Threat Sg.TA.LTRevSg2.8

URI: Sg.TA.LTRevSg2.8

Description: Routing from Host and LogicalSubnet via Gateway is enabled: if this route is enabled by reverse tethering between the IP and non-IP connections, it could be exploited by an attacker.

Threat Type: Primary Threat

Matching Pattern:

MP-LTRevSg2

Finds a gateway from a Host via a layer 1 subnet (i.e., Bluetooth or USB) connection and a reverse tethered gateway to an IP subnet, and the forward path segment via the gateway.

(empty)

ConnectionsAllowed at Role_FwdSegment

ServiceChannelsAllowed at Role_FwdSegment

CSG-DisableTethering

Tethering (or reverse tethering) is disabled between device Host and IP subnet LogicalSubnet via the USB/Bluetooth connection with device Gateway, so cannot be used by attackers. This strategy does not represent a contingency plan, but a permanent restriction introduced by design or in accordance with an operational policy or user preference. It also triggers threats representing side effects that would be caused by such a restriction. The default configuration for most devices is for tethering disabled, but the model must assume it is enabled unless controls are selected to signify otherwise, or potential threats may be overlooked.

Threat Sg.TA.LTRevSg2.8

MP-LTRevSg2

Triggered by Threat (0)

Triggers Secondary Threats (0)

Triggered By Control Strategy (0)

Misbehaviour Sets (2)

Control Strategies (1)