Reference Policy Set v6
Note
Download the v6 Reference Policy set at this link.
Visit our page Policy Management for other Reference Policy sets and more discussion about the topic.
Changes since v5
This version of the reference policy set adds a new policy that enables Nexus Firewall to prevent dependency/namespace confusion attacks.
Automatic Setup
If your journey started with IQ Server release 107 or newer this reference policy set has been automatically configured when IQ Server first started. No further manual action is needed.
Manual Setup
If your policy configuration dates back to an IQ Server release before 107, the new policy needs to be manually added to your installation using the following steps:
Ensure your installation has been updated to at least IQ Server release 106, older versions do not support the new policy condition.
Log into IQ Server using a user which has at least the View and Edit IQ Elements permissions for the root organization. Any user who has the built-in Policy Administrator role has the needed permissions.
Navigate to the root organization and within its Policies section choose Add a Policy.
In the policy editor
Enter "Security-Namespace Conflict" as name for the new policy and set its threat level to 10.
Make sure that the policy inheritance is set to All Applications and Repositories.
Add a single constraint named "3rd-party component name conflicts with proprietary component name" with in turn employs one condition, Proprietary Name Conflict is present.
In the Actions section of the policy, choose Fail for the Proxy stage. The other stages are not applicable for this policy and can remain at No Action.
At the bottom of the screen, click Create to save the new policy.
 |
Note that this policy is only useful in combination with Nexus Firewall. If your product license does not enable this solution, you can choose not to add the new policy.