Recipe 21.2. Basic Checklist: Preparing to Build Spam Malware Defenses

Previous page
Table of content
Next page
 < Day Day Up > 

21.2.1 Problem

You administer a mixed LAN, with clients running Windows, Linux, and maybe a few other platforms as well. You're most concerned about your Windows machines, because as much as you would like to lock them down in quarantine and deny them all network access to protect the rest of the LAN, it can't be done. So how can you harden your LAN against email and web infection?

21.2.2 Solution

Start with your Windows hosts. Remove:

  • Outlook

  • Outlook Express

  • Internet Explorer

Replace these with any of the following fine free email clients and web browsers:

  • Eudora

  • Pegasus

  • Mozilla Mail

  • Netscape Mail

  • Opera Mail

  • Opera web browser

  • Mozilla web browser

  • Netscape web browser

  • Firefox web browser

You have now closed off the major malware ports of entry, and you can move on to the next steps.

21.2.3 Discussion

Locking down Outlook/Outlook Express/Internet Explorer is theoretically possible, but in my estimation it's too risky. If all you need are a mail client and a web browser, there are many first-rate alternatives. IE has fallen far behind other web browsers in functionality, so you're not even getting a benefit for the increased risk.

If you need the groupware features of Outlook because you are running an MS Exchange server, you might give Novell Evolution a test drive. It runs on Linux, so it's not an option for your Windows hosts, but if you're considering migrating some desktops, or want to integrate your Linux users, it's a great choice. It connects to an Exchange server via the Evolution Connector, which is currently free from Novell. You'll get all the features of Outlook and none of the vulnerabilities. See http://www.novell.com for more information.

SuSE OpenExchange is a fine candidate for a cross-platform, out-of-the box mail and groupware server. Instead of using standalone mail clients, users can connect via a well-organized web interface, so you don't have to worry about mail clients or client compatibility at all. It also supports all POP/IMAP clients, for those who cannot live without them. Because OpenExchange is assembled from standard free/open components, you can replicate it yourself if you have the know-how. (Chapter 20 tells how do to some of this.)

If you want to standardize on a single web browser or mail client, look no further than Mozilla. It is standards-compliant, fully featured, and runs on Windows, OS X, Linux, OS/2, Solaris, HPUX, AIX, and many more platforms.

Also, keep an eye on Novell. They appear to be serious about supporting Linux and about developing good, enterprise-quality network integration and management products.

21.2.4 See Also

  • Chapter 20

  • Securing Outlook, Part One: Initial Configuration (http://www.securityfocus.com/infocus/1648)

  • Securing Outlook, Part Two: Many Choices to Make (http://www.securityfocus.com/infocus/1652)

  • SuSE (http://www.suse.com/us)

  • Novell Linux (http://www.novell.com/linux)

     < Day Day Up > 

    Previous page
    Table of content
    Next page
    Linux Cookbook
    Linux Cookbook
    ISBN: 0596006403
    EAN: 2147483647
    Year: 2004
    Pages: 434
    Authors: Carla Schroder
    BUY ON AMAZON
    High-Speed Signal Propagation[c] Advanced Black Magic
    The CISSP and CAP Prep Guide: Platinum Edition
    Cisco IP Communications Express: CallManager Express with Cisco Unity Express
    A Practitioners Guide to Software Test Design
    Cisco Voice Gateways and Gatekeepers
    802.11 Wireless Networks: The Definitive Guide, Second Edition
    flylib.com © 2008-2017.
    If you may any questions please contact us: flylib@qtcs.net
    Privacy policy