SV-224793r505933_rule
V-224793
SRG-APP-000439
ISEC-06-551700
CAT II
10
To restrict Tomcat SSL to only ISEC7 EMM Suite tasks, run the ISEC7 integrated installer or use the following manual procedure:
To restrict SSL for all users except for agent task, the user needs to add a security constraint tag to <Drive>:\ProgramFiles\ISEC7 EMM Suite\Tomcat\conf\web.xml
Login to the ISEC7 EMM Suite server.
Navigate to <Drive>:\ProgramFiles\ISEC7 EMM Suite\Tomcat\conf\
Edit the web.xml file with Notepad.exe
Add the following entry:
<security-constraint>
<web-resource-collection>
<web-resource-name>Unsecure</web-resource-name>
<!-- Agent -->
<url-pattern>/BNator/agent/*</url-pattern>
<url-pattern>/app/agent/*</url-pattern>
<url-pattern>/app/admin/agentinstaller.jnlp</url-pattern>
<!-- Client -->
<url-pattern>/app/clients/*</url-pattern>
<url-pattern>/app/data/*</url-pattern>
<!-- Remote Control -->
<url-pattern>/rc/*</url-pattern>
<!-- Traffic Push -->
<url-pattern>/BNator/uss/trafficinfo/*</url-pattern>
<url-pattern>/BNator/data/mds/trafficpush</url-pattern>
<url-pattern>/BNator/favorites/*</url-pattern>
<url-pattern>/app/resource/*</url-pattern>
</web-resource-collection>
</security-constraint>
<security-constraint>
<web-resource-collection>
<web-resource-name>Secure</web-resource-name>
<url-pattern>/*</url-pattern>
</web-resource-collection>
<user-data-constraint>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
</security-constraint>
Verify Tomcat SSL is restricted to only ISEC7 EMM Suite tasks.
Log in to the ISEC7 EMM Suite server.
Navigate to <Drive>:\ProgramFiles\ISEC7 EMM Suite\Tomcat\conf\
Edit the web.xml file with Notepad.exe
Verify the following entries are present:
<security-constraint>
<web-resource-collection>
<web-resource-name>Unsecure</web-resource-name>
<!-- Agent -->
<url-pattern>/BNator/agent/*</url-pattern>
<url-pattern>/app/agent/*</url-pattern>
<url-pattern>/app/admin/agentinstaller.jnlp</url-pattern>
<!-- Client -->
<url-pattern>/app/clients/*</url-pattern>
<url-pattern>/app/data/*</url-pattern>
<!-- Remote Control -->
<url-pattern>/rc/*</url-pattern>
<!-- Traffic Push -->
<url-pattern>/BNator/uss/trafficinfo/*</url-pattern>
<url-pattern>/BNator/data/mds/trafficpush</url-pattern>
<url-pattern>/BNator/favorites/*</url-pattern>
<url-pattern>/app/resource/*</url-pattern>
</web-resource-collection>
</security-constraint>
<security-constraint>
<web-resource-collection>
<web-resource-name>Secure</web-resource-name>
<url-pattern>/*</url-pattern>
</web-resource-collection>
<user-data-constraint>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
</security-constraint>
If Tomcat SSL is not restricted to only ISEC7 EMM Suite tasks, this is a finding.
V-224793
False
ISEC-06-551700
Verify Tomcat SSL is restricted to only ISEC7 EMM Suite tasks.
Log in to the ISEC7 EMM Suite server.
Navigate to <Drive>:\ProgramFiles\ISEC7 EMM Suite\Tomcat\conf\
Edit the web.xml file with Notepad.exe
Verify the following entries are present:
<security-constraint>
<web-resource-collection>
<web-resource-name>Unsecure</web-resource-name>
<!-- Agent -->
<url-pattern>/BNator/agent/*</url-pattern>
<url-pattern>/app/agent/*</url-pattern>
<url-pattern>/app/admin/agentinstaller.jnlp</url-pattern>
<!-- Client -->
<url-pattern>/app/clients/*</url-pattern>
<url-pattern>/app/data/*</url-pattern>
<!-- Remote Control -->
<url-pattern>/rc/*</url-pattern>
<!-- Traffic Push -->
<url-pattern>/BNator/uss/trafficinfo/*</url-pattern>
<url-pattern>/BNator/data/mds/trafficpush</url-pattern>
<url-pattern>/BNator/favorites/*</url-pattern>
<url-pattern>/app/resource/*</url-pattern>
</web-resource-collection>
</security-constraint>
<security-constraint>
<web-resource-collection>
<web-resource-name>Secure</web-resource-name>
<url-pattern>/*</url-pattern>
</web-resource-collection>
<user-data-constraint>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
</security-constraint>
If Tomcat SSL is not restricted to only ISEC7 EMM Suite tasks, this is a finding.
M
4200