Check: BBDS-00-000330
Policy SRG:
BBDS-00-000330
(in version v1 r1)
Title
The BlackBerry Device Service server must be able to filter both inbound and outbound traffic based on IP address and UDP/TCP port. (Cat I impact)
Discussion
A host-based boundary protection mechanism is a host-based firewall. Host-based boundary protection mechanisms are employed on mobile devices, such as notebook/laptop computers, and other types of mobile devices where such boundary protection mechanisms are available. This helps mitigate attacks at the network interface.
Check Content
Examine the server configuration to determine if there is a DoD approved host-based firewall installed, and configured to filter both inbound and outbound traffic based on IP address and UDP/TCP port. If no firewall is installed, this is a finding. If a non-approved firewall is installed, this is a finding. Access to the host server for the BlackBerry Device Service is controlled by the host Operating System. Connection ports and protocols for communication with the BlackBerry Device Service can be configured during installation or after installation, if required, using the BlackBerry Device Service Configuration tool. You can use the BlackBerry Device Service Configuration tool to configure the settings that the BlackBerry Device Service uses. You can change settings for BlackBerry Device Service components such as the BlackBerry Configuration Database (for example, port configuration and database authentication) and the BlackBerry Administration Service (for example, pool name, port numbers, and web keystore password). 1. On a computer that hosts a BlackBerry Device Service component, on the taskbar, click Start > All Programs > BlackBerry Enterprise Service 10 > BlackBerry Device Service > BlackBerry Device Service Configuration. 2. If a Windows message appears and requests permission to make changes to the computer, click Yes. 3. In the BlackBerry Device Service Configuration tool, make changes on the appropriate tabs. For additional options and detailed instructions see the accompanying Overview document and the "Configuring connection types and port numbers" section of the BlackBerry Enterprise Service 10 BlackBerry Device Service Version: 6.2 Administration Guide for details and options.
Fix Text
Remove any non-approved firewalls if present. Install a DoD approved host-based firewall, and configure to filter both inbound and outbound traffic based on IP address and UDP/TCP port.
Additional Identifiers
Rule ID:
Vulnerability ID: BBDS-00-000330
Group Title:
Expert Comments
CCIs
Number | Definition |
---|---|
CCI-001118 |
The information system implements host-based boundary protection mechanisms for servers, workstations, and mobile devices. |
Controls
Number | Title |
---|---|
No controls are assigned to this check |