The BlackBerry Device Service server must be able to filter both inbound and outbound traffic based on IP address and UDP/TCP port.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
BBDS-00-000330	BBDS-00-000330	BBDS-00-000330_rule		High

Description
A host-based boundary protection mechanism is a host-based firewall. Host-based boundary protection mechanisms are employed on mobile devices, such as notebook/laptop computers, and other types of mobile devices where such boundary protection mechanisms are available. This helps mitigate attacks at the network interface.

STIG	Date
BlackBerry Device Service 6.2 STIG	2013-05-03

Details

Check Text ( C-BBDS-00-000330_chk )
Examine the server configuration to determine if there is a DoD approved host-based firewall installed, and configured to filter both inbound and outbound traffic based on IP address and UDP/TCP port. If no firewall is installed, this is a finding. If a non-approved firewall is installed, this is a finding. Access to the host server for the BlackBerry Device Service is controlled by the host Operating System. Connection ports and protocols for communication with the BlackBerry Device Service can be configured during installation or after installation, if required, using the BlackBerry Device Service Configuration tool. You can use the BlackBerry Device Service Configuration tool to configure the settings that the BlackBerry Device Service uses. You can change settings for BlackBerry Device Service components such as the BlackBerry Configuration Database (for example, port configuration and database authentication) and the BlackBerry Administration Service (for example, pool name, port numbers, and web keystore password). 1. On a computer that hosts a BlackBerry Device Service component, on the taskbar, click Start > All Programs > BlackBerry Enterprise Service 10 > BlackBerry Device Service > BlackBerry Device Service Configuration. 2. If a Windows message appears and requests permission to make changes to the computer, click Yes. 3. In the BlackBerry Device Service Configuration tool, make changes on the appropriate tabs. For additional options and detailed instructions see the accompanying Overview document and the "Configuring connection types and port numbers" section of the BlackBerry Enterprise Service 10 BlackBerry Device Service Version: 6.2 Administration Guide for details and options.

Check Text ( C-BBDS-00-000330_chk )

Examine the server configuration to determine if there is a DoD approved host-based firewall installed, and configured to filter both inbound and outbound traffic based on IP address and UDP/TCP port. If no firewall is installed, this is a finding. If a non-approved firewall is installed, this is a finding.

Access to the host server for the BlackBerry Device Service is controlled by the host Operating System.

Connection ports and protocols for communication with the BlackBerry Device Service can be configured during installation or after installation, if required, using the BlackBerry Device Service Configuration tool.

You can use the BlackBerry Device Service Configuration tool to configure the settings that the BlackBerry Device Service uses. You can change settings for BlackBerry Device Service components such as the BlackBerry Configuration Database (for example, port configuration and database authentication) and the BlackBerry Administration Service (for example, pool name, port numbers, and web keystore password).

1. On a computer that hosts a BlackBerry Device Service component, on the taskbar, click Start > All Programs >
BlackBerry Enterprise Service 10 > BlackBerry Device Service > BlackBerry Device Service Configuration.
2. If a Windows message appears and requests permission to make changes to the computer, click Yes.
3. In the BlackBerry Device Service Configuration tool, make changes on the appropriate tabs.

For additional options and detailed instructions see the accompanying Overview document and the "Configuring connection types and port numbers" section of the BlackBerry Enterprise Service 10 BlackBerry Device Service Version: 6.2 Administration Guide for details and options.

Fix Text (F-BBDS-00-000330_fix)
Remove any non-approved firewalls if present. Install a DoD approved host-based firewall, and configure to filter both inbound and outbound traffic based on IP address and UDP/TCP port.