DoD proxies must be configured on all active network interfaces.

From Apple OS X 10.8 (Mountain Lion) Workstation STIG

Part of SRG-OS-000149

Associated with: CCI-001112

SV-65553r1_rule DoD proxies must be configured on all active network interfaces.

Vulnerability discussion

A proxy server is designed to hide the identity of the client when making a connection to a server on the outside of its network. This prevents any hackers on the outside of learning IP addresses within the private network. With a proxy acting as the mediator, the client does not interact directly with the servers it is connecting to; the proxy server is in the middle handling both sides of the session.

Check content

To show the proxy configuration for the Ethernet interface, run the following command: networksetup -getautoproxyurl Ethernet replace "Ethernet" with the plain English name of the network interface you need to verify. If there is no proxy defined, or enabled is set to "No", this is a finding. This command: networksetup -listallnetworkservices will list the plain English names of all configured network interfaces on the computer.

Fix text

Ensure that DoD proxies are configured on all active network interfaces listed from the command: networksetup -listallnetworkservices

Pro Tips

Lavender hyperlinks in small type off to the right (of CSS class id, if you view the page source) point to globally unique URIs for each document and item. Copy the link location and paste anywhere you need to talk unambiguously about these things.

You can obtain data about documents and items in other formats. Simply provide an HTTP header Accept: text/turtle or Accept: application/rdf+xml.

Powered by sagemincer