Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
KNOX-04-001300 | KNOX-04-001300 | KNOX-04-001300_rule | Medium |
Description |
---|
Authentication may occur either by reentry of the device unlock passcode at the time of connection, through another passcode with the same or stronger complexity, or through PKI certificates. Authentication mitigates the risk that an adversary who obtains physical possession of the device is not able to use the tethered connection to access sensitive data on the device or otherwise tamper with its operating system or applications. |
STIG | Date |
---|---|
Samsung Knox Android 1.0 STIG | 2013-05-03 |
Check Text ( C-KNOX-04-001300_chk ) |
---|
This check procedure is performed on both the MDM Administration Console and the Samsung Knox Android device. Check that the appropriate setting is configured on the MDM server. For example, on the Fixmo Sentinel Administration Console: 1. Ask the MDM administrator to display the "Disable USB Debugging", "Disable Vendor USB Protocol", and "Disable USB Media Player" checkboxes in the "Android Knox Base Restrictions" rule. 2. Verify all of the checkboxes are selected. On the Samsung Knox Android device: 1. With the device locked, connect the device to another device via a USB cable. 2. Verify the MOS file system is not accessible. 3. Unlock the device and open the device settings. 4. Select "Developer Options". 5. Ensure the "USB debugging" checkbox is not checked and cannot be checked by the user. If any one of the "Disable USB debugging", "Disable Vendor USB Protocol", or "Disable USB Media Player" checkboxes is not selected in Fixmo Sentinel; or if the file system is accessible via a USB connection when the device is locked; or the user can select the "USB debugging" checkbox within Samsung Knox, this is a finding. |
Fix Text (F-KNOX-04-001300_fix) |
---|
Configure the operating system to require authentication of tethered connections. For example, on the Fixmo Sentinel Administration Console, check the "Disable USB Debugging", "Disable Vendor USB Protocol", and "Disable USB Media Player" checkboxes in the "Android Knox Base Restrictions" rule. |