Proxy servers can inspect traffic for malware and other signs of a security attack. Allowing a mobile device to access the public Internet without proxy server inspection forgoes the protection that the proxy server would otherwise provide. Malware downloaded onto the device could have a wide variety of malicious consequences, including loss of sensitive DoD information. Forcing traffic to flow through a proxy server greatly mitigates the risk of access to public Internet resources.
Review the operating system and browser configuration to determine if traffic is forced through DoD proxy servers. If greater assurance is required, access a number of Internet web sites and verify traffic flows through a DoD proxy server by viewing the traffic using a network protocol analyzer or by communicating with personnel that manage the proxy server. If the device accesses any internet resource without being directed through a DoD proxy server, this is a finding.
Fix Text (F-36607r1_fix)
Disable browsers that do not support a feature to direct all traffic to a designated proxy server. Configure browsers that support this functionality to direct all traffic to a designated proxy server.