Full Disclosure mailing list archives
Re: IE is just as safe as FireFox
From: Raoul Nakhmanson-Kulish <raoul () elforsoft com>
Date: Mon, 22 Nov 2004 12:43:17 +0300
Hello, joe!
Autoconfig script may enumerate hosts which don't require a proxy. Usually there are a very few intranet servers in corporate network.You should have prefixed "there are very few... " with one of two things 1. Relative to the internet...2. In my experience...
I said "usually". What's a habit to pick on words? :(
IMHO, right policy in this point should be reducing number of intranet servers to minimally sensible value. This is a simple reason: the smaller web server amount the easier administration and less security risks. Clusters is solution of bottleneck problems. I think, 1-3 web servers (possibly clustered) for territorial subdivision and 3-5 in head office is enough for all tasks in corpotation which isn't listed in Forbes Top 500 :)I have been on several large corporate networks where there are hundreds or thousands of intranet web servers hosting tens of thousands of sites. Many large enterprise class companies are moving whole hog to web based apps internally (even email) and all available content is on the internal web.
Anyway, you can specify an unlimited amount of non-proxied servers in autoconfiguration script. More, you may modify autoconfig rules as frequently as needed, or even do it automatically.
Examples? Outlook Web Access works fine with Mozilla, Lotus iNotes too. Probably, some on-knee-assembled applications using a lot of dubious ActiveXes will not work, but company-wide Firefox installation is a good occasion to redesign them or switch to another product.This is actually the area where IE is so strongly embedded due to its application interfaces and what MS has been building towards for so long with it.
FF/Win32 supports SSPI since 1.0PR, and thus I don't expect big problems with IIS.There are companies whose primary LOB applications internally are on IIS servers and can only be accessed with IE.
Any malware suited in Local Intranet zone is more dangerous than in untrusted zone. Using browser without this "feature" is a good point anyway.I wouldn't really call that a worm. Worms work without interaction. They are self-propagating/replicating. Malware that spreads that requires user interaction would generally just be called a virus.
Furthermore, I would suggest you to deny any HTTP access to all LAN hosts generally, of course, except known intranet servers. This "feature" doesn't make sense at all and leads only to risks. A correctly configurated proxy should do it.
-- Best regards, Raoul Nakhmanson-Kulish Elfor Soft Ltd., ERP Department http://www.elforsoft.ru/ _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- RE: IE is just as safe as FireFox, (continued)
- RE: IE is just as safe as FireFox Stuart Fox (DSL AK) (Nov 15)
- Re: IE is just as safe as FireFox stephane nasdrovisky (Nov 16)
- RE: IE is just as safe as FireFox joe (Nov 17)
- IE is just as safe as FireFox Raoul Nakhmanson-Kulish (Nov 18)
- Message not available
- Re: IE is just as safe as FireFox Raoul Nakhmanson-Kulish (Nov 18)
- Message not available
- Re: IE is just as safe as FireFox Raoul Nakhmanson-Kulish (Nov 18)
- Message not available
- Re: IE is just as safe as FireFox Raoul Nakhmanson-Kulish (Nov 19)
- RE: IE is just as safe as FireFox joe (Nov 19)
- Re: IE is just as safe as FireFox Vincent Archer (Nov 19)
- Re: IE is just as safe as FireFox bkfsec (Nov 20)
- Re: IE is just as safe as FireFox stephane nasdrovisky (Nov 16)
- Re: IE is just as safe as FireFox Raoul Nakhmanson-Kulish (Nov 22)
- RE: IE is just as safe as FireFox joe (Nov 25)
- Re: IE is just as safe as FireFox DanB UK (Nov 25)
- Re: IE is just as safe as FireFox Raoul Nakhmanson-Kulish (Nov 27)
- RE: IE is just as safe as FireFox Stuart Fox (DSL AK) (Nov 15)
- Message not available
- Message not available
- Message not available
- Re: IE is just as safe as FireFox Raoul Nakhmanson-Kulish (Nov 19)
- RE: IE is just as safe as FireFox Gary E. Miller (Nov 16)
- RE: IE is just as safe as FireFox joe (Nov 17)
- RE: IE is just as safe as FireFox Gary E. Miller (Nov 17)
- RE: IE is just as safe as FireFox joe (Nov 17)