From LG Android 6.x Security Technical Implementation Guide
Part of PP-MDF-201029
Associated with: CCI-000366 CCI-002824
Spilt-tunneling allows multiple simultaneous remote connections to the mobile device. Without VPN split-tunneling disabled, malicious applications can covertly off-load device data to a third-party server or set up a trusted tunnel between a non-DoD third-party server and a DoD network, providing a vector to attack the network.
This validation procedure is performed on both the MDM Administration Console and the LG Android device. On the MDM console, do the following: 1. Ask the MDM administrator to display the "Allow VPN Split Tunneling" setting in the MDM console. 2. Verify the setting for the VPN Split Tunneling is disabled. 3. Verify the policy has been assigned to all groups. On the LG Android device: 1. Unlock the device. 2. Navigate to the VPN Split Tunneling setting: Settings >> Network >> VPN >> LG VPN >> Add LG VPN network >> Show advanced options popup. 3. Verify "Disable Split Tunneling" option is checked and cannot be changed (grayed out). If on the MDM console the "Allow VPN split tunneling" setting is enabled or the LG Android device the "Disable Split Tunneling" setting is not checked and can be changed, this is a finding.
Configure the mobile operating system to disable VPN split-tunneling (if the MD provides a configurable control). On the MDM Administration Console, disable the "Allow VPN split tunneling" setting.
Lavender hyperlinks in small type off to the right (of CSS
class id, if you view the page source) point to
globally unique URIs for each document and item. Copy the
link location and paste anywhere you need to talk
unambiguously about these things.
You can obtain data about documents and items in other
formats. Simply provide an HTTP header Accept:
text/turtle or
Accept: application/rdf+xml.
Powered by sagemincer