CA DataMinder Tuesday Tip: Mitigating Cross Frame Scripting (XFS).

Discussion created by devan05 Employee on Jan 15, 2013
Latest reply on Jan 17, 2013 by Chris_Hackett
Mitigating Cross Frame Scripting (XFS) in the CA DataMinder (DLP) iConsole published by Andrew Devine, Snr. Support Engineer 15 January 2012

About Cross-Frame Scripting.
With Dynamic HTML (DHTML), content in different windows and frames can interact. Without mitigation, a website maybe vulnerable to cross frame scripting attacks. For example, this vulnerability can be exploited by an attacker to convince a user to follow a link allowing for the target site to be contained within a malicious frame. It should be noted that the technique does not require an attacker to replicate the functionality of a third party web site as the victim will be interacting with the authentic site. This vulnerability could be used to transmit the keystrokes to an attacker. The information leaked may include login credentials.

The CA DataMinder (DLP) solution.
CA DataMinder (DLP) has specific code integrated into the product to mitigate against Cross Frame Scripting (XFS). This functionality is enabled by the
AdvancedSecurity registry option. When it is configured the code will not run if it is not a top-level window.

To implement this you need to create a DWORD registry entry called AdvancedSecurity (if it does not already exist) value under the Web key on the iConsole server and set the value to 1

For CA DLP r12.5 the default key location is

Computer\HKLM\Software\WOW6432Node\Computer Associates\CA DLP\Current Version\Web\

For CA DataMinder r14.x

Computer\HKLM\Software\WOW6432Node\Computer Associates\CA DataMinder\Current Version\Web\