UCF STIG Viewer Logo

The mobile operating system must be able to filter both inbound and outbound traffic based on IP address and UDP/TCP port.


Overview

Finding ID Version Rule ID IA Controls Severity
KNOX-06-001900 KNOX-06-001900 KNOX-06-001900_rule Low
Description
Open ports provide an attack surface that an adversary can then potentially use to breach system security. If an adversary can communicate with the mobile device from any IP address, then the device may be open to any other device on the Internet. Reducing the attack surface through IP address and port restrictions mitigates this risk.
STIG Date
Samsung Knox Android 1.0 STIG 2013-05-03

Details

Check Text ( C-KNOX-06-001900_chk )
This check procedure is performed on both the MDM Administration Console and the Samsung Knox Android device.

Check that the appropriate setting is configured on the MDM server.

For example, on the Fixmo Sentinel Administration Console:
1. Ask the MDM administrator to display the address/port restrictions configured in the "Android Firewall" rule.
2. Print or copy these so that they are available for the check procedure to be performed on each sampled device.

On the Samsung Knox Android device:
1. Open the device Internet Browser.
2. Attempt to navigate to a blocked IP address and port.
3. Verify the attempt fails.

If it is feasible to access a blocked IP address or port, this is a finding.
Fix Text (F-KNOX-06-001900_fix)
Configure the mobile operating system to filter both inbound and outbound traffic based on IP address and UDP/TCP port.

For example, on the Fixmo Sentinel Administration Console, enter the allowed and denied IP addresses and ports in the "Android Firewall" rule.