You can protect the iConsole from frame-based clickjacking (or UI redressing) attacks. Use the AdvancedSecurity registry value to add the X-Frame-Options HTTP header to the iConsole. The header is automatically set to 'DENY'. This prevents the iConsole from being hosted in an iFrame.
To enable protection against clickjacking, modify the AdvancedSecurity value in the Web registry key on your front‑end Web servers:
Type: REG_DWORD
Data: Defaults to True. Set this value to 1 or True to add an X-Frame-Options header to the iConsole web page and prevent the iConsole from being hosted in an iFrame.
If you set this value to 0 or False, an X-Frame-Options header is not added to the iConsole web page. This allows the iConsole to be hosted in an iFrame.
Note: In a frame-based clickjacking attack on the iConsole, an attacker hosts the iConsole in an iFrame. Unsuspecting users are unaware of the danger and the attacker is able to intercept any information submitted to the iConsole, such as user credentials or passwords.
|
Copyright © 2014 CA.
All rights reserved.
|
|