Security Basics mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Windows 98 box is 'owned'; Re:

From: GuidoZ <uberguidoz () gmail com>
Date: Fri, 8 Oct 2004 22:49:35 -0700
While that would work quite well, unfortunately they also need to surf
the web. (Email too.) Hence why I'd like to get them away from IE.
Give them a browser they can use, but is less likely to be hijacked
every time I leave their workplace. =/

Nice suggestion for locking down a local system however. =) I'm sure
someone readng will benefit from it.

--
Peace. ~G


On Fri, 8 Oct 2004 21:26:46 +0200, Ansgar -59cobalt- Wiechers
<bugtraq () planetcobalt net> wrote:

On 2004-10-08 GuidoZ wrote:

I'm open to other ideas too from anyone - the situation in a nutshell
is an orgranization I support needs to migrate away from IE. (The
users really can't handle the spyware and such, no matter how hard I
try to educate and prevent.) The only thing holding them back from
switching is a proprietary ActiveX application that they use to
interface with their data warehouse.


I would try to lock down IE and limit access to localhost and the data
warehouse host by setting the proxy to 127.0.0.1:9 except for localhost
and the data warehouse host. These settings can be enforced through
group policies or local policies (if you don't have a Windows 200[03]
domain controller at hand). That way they could use IE for the data
warehousing application, but not for surfing the web.

HTH

Regards
Ansgar Wiechers
--
"Those who would give up liberty for a little temporary safety
deserve neither liberty nor safety, and will lose both."
--Benjamin Franklin
Previous By Date Next
Previous By Thread Next

Current thread: