05-13-2014 10:07 PM
Hi,
With more and more vulnerabilities in Java, I would like to know if there is any way in PAN firewall to identify and blocked non latest Java traffic? The goal is to identify machines and inform owners to update their Java version. If not then block the Java traffic from that host.
Thanks in advance.
05-13-2014 11:01 PM
Hello Sly_Cooper,
You can create a regex to match specific java versions ( latest) to allow through the PAN firewall. For all other versions, other than the latest one, set the action as "block". So, all the request will be logged into the PAN firewall.
Reference doc: Creating Custom Threat Signatures
NOTE: The Java spec is written so that JAR files may look like ZIP files in PAN.
Thanks
05-22-2014 09:14 AM
Hi HULK,
Do you have any example for Java version matching? How requests from java apps will be seen on PAN firewalls?
Thanks in advance.
05-22-2014 09:32 AM
Hello Sly_Cooper,
You can take a packet capture on a test machine or PAN firewall from a host, where JAVA update is running. After taking the pcap file, you have to analyze the header to get the request information i.e "java version".
Thanks
09-30-2014 01:41 AM
Sly_Cooper : Have you been able to make vulnerability signatures (regex) for this? I'm looking to do the same thing, and if you have something to share, it would be great!
11-11-2014 08:44 AM
torm - Sorry I did not try it.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
