Page 330 - StudyBook.pdf
P. 330
314 Chapter 5 • Communication Security: Web Based Services
NOTE
The process of adding patches and making changes to make systems
more secure is called hardening, as performing such actions makes the
system less vulnerable and harder for intruders to access and exploit. By
taking actions to secure systems before an actual problem occurs, you
can avoid many of the security issues discussed in this chapter. This
mindset not only applies to browsers and e-mail clients, but any systems
in your organization.
Restricting Programming Languages
Most Web browsers have options settings that allow users to restrict or deny the use
of Web-based programming languages. For example, IE can be set to do one of
three things when a JavaScript, Java, or ActiveX element appears on a Web page:
■ Always allow
■ Always deny
■ Prompt for user input
Restricting all executable code from Web sites, or at least forcing the user to
make choices each time code is downloaded, reduces security breaches caused by
malicious downloaded components.
A side benefit of restricting the Web browser’s use of these programming lan-
guages is that the restrictions set in the browser often apply to the e-mail client as
well.This is true when the browser is IE and the e-mail client is Outlook or
Outlook Express, and Netscape and Eudora also depend on the Web browser set-
tings for HTML handling.The same malicious code that can be downloaded from
a Web site could just as easily be sent to a person’s e-mail account. If administrators
do not have such restrictions in place, their e-mail client can automatically execute
downloaded code.
Keep Security Patches Current
New exploits for Web browsers and e-mail clients seem to appear daily, with secu-
rity flaws providing the ability for hackers with the proper skills and conditions
being able to remote control, overwhelm, or otherwise negatively effect systems. In
addition to this, there are bugs that can cause any number of issues when using the
www.syngress.com
