The work I've done in the past involves completely locking down all zones
(there are a lot of problems appearing with busting the zone model). In
these cases, the local PC (my computer) zone uses the same settings as the
internet zone.
We have had to trade off security against hobbling the functionality of the
browser though. Sooooo, whilst we enable active scripting, we do lock down
some of the settings relating to unsigned code and activex scripts not
marked safe.
Ultimately you need a configuration that reflects the risk environment that
is faced by your users, the infrastructure that supports their internet
access and what sites they are allowed to/normally visit.
If you use Outlook as an email client, scripting obviously poses much
greater risks and so the environment you are trying to protect is very
important.
Notice: This email is confidential and may contain
copyright material of the John Lewis Partnership.
If you are not the intended recipient, please
notify us immediately and delete all copies of this
message. (Please note that it is your responsibility
to scan this message for viruses).
Hmmm,
The work I've done in the past involves completely locking down all zones
(there are a lot of problems appearing with busting the zone model). In
these cases, the local PC (my computer) zone uses the same settings as the
internet zone.
We have had to trade off security against hobbling the functionality of the
browser though. Sooooo, whilst we enable active scripting, we do lock down
some of the settings relating to unsigned code and activex scripts not
marked safe.
Ultimately you need a configuration that reflects the risk environment that
is faced by your users, the infrastructure that supports their internet
access and what sites they are allowed to/normally visit.
If you use Outlook as an email client, scripting obviously poses much
greater risks and so the environment you are trying to protect is very
important.
Craig.
*********************************************************************
Notice: This email is confidential and may contain
copyright material of the John Lewis Partnership.
If you are not the intended recipient, please
notify us immediately and delete all copies of this
message. (Please note that it is your responsibility
to scan this message for viruses).
*********************************************************************
John Lewis plc Registered in England 233462
Registered office 171 Victoria Street London SW1E 5NN
Websites: http://www.johnlewis.com and http://www.waitrose.com
[ reply ]