So my Threat Modeling book came in today from Amazon.com [I've only preordered it for ages] and even before I’ve started reading it I’m doing a bit of “threat modeling/risk analysis” here at the office today.
Internet Explorer. Unless you’ve been living under a rock, you’ll know that IE has a bit of issues lately. Per newsreports, one of the web sites that was unpatched for 04-011 and thus was vulnerable to being overtaken and used in the browser attack was Kelley Blue Book. That sort of hit a little too close to home. Since that would be a business site that I would consider “trustworthy” I’d probably be adding that to a trusted zone if I needed it to work.
First and foremost as administrator I need to ensure that the firms data remains secure. If I can’t control what is going on on my workstations, I’m not controlling my network. My workstations are where my vulnerabilties are. Jeff Middleton just said it yesterday. Security isn’t about following a
“readers digest how to” book, it’s about *administration and control.*
So I made a risk analysis. I know that I don’t have my entire office running as user because either the applications I run won’t support it, or in my role as network enabler, I’m unwilling to push my office workers into a “painful” and loss of productivity position. So I’ve done things like running with IE in high security, adjusting the Trusted site zone to be no lower than medium. I have certain positions locked down, but not my IT workers who aren’t ready for a lack of control.
Today I decided to roll out XP sp2 to my higher risk workstations [like mine]. I know that I’m going to have to work something out around Shavlik.com’s patch progam that needs outbound NetBIOS connections [and inbound return responses], but right now I’ve not been seriously hampered by running a firewall inside my firewall.
Off to check out the Threat Modeling book….
UPDATE – another mitigation alternative is to run this IE registry tool here from eEye. This “kills“ the adodb bit.
Closing the adodb issue closes the possiblity for this latest zero vulnerability from running, as it requires it to run. Microsoft has not considered the fact that the adodb issue allowing code to be run in the “My Computer” zone to be a security problem, however multiple issues of this have been made.