Security Basics mailing list archives

Re: Patching internet facing MS systems

From: Ansgar -59cobalt- Wiechers <cobalt () planetcobalt net>
Date: Thu, 13 Mar 2008 19:47:48 +0100

On 2008-03-13 Dan Denton wrote:

Assuming the user doesn't have admin access, using group policies you
can disable access to the connections tab in IE, or disable access to
entire menus (tools, for instance). 

This also has the added advantage of blocking access to changing the
user's home page and other functions.


Removing access to the GUI is pointless, because the users will still be
able to change the settings in the Registry. You need to protect those
settings instead, which can also be done via policies.

Regards
Ansgar Wiechers
-- 
"All vulnerabilities deserve a public fear period prior to patches
becoming available."
--Jason Coombs on Bugtraq

Current thread:

Patching internet facing MS systems Dan Lynch (Mar 11)
- Re: Patching internet facing MS systems Ansgar -59cobalt- Wiechers (Mar 11)
- Re: Patching internet facing MS systems Josh Haft (Mar 11)
- Re: Patching internet facing MS systems Kurt Buff (Mar 11)
- RE: Patching internet facing MS systems Dan Lynch (Mar 13)
  - Re: Patching internet facing MS systems Ansgar -59cobalt- Wiechers (Mar 13)
    - RE: Patching internet facing MS systems Dan Lynch (Mar 13)
    - RE: Patching internet facing MS systems Dan Denton (Mar 13)
    - Re: Patching internet facing MS systems Ansgar -59cobalt- Wiechers (Mar 13)
    - Re: Patching internet facing MS systems Ansgar -59cobalt- Wiechers (Mar 13)
- RE: Patching internet facing MS systems Kevin Ortloff (Mar 27)
- <Possible follow-ups>
- RE: Patching internet facing MS systems Rob McShinsky (Mar 11)
- Re: Patching internet facing MS systems evilwon (Mar 11)
- Re: Patching internet facing MS systems nobledark (Mar 13)