Re: upgrading to IE6 on w2k servers

From: Alexandros Papadopoulos (apapadop_at_alumni.carnegiemellon.edu)
Date: 07/29/04

  • Next message: Dieter Sarrazyn: "RE: AD in the DMZ . . . OK?" 
    To: security-basics@securityfocus.com
Date: Thu, 29 Jul 2004 10:10:28 +0300

    On Tuesday 27 July 2004 20:10, Ansgar -59cobalt- Wiechers wrote:
    > On 2004-07-27 Juan B wrote:
    > > I want to know why is it recommended to upgrade my servers to IE6.
    > >
    > > I didnt find any reason at all !!! ( from the security point of
    > > view..).
    >
    > From a security point of view, the recommended upgrade would be to
    > install some other browser, not to upgrade IE.
    >
    > But there are some reasons for upgrading, e.g.:
    >
    > - Product lifecycle
    > - OE 6 allows for displaying mails as plaintext

    No security conscious person would use Outlook Express to read email on
    a server. Come to think of it, no such person would use OE, period.

    > - Better cookie-handling
    > - You need at least IE 5.5 to manage a SUS through its web-frontend
    > ...
    >
    > > I only found thie line in lits of site "it is recommended to update
    > > to IE6". but why ?
    > >
    > > why I need to upgrade ?
    > > I have IE5 on the servers and I surf the net from those servers.
    >
    > You shouldn't misuse servers as desktops.

    I second that. The only web connection a server should make is to
    windowsupdate.com (if you don't have an internal SUS server).

    -A

    ---------------------------------------------------------------------------
    Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off
    any course! All of our class sizes are guaranteed to be 10 students or less
    to facilitate one-on-one interaction with one of our expert instructors.
    Attend a course taught by an expert instructor with years of in-the-field
    pen testing experience in our state of the art hacking lab. Master the skills
    of an Ethical Hacker to better assess the security of your organization.
    Visit us at:
    http://www.infosecinstitute.com/courses/ethical_hacking_training.html
    ----------------------------------------------------------------------------

  • Next message: Dieter Sarrazyn: "RE: AD in the DMZ . . . OK?"

    Relevant Pages

    • Re: IE6 vs IE& vs IE8 on SBS
      ... When an app needs it or when MS updates a component that needs it then I'll upgrade. ... I just don't upgrade for no reason either. ... Please don't read that last line as dismissing the possible issues of using a browser from a server, I am not and do not advocate it. ... If true, this makes me wonder if there isn't some of the aforementioned security problems present in any OS that has IE6 or earlier installed, active or not. ...
      (microsoft.public.windows.server.sbs)
    • RE: passwords in asp pages
      ... and using integrated security for connecting to the database- this will ... remove cleartext passwords from the files. ... grab the raw asp source from the server. ... to facilitate one-on-one interaction with one of our expert instructors. ...
      (Security-Basics)
    • Re: Post Windows 2003 Update Errors
      ... > down to a member server later). ... > Everything appears to be fine following the upgrade except that the SMS ... > or local security authority server was in the wrong state to perform ...
      (microsoft.public.sms.setup)
    • RE: passwords in asp pages
      ... > I am new to security and I have no training in asp programming, ... > The server is also up to date with patches as far as I know. ... to facilitate one-on-one interaction with one of our expert instructors. ... of an Ethical Hacker to better assess the security of your organization. ...
      (Security-Basics)
    • Security problem after W2K to Windows 2003
      ... I have just upgrade a Windows 2000 Server running Terminal Services to ... Windows Server 2003. ... Security to Relaxed Security. ...
      (microsoft.public.win2000.advanced_server)