3.10 Ensure ActiveX filtering is enabled

Information

Removes ActiveX controls from the HTTP reply traffic received on the security appliance.

Rationale:

ActiveX controls are used to provide a rich users' browsing experience. Because the ActiveX control is a written program that is executed in the users' computers, it can be used by attackers to perform malicious tasks on the machines of their victims.

Solution

Step 1: Acquire the TCP port used for the HTTP traffic containing ActiveX objects, the IP address <internal_users_ip> and mask <internal_users_mask> of internal users generating the HTTP traffic, and the IP address <external_servers_ip> and mask <external_servers_mask> of the external servers to which the internal users connect and that are source of ActiveX objects.

Step 2: Run the following command to filter ActiveX applets.

hostname(config)# filter activex <port> <internal_users_ip> <internal_users_mask> <external_servers_ip> <external_servers_mask>

Default Value:

ActiveX control filtering is disabled by default.

See Also

https://workbench.cisecurity.org/files/3246

Item Details

Category: CONFIGURATION MANAGEMENT

References: 800-53|CM-6

Plugin: Cisco

Control ID: a83661f0a3d24801bb2a70d3089b23b4694f51d8c76983373b6763cc647feac9