Hi,

First time posting here. I'm pretty new to all things security but I can
chime in on one thing.

I also have had very good experience with Watchguard. The basic install
process is very simple. Turn the box on. Nothing comes in or out. At that
point start turning things on as you see fit. As long as you subscribe to
the "only let through that which is necessary" notion of security
(which...hello?!?!) you can have a solid firewall in a quick afternoon. The
support is pricey but the day you need it, it will have been worth every
penny.

-----Original Message-----
From: Wim_Remesmsp.be [mailto:Wim_Remesmsp.be]
Sent: Friday, September 21, 2001 9:38 AM
To: sgcchono.com
Cc: focus-mssecurityfocus.com
Subject: Re: Question about Internet Security Settings

S.G.,

I am sorry to say that the times when unlimited webaccess was a right for
employees have passed. More and more companies
are moving towards a monitored system where they block access to certain
sites with commercial products. Some products that
perform pretty well on this issue are provided by Symantec, TrendMicro &
Surfwatch. I'd choose for the TrendMicro product, but
maybe that's because I'm working for a TrendMicro Partner :-) The product
itself works with site-lists & categories that are delivered in the package
and updated regularly AND can be customized.
http://www.antivirus.com/products/webmanager/ for product information.

Security is much more than locking down IE. You have to look into your
current security framework, find the holes there and patch them.
On your firewall, lock down the ports that you are not using. If you have
one, review the rules, if you don't, I have good experiences with
Watchguard (http://www.watchguard.com/products/wgls.html) products (again,
I am working for a reseller). If you have experience with Linux,
setting up a Linux firewall is pretty easy with ipchains these days AND it
remains cheap. Get an old PC from your stock, load linux, setup ipchains
and you're in business :)

Not only is webaccess dangerous for your confidential data on your network,
it is also proven to bring down productivity of your employees.
I support Web Access for employees in a controlled manner, the fact that
you provide magazines subscriptions to your employees doesn't mean they can
also subscribe to Hustler, Playboy, Penthouse, 2600, ... does it ?

Regards,

Wim

                    "S.G."

                    <sgcchono.com To: focus-mssecurityfocus.com

> cc:

                                         Subject: Question about
Internet Security Settings
                    21/09/2001

                    06:00

                    Please respond

                    to sg

When setting up IE 5.5 to be more secure, which settings should
be disabled? Obviously java should be disabled, but what about
active scripting? Java applets? Is there really a difference between
signed and unsigned scripts? What would be the best method for
protecting users from potentially malicious sites without blocking
them from web access? Thank you.

S.G.

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]