Download CreationConnect Security Guide

page
1
page
2
page
3
page
4
page
5
page
6
page
7
page
8
page
9
page
10
page
11
page
12
page
13
page
14
page
15
page
16
page
17
page
18
page
19
page
20
page
21
page
22
page
23
page
24
page
25
page
26
page
27
page
28
page
29
page
30
page
31
page
32
page
33
page
34
page
35
page
36
page
37
page
38
page
39
page
40
page
41
page
42
page
43
page
44
page
45
page
46
page
47
page
48
page
49
page
50
page
51
page
52
Transcript 
Security Guide
• Invasion of Privacy: these are implemented by malicious applets. Include mail forging.
Consequences of these attacks: moderate. Java defence is strong.
• Denial of Service: these attacks can bring a machine to a standstill. Also implemented by
malicious applets. May require re-boot. Consequences of these attacks: moderate. Java defence
is weak.
• Antagonism: merely annoying, this attack class is the most commonly encountered.
Implemented by malicious applets. May require restart of browser. Consequences of these
attacks: light to moderate. Java defence is weak.
Mitigations
With the major changes in the Java 2 security architecture come a number of important
responsibilities, the most important of which is mobile code policy creation and management. Essential
to any mobile code system that makes use of code signing is the use of a solid key management
capability, that is, a PKI.
• Malicious applets: the best alternative is to set a security policy that allows only applets signed
by trusted parties to run. But if the requirement is to surf with a Java-enabled browser and run
every Java applet on the Web, the safest thing to do is to avoid unknown and untrusted Web sites
unless Java is disabled.
• Annoying applets: (for example, Business Assassin applet) Java has attracted its share of bad
programmers and bad Java code can be annoying. To be counted as a hostile applet, some
malicious intent on the part of the author is usually required, but a poorly written Java applet
may aid a real cracker in breaking a Java security system. The best guidance is to avoid running
bad code, and to make sure that code being run has adhered to sound software engineering
practices.
• Denial of service applets: guidance is to use resource allocation limitations. For example,
placing upper limits on CPU usage, on the number of instructions that can run, or on the number
of windows allowed is one line of defence.
• Attack applets: each has been implemented by either the Secure Internet Programming team
(SIP) at Princeton University (see, for example, www.cs.princeton.edu/sip/java-faq.html) or other
researchers. To date, 16 serious security problems have been discovered in implementations of
Java. Some of these flaws allow full system penetration.
The CERT Co-ordination Centre (an organisation that keeps track of computer security violations
on the Internet), have stated that there have been no confirmed reports of loss due to attacks
exploiting these security holes.
While most of these problems have been fixed in all Java-enabled versions of Microsoft Internet
Explorer, it my still be possible for the some of the above weaknesses to be exploited in different ways.
Other problems have not been fixed at all. General guidance in this area is to keep the operating system
of the PC fully patched, including all up to date security patches, along with security patches for any
browser being used on the PC. This is particularly relevant for any new operating system, such as XP.
Credential and Password handling
Credentials and passwords should not be shared and should never be transmitted via the same
channel.
Additional client-side recomemnded security measures (as per market practice)
• Install anti-virus, anti-spyware and firewall software on personal computers and update them on
a regular basis.
• Remove file and printer sharing if connected to unsecure internet.
November 2014
1—26
Clearstream Banking, Luxembourg
CreationConnect
Related documents
CreationOnline and CreationDirect via Internet
CreationOnline and CreationDirect via Internet
TLS - dfjk.eu
TLS - dfjk.eu
CreationDirect User Manual
CreationDirect User Manual
Managing Single Sign-On and Smart Cards
Managing Single Sign-On and Smart Cards
Brocade Virtual Traffic Manager: User's Guide, 10.1
Brocade Virtual Traffic Manager: User's Guide, 10.1
The Gridbus Grid Service Broker and Scheduler (2.0) User Guide
The Gridbus Grid Service Broker and Scheduler (2.0) User Guide
Brocade Virtual Traffic Manager: Configuration System Guide, v10.2
Brocade Virtual Traffic Manager: Configuration System Guide, v10.2
Administration Manual Issuer Software
Administration Manual Issuer Software
CreationOnline User Manual
CreationOnline User Manual
StoneGate SG-200 Appliance Installation Guide
StoneGate SG-200 Appliance Installation Guide
CreationDirect
CreationDirect
User Manual - Yacht Router
User Manual - Yacht Router
Eurex Exchange`s T7
Eurex Exchange`s T7
NET PROFESSIONAL user`s manual
NET PROFESSIONAL user`s manual
Charismathics Smart Security Interface Manager 4.8.1
Charismathics Smart Security Interface Manager 4.8.1
INDUCTION
INDUCTION
EE/CS 52 Digital Oscilloscope Documentation
EE/CS 52 Digital Oscilloscope Documentation
Dear Liberty High Community, The heat and humidity continue. Just
Dear Liberty High Community, The heat and humidity continue. Just
Interface User Manual - Oracle Documentation
Interface User Manual - Oracle Documentation
IBM Tealeaf CX Passive Capture Application: PCA Manual
IBM Tealeaf CX Passive Capture Application: PCA Manual
CreationDirect - Clearstream file transfer connectivity solutions
CreationDirect - Clearstream file transfer connectivity solutions
User Manual - Yacht Router
User Manual - Yacht Router