Irregular Expressions

Jan 15 2013   9:58PM GMT

What to do about Java? – Part 1

Dan O'Connor Dan O'Connor Profile: Dan O'Connor

So what do you do with Java in your environment?

I would think that if you have it installed it is there for a very good reason. There is an application that is needed by the business that requires it.

Uninstalling Java will eliminate the risk from your environment but it will also stop people from working. Keeping it up to date is a good start but that is not going to protect you from from what happen this past weekend.

I have had a couple of ideas of this;

– In most cases while some of the users require access to Java, not everyone does. With the newer versions it is possible to remove the browsers access to Java. This should help to reduce your attack surface, using registry snap shot tools I was able to create a set of reg files that will either enable to disable this like to all of the applicable browsers. The main issue with this is that it will not take effect until the browser has been restarted. Attaching these processes to the login of the users that need it by GroupPolicy will allow their Java to be ready for those who need it, and for those that don’t it will appear that they don’t have it installed. I am going to cover this in a more detail in another post, and I might share what I have created but at minimum I will show you how to make your own.

– The users that need Java will only need to use it on specific sites, there may only be a few sites so what if we can limit where Java can go? This is where having your historical logs really can show value. I am going to cover this here in part 2.

 Comment on this Post

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: