto the device could have a wide variety of malicious consequences, including loss of sensitive DoD information. Forcing traffic to flow through a proxy server greatly mitigates the risk of access to public Internet resources.

Description

Proxy servers can inspect traffic for malware and other signs of a security attack. Allowing a mobile device to access the public Internet without proxy server inspection forgoes the protection that the proxy server would otherwise provide. Malware downloaded onto the device could have a wide variety of malicious consequences, including loss of sensitive DoD information. Forcing traffic to flow through a proxy server greatly mitigates the risk of access to public Internet resources.

STIG	Date
BlackBerry 10.2.x OS Security Technical Implementation Guide	2014-04-10

Details

Check Text ( C-50035r1_chk )
From either the Work Space or Personal Space, navigate to "Settings -> Network Connections -> Wi-Fi -> Saved Networks". For each saved network, ensure "Use HTTP Proxy" is set to "On" and grayed out with appropriate proxy information filled out (such as: "Proxy Server", "Proxy Port", "Username", "Password"). If "Use HTTP Proxy" is set to "Off", this is a finding. NOTE: Proxy server information can be configured on the Wi-Fi profile. When configured, all traffic, including browser traffic, will flow through the configured proxy server.

Check Text ( C-50035r1_chk )

From either the Work Space or Personal Space, navigate to "Settings -> Network Connections -> Wi-Fi -> Saved Networks". For each saved network, ensure "Use HTTP Proxy" is set to "On" and grayed out with appropriate proxy information filled out (such as: "Proxy Server", "Proxy Port", "Username", "Password"). If "Use HTTP Proxy" is set to "Off", this is a finding.

NOTE: Proxy server information can be configured on the Wi-Fi profile. When configured, all traffic, including browser traffic, will flow through the configured proxy server.

Fix Text (F-50913r1_fix)
On BlackBerry Device Service, open the affected Wi-Fi Profile for edit, and set "Associated Proxy Profile" to the preconfigured Proxy Profile for DoD use.