|
[networknewsletters]
||
[Date Prev]
[10-2004 Date Index]
[Date Next]
||
[Thread Prev]
[10-2004 Thread Index]
[Thread Next]
Security-- Group Policy and Corporate Policy--Octo
- From: Educational CyberPlayGround <admin@xxxxxxxxxxxxxxx>
- To: NetworkNewsletters@xxxxxxxxxxxxx
- Date: Tue, 19 Oct 2004 08:48:11 -0400
*************************************************************
Educational CyberPlayGround http://www.edu-cyberpg.com/
Network Newsletters Mailing List
**************************************************************
Network Newsletters Mailing List Service
<http://www.edu-cyberpg.com/Community/Subguidelines.html>
Subscribe | Unsubscribe | Change Email Preferences -
<http://www.edu-cyberpg.com/Community/NetworkNewsletters.html>
**************************************************************
====================
1. In Focus: Group Policy and Corporate Policy
2. Security News and Features
- Recent Security Vulnerabilities
- Modify Your ASP.NET Applications for Added Security
- Microsoft Working on Spyware Solution
3. Security Matters Blog
- Security Fixes Available for Mac OS X
- Security Update for Firefox Preview Release
4. Security Toolkit
- FAQ
- Security Forum Featured Thread
5. New and Improved
- Use Certificates to Secure Your Files
- Monitor Keystrokes, Passwords, Emails, and Web Site Visits
====================
==== 1. In Focus: Group Policy and Corporate Policy ====
by Mark Joseph Edwards, News Editor, mark at ntsecurity / net
Recently on a popular mailing list devoted to security on Microsoft
platforms, a member explained that he had configured Group Policy to
prevent people from installing unapproved software on their systems.
He wrote that he wasn't content with Group Policy Objects (GPOs),
because they only block the installation of software packaged in
Windows Installer (.msi) files, which means that executables could
still run and install programs.
In response, another list member suggested that administrators could
adjust ACLs on areas of the registry (such as the
HKEY_LOCAL_MACHINE\SOFTWARE subkey or HKEY_CURRENT_USER\Software
subkey) and on directories (such as the Program Files directory) to
restrict regular user accounts from having write access, which would
prevent the installation of software. These actions could work but
might break some applications that need to write to those areas of the
registry and file system.
Another list member suggested that administrators could configure
restrictions that prevent programs such as setup.exe and install.exe
from running. This might work too, but some users will realize they
can simply rename typical installation programs and the programs will
run just fine.
Obviously, a combination of tactics is required. Completely
restricting people from installing software on their systems, whether
you use controls built into the OS or add-on controls from third
parties, is challenging. The further you programmatically restrict
activity on a system, the greater chance you have of breaking some
application that users need.
As I read the message thread, it became clearer how much
administrators struggle to outmaneuver the people who use the
computers on their networks. It seems to me that there is an
additional, less stressful way to address this particular problem.
Companies can establish written guidelines that explain exactly what
employees are allowed and not allowed to do with company computers and
make employees liable for any misuse of company computers to deter
employees from acting outside the guidelines.
If someone installs software on a computer without permission,
somewhere along the line, an administrator will probably have to
uninstall that software or rebuild the system to ensure some desired
level of system integrity. This work costs the company money and is
basically a waste of company time. So why not consider a corporate
policy that lets you charge the negligent employee for the time and
labor needed to restore a system to its original configuration? Of
course, you could also add even stronger deterrents to your policies
if your situation warrants them.
====================
==== 2. Security News and Features ====
Recent Security Vulnerabilities
If you subscribe to this newsletter, you also receive Security
Alerts, which inform you about recently discovered security
vulnerabilities. You can also find information about these discoveries
at
http://www.windowsitpro.com/departments/departmentid/752/752.html
Modify Your ASP.NET Applications for Added Security
The new Microsoft article "Programmatically check for
canonicalization issues with ASP.NET" (
http://support.microsoft.com/?kbid=887459 ) recommends program code
adjustments for applications that use ASP.NET. The changes will help
strengthen overall security because they prevent intruders from
gaining access to files they shouldn't be able to access.
http://www.winnetmag.com/Article/ArticleID/44182/44182.html
Microsoft Working on Spyware Solution
During a recent trip to the Computer History Museum in Mountain
View, California, Microsoft Chairman and Chief Software Architect Bill
Gates revealed that his company is working on an antispyware software
solution. Gates didn't say when the company would ship the technology
or whether it would be bundled with Windows or shipped as a standalone
product.
http://www.winnetmag.com/Article/ArticleID/44141/44141.html
==== 3. Security Matters Blog ====
by Mark Joseph Edwards, http://www.windowsitpro.com/securitymatters
Check out these recent entries in the Security Matters blog:
Security Fixes Available for Mac OS X
For those of you who support Apple systems on your network, be
aware that a new set of security patches for Apple Mac OS X is
available now.
http://www.winnetmag.com/Article/ArticleID/44181/44181.html
Security Update for Firefox Preview Release
If you're using the Mozilla Firefox Web browser, you might need to
install an update to protect your systems against possible attacks. On
September 29, Alex Vincent reported a vulnerability that might let
intruders delete files on a user's system. Mozilla issued an update
for the browser on October 1.
http://www.winnetmag.com/Article/ArticleID/44139/44139.html
==== 4. Security Toolkit ====
FAQ
by John Savill, http://www.windowsitpro.com/windowsnt20002003faq
Q: Why can't clients view a Web site that I'm hosting on a system that
has Windows XP Service Pack 2 (SP2) installed?
Find the answer at
http://www.winnetmag.com/Article/ArticleID/44146/44146.html
Security Forum Featured Thread
A reader writes that he wants to move some data into a shared
read-only area in his file system. The data should ideally retain its
current permissions to the extent that only those with access now can
still access the data after the migration. To achieve this goal, he
proposes to use the Everyone group with a "deny" attribute to ensure
that, despite existing permissions, the highest level of access
available to the user community will be read-only. He would also like
to prevent anyone from mass-copying data out of this area. He wants to
know whether what he's trying to achieve is possible and, if so, how
he can do it. Join the discussion at
http://www.winnetmag.com/Forums/messageview.cfm?catid=42&threadid=125757
====================
==== Events Central ====
(A complete Web and live events directory brought to you by Windows
IT Pro at http://www.windowsitpro.com/events )
Are You "Getting By" Using Fax Machines or Relying on a Less Savvy
Solution That Doesn't Offer Truly Integrated Faxing from Within User
Applications?
Attend this free Web seminar and learn what questions to ask when
selecting an integrated fax solution, discover how an integrated fax
solution is more efficient than traditional faxing methods, and
discover how to select the fax technology that's right for your
organization. Register now!
http://list.windowsitpro.com/cgi-bin3/DM/y/ehpk0MfYqv0Kma0BL8a0Aj
====================
==== 5. New and Improved ====
by Renee Munshi, products@xxxxxxxxxxxxxxxx
Use Certificates to Secure Your Files
EldoS offers EldoS PKI Tools, which encrypts and signs files using
X.509 certificates and manages the certificates. EldoS PKI Tools lets
you perform simple file operations such as packing files into a .zip
archive, sending files as email attachments, and securely deleting
files. You can also perform advanced security operations such as
signing and encrypting files and folders. All operations are performed
with just a few clicks. EldoS PKI Tools uses digital certificates
instead of passwords to provide better information security and
integrity. EldoS PKI Tools supports smart cards and USB tokens for
storing certificates. EldoS PKI Tools runs on Windows
2003/XP/2000/Me/98. For more information, or to purchase and download
EldoS PKI Tools, go to
http://www.eldos.org
====================
==== Contact Us ====
About the newsletter -- letters@xxxxxxxxxxxxxxxx
About technical questions -- http://www.windowsitpro.com/forums
About product news -- products@xxxxxxxxxxxxxxxx
About your subscription -- windowsitproupdate@xxxxxxxxxxxxxxxx
About sponsoring Security UPDATE -- emedia_opps@xxxxxxxxxxxxxxxx
====================
This email newsletter is brought to you by Windows IT Pro,
the leading publication for IT professionals deploying Windows and
related technologies. Subscribe today.
http://www.windowsitpro.com/sub.cfm?code=wswi201x1z
View the Windows IT Pro privacy policy at
http://www.windowsitpro.com/AboutUs/Index.cfm?action=privacy
Windows IT Pro, a division of Penton Media, Inc.
221 East 29th Street, Loveland, CO 80538
Attention: Customer Service Department
Copyright 2004, Penton Media, Inc. All rights reserved.
<>~~~~~<>~~~~~<>~~~~~<>~~~~~<>~~~~~<>~~~~~<>~~~~~<>~~~~~<>~~~~~<>
EDUCATIONAL CYBERPLAYGROUND
http://www.edu-cyberpg.com
Net Happenings, K12 Newsletters, Network Newsletters
http://www.edu-cyberpg.com/Community/index.html
FREE EDUCATION VENDOR DIRECTORY LISTING
http://www.edu-cyberpg.com/Directory/default.asp
HOT LIST OF SCHOOLS ONLINE
http://www.edu-cyberpg.com/Schools/default.asp
Educational CyberPlayGround Services
http://www.edu-cyberpg.com/PS/Home_Products.html
<>~~~~~<>~~~~~<>~~~~~<>~~~~~<>~~~~~<>~~~~~<>~~~~~<>~~~~~<>~~~~~<>
|
|
