|
Web of Worry
WORDS OF ADVICE
So what's an IT professional to do given these threats? SecureWorks' Stewart says IT shops need good policies for the interactive content that people are allowed to use. The safest measure, though unpopular he admits, is to forbid Internet Explorer from using ActiveX controls. "Don't let users arbitrarily decide which ActiveX controls to use," he says.
Matasano Security researcher Thomas Ptacek's advice is something IT pros have heard time and again in the wake of high-profile data breaches: "Stop thinking about flashy, blinking-light security and focus more on segmenting--carving up the network to block people from sections they shouldn't be able to access."
Those who heed that advice will be better positioned to minimize the damage from Web 2.0-based attacks because the crow...
To continue reading for free, register below or login
To read more you must become a member of SearchSecurity.com
n jewels will remain out of the bad guys' reach, he says.
Skoudis advises approaching browser scripts with extreme care.
"You may want to use a different browser and a different computer for managing infrastructure apps versus the browser you use to surf the Internet," he says. "For example, you might use Firefox to surf the Internet, and Internet Explorer for managing internal applications."
He also suggests deploying an HTTP proxy or even a network-based IPS tool that can filter out malicious browser scripts. Not all of the tools can detect or block malicious browser scripts, but some can, he notes.
Finally, Skoudis says, IT pros must look at the script-filtering features of their Web-enabled applications.
"They should filter all scripts that come in as part of user input, and filter what goes out as well, removing scripts," he says.
|
 |
|
