Threat Sg.TA.LTethSg2.8

URI: Sg.TA.LTethSg2.8

Description: Routing between Host and LogicalSubnet via Gateway is enabled: if this route is enabled by tethering between the IP and non-IP connections, it could be exploited by an attacker.

Threat Type: Primary Threat

Matching Pattern:

MP-LTethSg2

Finds a gateway from a Host via a layer 1 subnet (i.e., Bluetooth or USB) connection and a tethered gateway to an IP subnet, along with the forward and return path segments via the gateway.

(empty)

ConnectionsAllowed at Role_FwdSegment

ConnectionsAllowed at Role_RetSegment

ServiceChannelsAllowed at Role_FwdSegment

ServiceChannelsAllowed at Role_RetSegment

CSG-DisableTethering

Tethering (or reverse tethering) is disabled between device Host and IP subnet LogicalSubnet via the USB/Bluetooth connection with device Gateway, so cannot be used by attackers. This strategy does not represent a contingency plan, but a permanent restriction introduced by design or in accordance with an operational policy or user preference. It also triggers threats representing side effects that would be caused by such a restriction. The default configuration for most devices is for tethering disabled, but the model must assume it is enabled unless controls are selected to signify otherwise, or potential threats may be overlooked.

Threat Sg.TA.LTethSg2.8

MP-LTethSg2

Triggered by Threat (0)

Triggers Secondary Threats (0)

Triggered By Control Strategy (0)

Misbehaviour Sets (4)

Control Strategies (1)