|
-
May 13th, 2003, 02:49 PM
#1
W2K3 - IE Advanced Security Configuration
As I go through the shiney new OS, I will note things that are of particular interest.
Thus far, this is certainly one of them:
http://www.microsoft.com/technet/tre...y/MngIESec.asp
This is taken from the M$ site directly:
The Microsoft® Windows Server™ 2003 Internet Explorer Enhanced Security Configuration component (also known as Microsoft Internet Explorer hardening) reduces a server’s vulnerability to attacks from Web content by applying more restrictive Internet Explorer security settings. As a consequence, Internet Explorer Enhanced Security Configuration may prevent some Web sites from displaying properly or performing as expected. It may also prevent users and administrators from accessing resources with Universal Naming Convention (UNC) paths on a corporate intranet. This white paper provides information about managing Internet Explorer Enhanced Security Configuration so that users and administrators can access trusted resources and Web sites on a corporate intranet and on the Internet. Examples of how to use Group Policy, scripts, answer files, and user interface (UI) elements to manage Internet Explorer Enhanced Security Configuration are provided.
If only they had something like this for older OSes....
Hope this helps out.
--TH13
Our scars have the power to remind us that our past was real. -- Hannibal Lecter.
Talent is God given. Be humble. Fame is man-given. Be grateful. Conceit is self-given. Be careful. -- John Wooden
-
May 14th, 2003, 04:04 PM
#2
Microsoft seems to be taking their trustworthy computing campaign seriously.
Brian Valantine (senior vice-pres for MS) claims that Win2k3 will be safe out of the box.
That would definatly be a MS first-timer.
They will try to intergrate this backwards in to previous (still supported) MS-OS's with the service packs.
Also they now work with 'code-ownership' so that they can see (once a security bug is found) who did not check his code properly.
I am keeping my eye on bugtraq though.
-
May 14th, 2003, 04:13 PM
#3
Brian Valantine (senior vice-pres for MS) claims that Win2k3 will be safe out of the box.
Hmmmmm, do a default install of W2K3 standard addition and then run a NESSUS scan against it. The results are "interesting". I will post the actual results in a hidden post so that I don't ruin the surprise for others who want to try on their own.
Also, the way I see it is that even if it is secure out of the box, you need to setup services. Ins't that the point of networking a box to begin with? Well once you enable services, you essentially void the statement by Mr. Valentine. My comparison would be:
Hey, my house is the most secure house in the neighborhood. It is made of steel, it has no windows and the only way in is through the chimney. Hmmm, not a very useful home in this configuration so you add some glass windows and a wooden front door. See my point?
--TH13
Our scars have the power to remind us that our past was real. -- Hannibal Lecter.
Talent is God given. Be humble. Fame is man-given. Be grateful. Conceit is self-given. Be careful. -- John Wooden
-
May 14th, 2003, 04:26 PM
#4
I see the point.
Perhaps I should have placed some of the post within the sarcasm tags.
Some things that were enabled by default aren't any more so novice users have less vulnarable services running by default. For example WebDav and Frontpage extensions.
If you want to use these you will have to start the services manually.
As you can still see lots of worms floating around for unneccecary services and things that have been patched, this would be an improvement.
The same Mr Valentine also said that security and the lack of it is a problem that is not solvable by MS alone. Admins should be the once concerned with their networks security but there are plenty of ignorent admins out there imo.
But like they say:
'the proof of the pudding is in eating it'.
-
May 14th, 2003, 07:41 PM
#5
Originally posted here by thehorse13
Hmmmmm, do a default install of W2K3 standard addition and then run a NESSUS scan against it. The results are "interesting". I will post the actual results in a hidden post so that I don't ruin the surprise for others who want to try on their own.
Also, the way I see it is that even if it is secure out of the box, you need to setup services. Ins't that the point of networking a box to begin with? Well once you enable services, you essentially void the statement by Mr. Valentine. My comparison would be:
Hey, my house is the most secure house in the neighborhood. It is made of steel, it has no windows and the only way in is through the chimney. Hmmm, not a very useful home in this configuration so you add some glass windows and a wooden front door. See my point?
--TH13
Please do post the results for those of us who do want to tuch the bleeding edge but need smothing to lart over zellous managers with
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|
Reply With Quote