W2K3 - IE Advanced Security Configuration
Results 1 to 5 of 5

Thread: W2K3 - IE Advanced Security Configuration

  1. #1
    Master-Jedi-Pimps0r & Moderator thehorse13's Avatar
    Join Date
    Dec 2002
    Location
    Washington D.C. area
    Posts
    2,884

    W2K3 - IE Advanced Security Configuration

    As I go through the shiney new OS, I will note things that are of particular interest.

    Thus far, this is certainly one of them:

    http://www.microsoft.com/technet/tre...y/MngIESec.asp

    This is taken from the M$ site directly:

    The Microsoft® Windows Server™ 2003 Internet Explorer Enhanced Security Configuration component (also known as Microsoft Internet Explorer hardening) reduces a server’s vulnerability to attacks from Web content by applying more restrictive Internet Explorer security settings. As a consequence, Internet Explorer Enhanced Security Configuration may prevent some Web sites from displaying properly or performing as expected. It may also prevent users and administrators from accessing resources with Universal Naming Convention (UNC) paths on a corporate intranet. This white paper provides information about managing Internet Explorer Enhanced Security Configuration so that users and administrators can access trusted resources and Web sites on a corporate intranet and on the Internet. Examples of how to use Group Policy, scripts, answer files, and user interface (UI) elements to manage Internet Explorer Enhanced Security Configuration are provided.

    If only they had something like this for older OSes....

    Hope this helps out.

    --TH13
    Our scars have the power to remind us that our past was real. -- Hannibal Lecter.
    Talent is God given. Be humble. Fame is man-given. Be grateful. Conceit is self-given. Be careful. -- John Wooden

  2. #2
    Microsoft seems to be taking their trustworthy computing campaign seriously.
    Brian Valantine (senior vice-pres for MS) claims that Win2k3 will be safe out of the box.
    That would definatly be a MS first-timer.
    They will try to intergrate this backwards in to previous (still supported) MS-OS's with the service packs.
    Also they now work with 'code-ownership' so that they can see (once a security bug is found) who did not check his code properly.
    I am keeping my eye on bugtraq though.

  3. #3
    Master-Jedi-Pimps0r & Moderator thehorse13's Avatar
    Join Date
    Dec 2002
    Location
    Washington D.C. area
    Posts
    2,884
    Brian Valantine (senior vice-pres for MS) claims that Win2k3 will be safe out of the box.
    Hmmmmm, do a default install of W2K3 standard addition and then run a NESSUS scan against it. The results are "interesting". I will post the actual results in a hidden post so that I don't ruin the surprise for others who want to try on their own.

    Also, the way I see it is that even if it is secure out of the box, you need to setup services. Ins't that the point of networking a box to begin with? Well once you enable services, you essentially void the statement by Mr. Valentine. My comparison would be:

    Hey, my house is the most secure house in the neighborhood. It is made of steel, it has no windows and the only way in is through the chimney. Hmmm, not a very useful home in this configuration so you add some glass windows and a wooden front door. See my point?

    --TH13
    Our scars have the power to remind us that our past was real. -- Hannibal Lecter.
    Talent is God given. Be humble. Fame is man-given. Be grateful. Conceit is self-given. Be careful. -- John Wooden

  4. #4
    I see the point.
    Perhaps I should have placed some of the post within the sarcasm tags.
    Some things that were enabled by default aren't any more so novice users have less vulnarable services running by default. For example WebDav and Frontpage extensions.
    If you want to use these you will have to start the services manually.
    As you can still see lots of worms floating around for unneccecary services and things that have been patched, this would be an improvement.
    The same Mr Valentine also said that security and the lack of it is a problem that is not solvable by MS alone. Admins should be the once concerned with their networks security but there are plenty of ignorent admins out there imo.
    But like they say:
    'the proof of the pudding is in eating it'.

  5. #5
    Senior Member
    Join Date
    Mar 2003
    Location
    central il
    Posts
    1,779
    Originally posted here by thehorse13


    Hmmmmm, do a default install of W2K3 standard addition and then run a NESSUS scan against it. The results are "interesting". I will post the actual results in a hidden post so that I don't ruin the surprise for others who want to try on their own.

    Also, the way I see it is that even if it is secure out of the box, you need to setup services. Ins't that the point of networking a box to begin with? Well once you enable services, you essentially void the statement by Mr. Valentine. My comparison would be:

    Hey, my house is the most secure house in the neighborhood. It is made of steel, it has no windows and the only way in is through the chimney. Hmmm, not a very useful home in this configuration so you add some glass windows and a wooden front door. See my point?

    --TH13
    Please do post the results for those of us who do want to tuch the bleeding edge but need smothing to lart over zellous managers with

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •