) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.
Guide to Sun Microsystems Java Plug-in Security v1.0 Checklist Details (Checklist Revisions)
Supporting Resources:
-
Download Prose - Guide to Sun Microsystems Java Plug-in Security
- National Security Agency
Target:
| Target | CPE Name |
|---|---|
| Sun Java Plug-in 1.4.2 | cpe:/a:sun:java_plug-in:1.4.2 (View CVEs) |
Checklist Highlights
- Checklist Name:
- Guide to Sun Microsystems Java Plug-in Security
- Checklist ID:
- 92
- Version:
- v1.0
- Type:
- Compliance
- Review Status:
- Archived
- Authority:
- Governmental Authority: National Security Agency
- Original Publication Date:
- 12/07/2003
Checklist Summary:
Web browsers are functionally designed to deliver web pages from a web server. However, through plug-in technology, most web browsers can be enabled to deliver additional features such as Java programs, which are also known as applets. This document provides information about using Java applets in a secure manner. This document focuses on the Sun Microsystems 1.4.2 Java Runtime Environment (JRE) Java Plug-in with Netscape 7.1 and for Internet Explorer 6.0 on Windows platforms. The document introduces the reader to these concepts by explaining Java applets, the JRE Plug-in, and the Administrative and Developer tools. After this introduction, this document explains how the Java applets interact with web browsers, particularly Netscape v7.1 and Internet Explorer 6.0. Additionally, this document allows the reader to understand the Applet Development Lifecycle, and how security is inter-related within this lifecycle
Checklist Role:
- Desktop Client
Known Issues:
Do not attempt to implement any of the settings in this guide without first testing in a non-operational environment. This document is only a guide containing recommended security settings. It is not meant to replace well-structured policy or sound judgment. Furthermore, this guide does not address site-specific configuration issues. Care must be taken when implementing this guide to address local operational and policy concerns. The security changes described in this document only apply to Microsoft Windows 2000 systems and should not be applied to any other Windows versions or operating systems. This document may contain recommended settings for the system registry. Java can be severely impaired or disabled with incorrect changes or accidental deletions when using a registry editor to change the system configuration. Currently, no Undo function exists for deletions made within the Windows 2000 registry. The registry editor (Regedt32.exe or Regedit.exe) prompts you to confirm the deletions if Confirm On Delete is selected from the options menu. When you delete a registry key, the message does not include the name of the key you are deleting. Therefore, check your selection carefully before proceeding with any deletion.
Target Audience:
This document is developed to provide guidance to an Information Technology administrator. It is vital to client and network security to understand the risks involved with applets in web browsers. This document is not necessarily a how-to guide, but more of an information guide to the existence and usage of settings.
Target Operational Environment:
- Managed
Testing Information:
The security configuration guide has been extensively tested in a lab and operational environment.
Regulatory Compliance:
Not provided.
Comments/Warnings/Miscellaneous:
Refer to Known Issues.
Disclaimer:
Not provided.
Product Support:
Not provided.
Point of Contact:
SNAC.Guides@nsa.gov
Sponsor:
Not provided.
Licensing:
Refer to the legal statement provided at: http://www.nsa.gov/notices/notic00004.cfm?Address =/snac/support/java_plugin_guide_prepub2.pdf
Change History:
v1.0, 2003-12-08 Updated status to Archive - 10/24/18
Dependency/Requirements:
| URL | Description |
|---|
References:
| Reference URL | Description |
|---|