|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: Browser Vulns
From: Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP] (sbradcpa
pacbell.net)
Date: Fri Jul 23 2004 - 14:11:21 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
NetNanny? Yuck. Actually in small firm environments we are already a
full AD environment and except for our lack of knowledge of the group
policy power we do have, we are actually in a better position most firms
to roll this fun stuff out. And honestly I'd rather see that firm do a
websense or Surfcontrol [as many of them do] or ISA server and have it
more controlled.
I've honestly not seen consultants install NetNanny in a small firm..
Surfcontrol yes...built into a hardware firewall. But even in us little
networks where there is an outsourced consultant, they want a solution
that they can remote 'touch" and control. You don't want to sneakernet
to desktops if you can help it.
Many of the larger enterprise programs are beginning to offer SMB
packages.
But then again, the best way to start is write up an acceptable use
policy. ;-)
Laura A. Robinson wrote:
>Egads! Wouldn't NetNanny or something similar be a lot cheaper and simpler
>in a small environment? This just seems like a LOT of work for very little
>accuracy and/or payoff.
>
>Lauara
>
>
>
>>-----Original Message-----
>>From: Eric McCarty [mailto:ericlawmpd.com]
>>Sent: Wednesday, July 21, 2004 11:06 AM
>>To: Harlan Carvey; focus-mssecurityfocus.com
>>Cc: Laura A. Robinson; James Bowman
>>Subject: RE: Browser Vulns
>>
>>1). Implement Group Policy to prevent users from clearing
>>History/Cookies 2). Implement Command line based auditing
>>software via GP (For example : AIDA32) 3). Use automated
>>searching of those files for common non-work related sites.
>>4). Review output of search at your convenience, Take action
>>as needed.
>>
>>I will agree that websense (for example) is a better choice
>>for larger enterprises and that my approach is geared toward
>>a < 1000 user base, however I can say that since regular
>>desktop audits are required by our security policy this is
>>just one was to expand on what we already are required to do.
>>
>>Eric.
>>
>>
>>
>>-----Original Message-----
>>From: Harlan Carvey [mailto:keydet89yahoo.com]
>>Sent: Monday, July 19, 2004 11:40 AM
>>To: focus-mssecurityfocus.com
>>Cc: Laura A. Robinson; Eric McCarty; 'James Bowman'
>>Subject: RE: Browser Vulns
>>
>>
>>Laura,
>>
>>Having spent time in a small (400+ user base) organization,
>>I'd say that your approach would work much better, especially
>>considering that Eric provides no workable solution for "run
>>desktop monitoring software".
>>
>>--- "Laura A. Robinson" <laurarobinsonearthlink.net>
>>wrote:
>>
>>
>>>Just out of curiosity, how many (few) users do you have
>>>
>>>
>>that this is a
>>
>>
>>>workable approach? And wouldn't ingress/egress monitoring be more
>>>effective than poking at cookies?
>>>
>>>Laura
>>>
>>>
>>>
>>>>-----Original Message-----
>>>>From: Eric McCarty [mailto:ericlawmpd.com]
>>>>Sent: Wednesday, July 14, 2004 11:27 AM
>>>>To: James Bowman; focus-mssecurityfocus.com
>>>>Subject: RE: Browser Vulns
>>>>
>>>>I prefer Choice E : Education
>>>>
>>>>Tell your users what to do and not do, then run
>>>>
>>>>
>>>desktop
>>>
>>>
>>>>auditing software to review browser/cookie history
>>>>
>>>>
>>>to see
>>>
>>>
>>>>violators of the policy and take appropriate
>>>>
>>>>
>>>action.
>>>
>>>
>>>>Patching wont help if no patch exists. Check out
>>>>
>>>>
>>>Pivx for choice B.
>>>
>>>
>>>>Eric
>>>>
>>>>-----Original Message-----
>>>>From: James Bowman [mailto:jimdrexel.edu]
>>>>Sent: Tuesday, July 13, 2004 9:11 PM
>>>>To: focus-mssecurityfocus.com
>>>>Subject: Browser Vulns
>>>>
>>>>
>>>>
>>>>
>>>>Posing a question to Security Managers regarding
>>>>
>>>>
>>>the massive
>>>
>>>
>>>>attention now on browser vulnerabilities.
>>>>
>>>>
>>>>
>>>>How are you reacting (if at all):
>>>>
>>>>A: Patching
>>>>
>>>>B: HIPS / HIDS
>>>>
>>>>C: Content filtering via proxy
>>>>
>>>>D: Other...
>>>>
>>>>
>>>>
>>>>For those choosing B:, how is your flavor of HIPS
>>>>
>>>>
>>>/ HIDS faring?
>>>
>>>
>>>>For those choosing C:, what is working for you,
>>>>
>>>>
>>>and for
>>>
>>>
>>>>either B: or C:, is it signature or PAD based?
>>>>
>>>>
>>>>
>>>>JB
>>>>
>>>>
>>>>
>>>>
>>>>
>>--------------------------------------------------------------
>>
>>
>>>>-------------
>>>>
>>>>
>>>>
>>--------------------------------------------------------------
>>
>>
>>>>-------------
>>>>
>>>>
>>>>
>>>>
>>>>
>>--------------------------------------------------------------
>>
>>
>>>>-------------
>>>>
>>>>
>>>>
>>--------------------------------------------------------------
>>
>>
>>>>-------------
>>>>
>>>>
>>>>
>>>
>>>
>>--------------------------------------------------------------
>>-------------
>>
>>
>>--------------------------------------------------------------
>>-------------
>>
>>
>>>
>>>
>>--------------------------------------------------------------
>>-------------
>>--------------------------------------------------------------
>>-------------
>>
>>
>>--------------------------------------------------------------
>>-------------
>>--------------------------------------------------------------
>>-------------
>>
>>
>>
>>
>
>
>---------------------------------------------------------------------------
>---------------------------------------------------------------------------
>
>
>
>
--
http://www.sbslinks.com/really.htm
---------------------------------------------------------------------------
---------------------------------------------------------------------------
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]