Antwort: Re: web browsing in production environment - a journey through comfort and security

[info () hitcon de]

- Trying to prevent with what? With a policy to snip the active content, 
im trying to prevent browser holes. i had my own expriences with scripts 
from websites that injected viruses to my host, just because i deactivated 
"no script" in firefox. with the AV engines - resist viruses via HTTP(s)

- I absolutely understand why users are upset because they arent able to 
browse the internet like theyre at home and have to request the it staff 
to set a website as trusted (to have active content working!)

- in my opinion the policy makes absolut sense and i am im firmly conviced 
of it but thats not the question because im looking for alternatives and 
assess the risk management




Von:
evilwon12 () yahoo com
An:
security-basics () securityfocus com
Datum:
13.07.2009 19:21
Betreff:
Re: web browsing in production environment - a journey through comfort and 
security



And I thought I had issues.



My first question - what are you trying to prevent? 



This seems like a ton of work to do with a ton of upkeep without knowing 
what you are trying to prevent?



Do you fully understand why the employees are upset?  While most 
understand some sort of filtering, most people do not like the overbearing 
hand of big brother coming down on them without good 
explanation/reasoning.



What does your Internet Policy state?  Do you even have one?  If it is not 
rational and does not make sense, then employees will be disgruntled.



 -- i know most of the exploits try to implant viruses on the host, we 
have 3

anti virus engines, how high could be the impact?



Since they are browsing from your Citrix TS, your biggest threat is 
someone owning your Citrix TS box.  Now, if someone is smart enough to 
figure out how to piggy back that connection down to the workstation, you 
have your answer.

------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL 
certificate.  We look at how SSL works, how it benefits your company and 
how your customers can tell if a site is secure. You will find out how to 
test, purchase, install and use a thawte Digital Certificate on your 
Apache web server. Throughout, best practices for set-up are highlighted 
to help you ensure efficient ongoing management of your encryption keys 
and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1

------------------------------------------------------------------------







HITCON AG
Maik Linnemann
Gartenstraße 208
48143 Münster
+49 (251) 2801-205 (Phone)
+49 (251) 2801-280 (Fax)
+49 (170) 6364-205 (Mobil)
mailto:info () hitcon de
http://www.hitcon.de

Mitglieder des Vorstandes: Helmut Holtstiege, Tobias Helling
Vorsitzender des Aufsichtsrats: Hans-Hermann Schumacher
 
Sitz der Gesellschaft: Münster
Registergericht: Amtsgericht Münster, HRB 5177

member of http://www.grouplink.de
·

------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate.  We look at how SSL works, how 
it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, 
install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are 
highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------