Modern Middle Manager
Primarily my musings on the practical application of technology and management principles at a financial services company.
Fortress in the Making

Wednesday, July 21, 2004  

How does a company keep things like the latest Internet Explorer vulnerabilities from trashing its network and possibly sending off client data, thus invoking penalties from California's information privacy acts, a scenario that gives me the heebeejeebees?

Well, I'm not sure. But I do have a plan. After scaring the bejeezus out of senior management last week, I propose a plan to help reduce our window of vulnerability (nice pun, that) thanks to IE. My suggestions:

1. Buy a content security management device such as Blue Coat's ProxySG and strip all unnecessary ActiveX and Javascript. Be absolutely ruthless with the content management when possible.

2. Implement client firewalls such as Symantec offers. While this won't prevent infection, it can slow the spread of worms and Trojans by shutting off ports they might want to use. For example, when Welchia got in our network it spread quickly by using pings to find other potential hosts. Stop pings and several worms won't spread. Stop the gratuitous use of Netbios over TCP/IP and you cut down even more. Rinse & repeat -- by eliminating wide-open ports on every machine I can limit the damage done.

3. Maybe it's time to replace Internet Explorer. I use Firefox at home and I think it's great. Maybe we need to replace IE for Internet use, keeping it available for some of the intranet servers we have. My understanding is that I can use a CSM appliance to do that.

The possibility of seeing client data sent to some server by a keystroke-logging Trojan horse gives me cold sweats. If it wasn't for websites crucial to our business that use DHTML extensions that only IE can read and ActiveX controls that only IE will run, I would have ripped out IE yesterday.

posted by Henry Jenkins | 7/21/2004 09:03:00 PM
Comments: Post a Comment
search
Google

Search blog
Search WWW
the author
Send your comments to henry.jenkins{at}yahoo.com
RSS feed here.
archives
links
Media Links
InfoWorld
CIO Online
CIO Insight
SlashDot


Blog Links
John's Jottings
Windley's Enterprise Computing
Doc Searls
Robert Scoble
Joel on Software
Jeremy Zawodny
Not a PHB
Virtualization Info
open source
LinuxWorld
Linux Magazine
The Open Enterprise
SourceForge
vendors
VMWare
Microsoft
Softricity
PlateSpin
Citrix
Captaris
Veritas
Symantec

Debian
Red Hat
Perl
Python
The Mono Project

Network Appliance
Dell Computers
Cisco Systems
stats

Get a GoStats hit counter
reading