Java finally gets a whitelisting feature
Posted on 13 September 2013.
Bookmark and Share
The latest Java Development Kit update (JDK 7u40) includes a number of bug fixes, new security features and changes, and among them is one that has been long overdue: a whitelisting option for protecting endpoints.

"The Deployment Rule Set feature is for enterprises that manage their Java desktop environment directly, and provides a way for enterprises to continue using legacy business applications in an environment of ever-tightening Java applet and Java Web Start application security policies," it is explained in the documentation for the feature.

This feature enables an enterprise to establish a whitelist of known Java Web applications, and those on the whitelist can be run without most security prompts.

For it to work, the new Java Plug-in (available since Java SE 6 Update 10) is required on the endpoints, but also Java 7u40 (the latest version), which will be used to create the rules that will then work for the older version.

The feature has been introduced to help companies that can't upgrade to the latest Java version and can't disable the Java plug-in protect its employees.

The rule set is created via a XML file and will be required to be digitally signed with a valid digital certificate issued by a trusted certificate authority.

"The Deployment Rule Set feature is optional and shall only be used internally in an organization with a controlled environment. If a JAR file that contains a rule set is distributed or made available publicly, then the certificate used to sign the rule set will be blacklisted and blocked in Java," the instructions conclude.









Spotlight

What does the future hold for cloud computing?

Posted on 21 July 2014.  |  Cloud computing’s widespread adoption by businesses and consumers alike all but guarantees that, in five to ten years’ time, the technology will still be very much with us.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Tue, Jul 22nd
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //