Title

LG Android 6.x must be configured to disable VPN split-tunneling. (Cat II impact)

Discussion

Spilt-tunneling allows multiple simultaneous remote connections to the mobile device. Without VPN split-tunneling disabled, malicious applications can covertly off-load device data to a third-party server or set up a trusted tunnel between a non-DoD third-party server and a DoD network, providing a vector to attack the network. SFR ID: FMT_SMF_EXT.1.1 #45

Check Content

This validation procedure is performed on both the MDM Administration Console and the LG Android device. On the MDM console, do the following: 1. Ask the MDM administrator to display the "Allow VPN Split Tunneling" setting in the MDM console. 2. Verify the setting for the VPN Split Tunneling is disabled. 3. Verify the policy has been assigned to all groups. On the LG Android device: 1. Unlock the device. 2. Navigate to the VPN Split Tunneling setting: Settings >> Network >> VPN >> LG VPN >> Add LG VPN network >> Show advanced options popup. 3. Verify "Disable Split Tunneling" option is checked and cannot be changed (grayed out). If on the MDM console the "Allow VPN split tunneling" setting is enabled or the LG Android device the "Disable Split Tunneling" setting is not checked and can be changed, this is a finding.

Fix Text

Configure the mobile operating system to disable VPN split-tunneling (if the MD provides a configurable control). On the MDM Administration Console, disable the "Allow VPN split tunneling" setting.

Additional Identifiers

Rule ID: SV-81335r2_rule

Vulnerability ID: V-66845

Group Title:

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.