« Increasing Browser Security | Main

Wednesday, March 27, 2013

Tightening Java

Oracle's Java has been shown to be chock full of holes, but some people need to have it. This doc will outline some changes you should make to tighten it up a bit. To make these changes, open the Java control panel.

Set daily update checks

With the recent spat of security reports, you want to keep Java up to date. By default, it only checks for updates once a month. Change that to daily in the Update tab:

Move the slider

Next, go to the security tab and move the slider to High. If you don't have a slider here, your java needs to be updated via the Update tab:

Enabled online certificate checks

Finally, click on the Advanced link on the Security tab and enable both the enable online certificate validation and Check certificates for revocation using Certificate Revocation lists. The former tells Java to check online for the status of any certificate presented to it, and the latter tells java to chek online to see if a Certificate Granting Authority has issued a revocation for a given certificate. With these options checked, a bad certificate may be allowed.

Disable elevated priviledges for self-signed certificates

Anyone can make a self-signed certificate, so you want to disable granting elevated privileges for those.

Posted by bil at 9:41 AM
Edited on: Wednesday, March 27, 2013 11:34 AM
Categories: Other Software, Work