Importance of Blocking active content.

[ByTeWrangler]

Greeting's

I was reading an article at SANS and it reminded me of how important it is to block active content. Many of you who use firefox may be using "Noscript" which help in blocking active content such as java script.


Although I use Noscript I still prefer removing most of the active content at my firewall level. Most of the software and hardware based firewall provide you with option to block almost all active content.

I just wanted to remind members here that active content such as active X, Java, GIF's, Hidden frames' Vbscript pose a great threat to security and privacy



here is the link to the article :

http://isc.sans.org/diary.php?storyid=1380&rss



Edit :

If anyone here doesnt know how this can be done (how active content be blocked) you may provide your firewall name and I will be happy to post how to configure your firewall to remove active content.

Also for all those who prefer to block at your browser only you might want to First download FIREFOX and then NoScript from here :

https://addons.mozilla.org/firefox/722/

[.:front2back:.]

If anyone here doesnt know how this can be done (how active content be blocked) you may provide your firewall name and I will be happy to post how to configure your firewall to remove active content.

I would be very interested to read about this. I've got the Browsers setup pretty tight, but i' would be interested to read about how Firewalls can be setup in this fashion.

cheers
f2B

[farmer6re9]

My friends, we shouldn't be like scared little rabbits when we're on-line. And it makes no sense to dilute the whole Internet experience into a small watery tart of a text browser.

FWIW- To all those who purposely run around to all the dangerous nooks and crannies on the Internet, I'd suggests doing all browseing full-tilt with a live distro like Knoppix. Nothing is gonna boogey your hard-drive or precious data when the filesystem is READONLY. Worst thing is ya might run out of memory.

[ByTeWrangler]

Greeting's

Okay the importance of what I just mentioned in the thread has increased to a new level

Please read this :

http://isc.sans.org/diary.php?storyid=1386&rss

Also I have found this guide for agnitum's outpost firewall for blocking active content :

http://www.agnitum.com/products/outp...ntent_demo.php

Although not the best of demo's, I think most of us will get an idea of what I'm talking about

[Neptune0z]

Essentially what your talking about is blocking or filtering active content at the TCP layer...I mean sure you can setup your browser to filter out active content, but that data is still making it to your box when it really has no reason to even be routed there. Security is all about risk managment, so why even allow this? What you need is a proxy server to remove active content for you BEFORE it even gets to your machine...Try googling for privoxy...

[farmer6re9]

If anyone here doesnt know how this can be done (how active content be blocked) you may provide your firewall name and I will be happy to post how to configure your firewall to remove active content.

Netfilter's iptables-1.3.0-2

I don't know how to make rules to block active content and yet still be able to receive TwiceClick ads and have all the features for pretty quick-n-easy postings in this forum.

[webwurm99]

??? Didnt the artical say that it was an IE exploit that has been patched. If so than whats the problem? If other browsers are still vulnerable then why not use IE? Its kind of ironic, I have read so much about IE being security defficient but it seems from the article that it is the safe one in this case.

If you block all questionable content from the internet, what would you be left with??