1. Support Area
  2. Best Practices & How to
  3. System Hardening against common vulnerabilities

Best Practices - System Hardening against common vulnerabilities

System Hardening against common vulnerabilities

Vulnerability Overview

In some situations, an attacker can escalate a particular security vulnerability to compromise the underlying server or other backend infrastructure. This is true for various security vulnerabilities that Waratek offers dedicated protection for, such as Path Traversal and XML External Entity (XXE) injection.

How Waratek’s Protection Works

For a specific security vulnerability, whether there is a dedicated Waratek rule that targets the vulnerability or not, it is possible to significantly reduce the impact of the vulnerability by using Waratek's system hardening rules.

For example, by using the ARMR Filesystem rule (File I/O Security Feature) and the ARMR Socket rule (Socket Control Security Feature) it can be possible to harden the system and prohibit the vulnerable application to access unwanted resources.

Please refer to the Waratek User Guide for more information about the Filesystem and Socket rules.

Protective Action

When a filesystem or network resource is accessed that is not allowed by a Filesystem or Socket rule then the IO operation is terminated and an exception is thrown according to the operation’s API.

Rule Applicability

The Filesystem and Socket rules can be enabled on any Java application.

Best Practices

To correctly enable the Filesystem and Socket rules in an environment, users must first understand the filesystem and network activity patterns of the application. Identify the resources that are required to be accessed by the application and then define Filesystem and Socket rules to whitelist these resources accordingly.