Page 313 - StudyBook.pdf
P. 313
Communication Security: Web Based Services • Chapter 5 297
■ Access to the CodeBaseSearchPath in the system Registry, which controls
where the system will look when it attempts to download ActiveX con-
trols.
■ The Internet Explorer Administration Kit (IEAK), which can be used to
define and dynamically manage ActiveX controls. IEAK can be down-
loaded from Microsoft’s Web site at www.microsoft.com/technet/
prodtechnol/ie/ieak/default.mspx.
Although all of these are great, administrators should also consider imple-
menting a firewall if they have not already done so. Some firewalls have the capa-
bility of monitoring and selectively filtering the invocation and downloading of
ActiveX controls and some do not, so administrators must be aware of the capabili-
ties of the firewall they choose.
Protection at the Client Level
One of the most important things to do as an end user is to keep the OS with all
its components and the virus detection software current. Download and install the
most current security patches and virus updates on a regular basis.Another option
for end users, as well as administrators, is the availability of security zone settings in
IE, Outlook, and Outlook Express.These are valuable security tools that should be
used to their fullest potential.
EXERCISE 5.02
CONFIGURING SECURITY ZONES
Properly set security zones can dramatically reduce the potential vulner-
ability to ActiveX controls. There are five security zones:
■ Local Intranet zone
■ Trusted Sites zone
■ Restricted Sites zone
■ Internet zone
■ My Computer zone
The last zone, My Computer, is only available through the IEAK and
not through the browser interface. If you do not have access to the
IEAK, you can also access the security zone settings through the
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\
www.syngress.com
