Modern Middle Manager
Primarily my musings on the practical application of technology and management principles at a financial services company.
Fortress in the Making

Wednesday, July 21, 2004  

How does a company keep things like the latest Internet Explorer vulnerabilities from trashing its network and possibly sending off client data, thus invoking penalties from California's information privacy acts, a scenario that gives me the heebeejeebees?

Well, I'm not sure. But I do have a plan. After scaring the bejeezus out of senior management last week, I propose a plan to help reduce our window of vulnerability (nice pun, that) thanks to IE. My suggestions:

1. Buy a content security management device such as Blue Coat's ProxySG and strip all unnecessary ActiveX and Javascript. Be absolutely ruthless with the content management when possible.

2. Implement client firewalls such as Symantec offers. While this won't prevent infection, it can slow the spread of worms and Trojans by shutting off ports they might want to use. For example, when Welchia got in our network it spread quickly by using pings to find other potential hosts. Stop pings and several worms won't spread. Stop the gratuitous use of Netbios over TCP/IP and you cut down even more. Rinse & repeat -- by eliminating wide-open ports on every machine I can limit the damage done.

3. Maybe it's time to replace Internet Explorer. I use Firefox at home and I think it's great. Maybe we need to replace IE for Internet use, keeping it available for some of the intranet servers we have. My understanding is that I can use a CSM appliance to do that.

The possibility of seeing client data sent to some server by a keystroke-logging Trojan horse gives me cold sweats. If it wasn't for websites crucial to our business that use DHTML extensions that only IE can read and ActiveX controls that only IE will run, I would have ripped out IE yesterday.

posted by Henry Jenkins | 7/21/2004 09:03:00 PM

Comments: Post a Comment
the author
open source