Details

Removes Java applets from the HTTP reply traffic crossing the security appliance.

Rationale:

Java applets enhance users’ Web experience with more interactivity. Because the applet is a code that is downloaded and executed on the users’ machines, it can be used by attackers to perform malicious activities on the systems visiting untrusted websites.

Solution

Step 1: Acquire the TCP port used for the HTTP traffic containing Java objects, the IP address and mask of internal users generating the HTTP traffic, and the IP address and mask of the external servers to which the internal users connect and that are source of Java objects.

Step 2: Run the following command to filter Java applets.

hostname(config)# filter java

Default Value:

Java applet filtering is disabled by default.

Supportive Information

The following resource is also helpful.

• https://workbench.cisecurity.org/files/3294

This security hardening control applies to the following category of controls within NIST 800-53: Configuration Management.This control applies to the following type of system Cisco.

References

• 800-53|CM-2
• CSCv7|11.1

Source

• Tenable.com/audits