Chapter 13. Protecting User Applications
Protecting user applications is a complicated business. In contrast to server applications, which are relatively predictablewe have a reasonably good idea what functionality they need to providethe exact usage scenario of user applications may not be so obvious. User applications, by and large, are information worker applications, and information workers are somewhat unpredictable. Sure, we can make assumptions about common functionalityeveryone will read e-mail and use a word processor, they may need a presentation program, possibly a spreadsheet application, and, of course, they cannot do their job without that most insidious of applications: a Web browser! The problem is that it is much harder to tell what exactly they will do with those applications, and harder still to control them so they can do only that. Couple that with the fact that they are user applications and we have a security disaster waiting to happen. As mentioned in Chapter 12, "Server and Client Hardening," for most users given the choice of dancing pigs and security, security does not stand a chance.
In this chapter, we summarize some of the steps you can take to protect user applications. Although we cannot possibly cover all of the tweaks and other steps you can take to secure user applications, we will get you started by looking at the basics. In a sense, this is mostly about protecting your users from themselves and your networks from compromise through users.