Full Disclosure mailing list archives
Re: Keeping IE up to date on a Windows Server
From: Jeremiah Cornelius <jeremiah () nur net>
Date: Thu, 11 Sep 2003 10:26:46 -0700
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Thursday 11 September 2003 08:54, petard wrote:
On Fri, Sep 12, 2003 at 12:05:46AM +1200, Nick FitzGerald wrote:(And, if you cannot trust your admins to not surf the web from your servers (or don't know), why not limit their access to iexplore.exe and audit all changes to this file, its ACLs, etc? After all, it is little more than a window manager providing displays for the output of the various *ML parsers, "security" and script engines, etc, etc that are implemented in a bunch of DLLs and ActiveX controls and whose use by other processes should be unaffected by the permissions set on the IE executable itself...)That's a useless precaution. Start explorer.exe and type a url into the location bar. iexplore.exe is never touched. If you can't trust admins not to surf from your servers, suggest to them that they need to choose another line of work.
IMNSHO, Servers should not be able to connect via arbitrary protocols, to arbitrary net destinations. To allow this means they are no longer trusted hosts, and are instead Internet relays. - This is why there is internal firewalling. You want updates? Pull 'em once to a staging server, designed for this role - then push/pull to your trusted machines. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.3 (GNU/Linux) iD8DBQE/YLBfJi2cv3XsiSARAhCjAJ4sbNtzzdMCIJ4VVDJ0SNBxKJ3x7QCbB6gC wOmvPLKUY0pRqmcLfDgXbjM= =UshP -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Keeping IE up to date on a Windows Server Meeusen, Charles D (Sep 10)
- Re: Keeping IE up to date on a Windows Server Nick FitzGerald (Sep 11)
- Re: Keeping IE up to date on a Windows Server petard (Sep 11)
- Re: Keeping IE up to date on a Windows Server Jeremiah Cornelius (Sep 11)
- Re: Keeping IE up to date on a Windows Server Jay Sulzberger (Sep 11)
- Re: Keeping IE up to date on a Windows Server petard (Sep 11)
- Re: Keeping IE up to date on a Windows Server Nick FitzGerald (Sep 11)