Control DisableTethering
URI: DisableTethering
Package: LocalDeviceConnectivity
Description: Signifies that routing between a device and an IP network via a USB/Bluetooth connection is disabled. The reference to tethering is because these routes are normally switched off by default in most devices, but are activated when mobile devices use tethering to share access to cellular (or sometimes other) network uplinks. Because such routes can be used the domain model must include them and use a control to signify their status.
Route through a gateway Host from a connected USB/BT device to an IP network. Modelled as a type of NAT Segment because the message source is obfuscated in transit through the Host. This is not SNAT because the source is not connected to the gateway via an IP network, but the effect is similar as the message acquires a source address of the gateway on the destination network. |
|
Route through a gateway Host to a connected USB/BT device from an IP network. Modelled as a type of Open Segment because the message source does not need to be obfuscated in transit through the gateway Host. |
Tethering (or reverse tethering) is disabled between device Host and IP subnet LogicalSubnet via the USB/Bluetooth connection with device Gateway, so cannot be used by attackers. This strategy does not represent a contingency plan, but a permanent restriction introduced by design or in accordance with an operational policy or user preference. It also triggers threats representing side effects that would be caused by such a restriction. The default configuration for most devices is for tethering disabled, but the model must assume it is enabled unless controls are selected to signify otherwise, or potential threats may be overlooked. |