3.3 - Connection Filtering is not configured - Filter enabled

Warning! Audit Deprecated

This audit has been deprecated and will be removed in a future update.

View Next Audit Version

Information

Connection filters are particularly useful when using the Administration port. Use a connection filter to further restrict access to the Administration port to only the servers and machines in the domain. An attacker, who gets access to a machine inside the firewall, still cannot perform administration operations unless the attacker is on one of the permitted machines.

An attacker can perform administrative operations if he gets access to the weblogic server.

Solution

Weblogic has default connection filter weblogic.security.net.ConnectionFilterImpl which can be customized to deny access, by using connection filters rules in the WebLogic Server Administration Console.
1. If you have not already done so, in the Change Centre of the Administration Console, click Lock & Edit.
2. In the left pane, select the domain that needs to be configured (for example, mydomain).
3. Select Security > Filter.
4. Select the Connection Logger Enabled checkbox to enable the logging of accepted messages.
5. In the Connection Filter field, specify the connection filter class to be used in the domain i.e. 'weblogic.security.net.ConnectionFilterImpl'.
6. In the Connection Filter Rules field, enter the syntax for the connection filter rules. Detailed information on how to configure connection filter rules can be found at Using Network Connection Filters.
7. Click Save.
8. To activate these changes, in the Change Centre of the Administration Console, click Activate Changes.

Item Details

Category: AUDIT AND ACCOUNTABILITY

References: 800-53|AU-12

Plugin: Windows

Control ID: 148c17ca90b409bb006172cff0df1e88cf5f5f79252ffdb8ad82497bc4506630