Chapter 2: Office 2003 Security

Previous page
Table of content
Next page

Download CD Content

Security threats delivered through the Internet and e-mail messages have forced many businesses to change the way they deploy and configure Microsoft Office. To help address these threats, Microsoft has conducted a major review of code in Office and new security-related features both in the user interface and behind the scenes. The Microsoft Office 2003 Editions Resource Kit includes features to help reduce possible security vulnerabilities. Along with these features are suggestions and recommendations for how to address specific types of security threats and possible exposure to future attacks.

Security and Office 2003

The new security part of the Microsoft Office 2003 Editions Resource Kit covers a range of security-related concepts and features of Microsoft Office 2003. To help address growing concern about the security of information and systems, several new features were included in Office 2003 for administrators and users.

Some of the new improvements include the following:

  • Revised macro security

    While the previous macro security method helped to address many security-related issues, a few subtle improvements have been made to how documents, attachments, and linked references are opened.

    However, this may cause some minor problems for some users when attachments to some files no longer open or are disabled. Administrators can revise some of these features and how they work through policy settings or from within the Custom Installation Wizard on the Specify Security Settings page.

    For more information on the effects of these improvements on users—as well as how the administrator can configure security settings in the Custom Installation Wizard—see “Macro Security Levels in Office 2003” in Chapter 23, “Office 2003 Security Environment.”

  • Revised Trusted Publishers store management

    When administrators accept certificates of trusts from external vendors, they can now more easily roll out those certificates to others by using the Active Directory directory service. Active Directory makes it easy for administrators to do several tasks that were previously difficult to perform. Reliance on this feature of Microsoft Windows–based servers is more important than with previous releases, and several new features of Office require the use of Active Directory in order to work properly.

    This feature has a different user interface for Windows 2000 than under Windows XP. See the Tools | Macro | Security | Trusted Publishers tab for more information. It is now also possible to remove an installed and trusted certificate of trust if you no longer require it or suspect it was compromised.

    For more information on managing the Trusted Publishers store, see “Working with Trusted Trust Publishers” in Chapter 23, “Office 2003 Security Environment.”

  • Revised Microsoft ActiveX controls

    The concern about how ActiveX controls start and run on users’ computers is more important than ever. A new paradigm was developed that allows administrators more control over how these types of programs are opened and run. In essence, the new paradigm defends against unknown or ill-defined controls that may possess security flaws; it allows you to set the degree of risk you are willing to accept from an unknown ActiveX control when it starts.

    Even with this improved paradigm, an ActiveX control only makes use of possible security-related options if the one who creates the control decides to use the options. For more information on ActiveX controls as they relate to security, see “ActiveX Controls and Office Security” in Chapter 23, “Office 2003 Security Environment.”

  • New encryption types

    Added to Office 2003 are new encryption types and the ability to set all Office applications to use a specific encryption type as their default. This does not mean that every document will have encryption when it is saved; it only means that if a password is set to encrypt the document, the user does not have to select an encryption type to use.

    For more information on configuring Office 2003 for encryption, see “Important Aspects of Password and Encryption Protection” in Chapter 23, “Office 2003 Security Environment.”

  • Revised core Office programming objects

    Due to the security review of all Office applications, the core objects were updated in an endeavor to help eliminate the classic buffer overflow attack to any data entry points. Along with this review, programmers worked to implement improved programming methods—such as those that relate to handling user IDs and passwords stored within code.

    For more information on Office code objects as related to security, see “Important Aspects of Password and Encryption Protection” in Chapter 23, “Office 2003 Security Environment.”



Previous page
Table of content
Next page
Microsoft Office 2003 Resource Kit 2003
Microsoft Office 2003 Editions Resource Kit (Pro-Resource Kit)
ISBN: 0735618801
EAN: 2147483647
Year: 2004
Pages: 196
Authors: Microsoft Corporation
BUY ON AMAZON
Absolute Beginner[ap]s Guide to Project Management
Strategies for Information Technology Governance
Postfix: The Definitive Guide
Twisted Network Programming Essentials
Microsoft VBScript Professional Projects
Microsoft Office Visio 2007 Step by Step (Step By Step (Microsoft))
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy