Bienvenido! - Willkommen! - Welcome!

Bitácora Técnica de Tux&Cía., Santa Cruz de la Sierra, BO
Bitácora Central: Tux&Cía.
Bitácora de Información Avanzada: Tux&Cía.-Información
May the source be with you!

Monday, April 27, 2009

Security in Internet

Group Policies
The last thing that I want to talk about is how you can prevent spyware from infesting your network by making effective use of group policies. As you probably know, group policies are designed to configure the security settings of each workstation as it attaches to the network. What a lot of people don’t realize is that you can control Internet Explorer’s configuration directly through a group policy.
The Internet Explorer related group policy elements can be found by browsing through the group policy tree to User Configuration | Windows Settings | Internet Explorer Maintenance | Security, as shown in Figure A.

Figure A: You can configure Internet Explorer’s security settings through a group policy.

If you double click on the Security Zones and Content Ratings option, you will see a screen that gives you the chance to customize the security and privacy settings. Select the Import the Current Security Zones and Privacy option, click the Modify Settings button, and you will see the familiar Internet Options properties sheet, shown in Figure B. The thing about this properties sheet though is that the settings that you enter will apply to every user that the group policy applies to (assuming that a higher level policy doesn’t block the settings).

Figure B: The Internet options Properties Sheet can be used to configure Internet Explorer for all of your users.

The actual settings that you implement are up to you, but I recommend setting the Internet zone to Medium security, but also blocking any and all ActiveX controls. I recommend setting the Restricted Sites zone to High Security. I also recommend periodically adding known malicious sites to the Restricted Sites zone. There are a lot of places on the Internet where you can download lists of Web sites that are known to be malicious. I also like using a free utility called Spyware Blaster ( because it contains its own list of malicious sites. You can copy the list of malicious sites from Spyware Blaster into the Restricted Sites zone.

No comments: