Ping a Specific Port

Question

Mike Pennington

Asked: 2013-01-13 12:30:32 +0800 CST2013-01-13 12:30:32 +0800 CST 2013-01-13 12:30:32 +0800 CST

Disable external Java apps network-wide

772

According to US CERT TA13-010A, all computer users are advised to disable Java 1.7 in their browser due to arbitrary code execution risks from a zero-day Java vulnerability; however, we rely on internal Java apps for our business-critical services.

How can we protect corporate network from external malicious threats, while still permitting our internal Java apps to function? Preferably, we would like to disable Java through our Cisco ASA firewall...

1 Answers

Voted

Mike Pennington · Answer 1 · 2013-01-13T12:30:32+08:00

Best Answer

Mike Pennington

2013-01-13T12:30:32+08:002013-01-13T12:30:32+08:00

We decided to use the ASA's filter java command, which blocks all (non-SSL) java applications sent to our internal network block (10.0.0.0/8) on any port (1-65535).

filter java 1-65535 10.0.0.0 255.0.0.0 0.0.0.0 0.0.0.0

While we would love to block Java delivered via SSL, this measure seems to be the most reasonable tradeoff, since we can't afford to completely disable Java and tank our internal apps.

1

Disable external Java apps network-wide

Can you pass user/pass for HTTP Basic Authentication in URL parameters?

Ping a Specific Port

Check if port is open or closed on a Linux server?

How to automate SSH login with password?

How do I tell Git for Windows where to find my private RSA key?

What's the default superuser username/password for postgres after a new install?

What port does SFTP use?

Command line to list users in a Windows Active Directory group?

What is a Pem file and how does it differ from other OpenSSL Generated Key File Formats?

How to determine if a bash variable is empty?