Previous Page | Next Page

  1. Introduction
  2. Your Needs
  3. What to Protect
  4. Security Policies
  5. Security Policy Requirements
  6. Incident Procedures
  7. Security Categories
  8. Software Vulnerability Control
  9. Hostile Software
  10. Network Layout
  11. Traffic Filtering
  12. Mail
  13. Firewall Protection
  14. Network Intrusion Detection
  15. Network Port Scanning
  16. Network Tools
  17. Passwords
  18. Types of Attacks
  19. Protocol Use
  20. Entry Points
  21. Cost
  22. Application Level Protection
  23. System Protection
  24. User Issues
  25. Other Recommendations
  26. Terms
  27. Credits

Application Level Protection

  • In order to avoid Trojan Horses, only IS approved software should be allowed to be installed on any computers in the organization.
  • Keep operating system and application program security patches updated. Therefore to support this effort, the following must be in place:
    1. Software architectures on all machines must be defined. This can be done by department or individual computer or combination thereof. This policy is especially important for all server computers.
      • The operating system on all computers must be defined along with all applications that are run on them.
      • The latest security patches for all operating systems and applications must be tracked and it must be known if each department or computer has the latest security patches.
      • Reliable patch sources for all operating systems and each application used in the organization must be determined. These sources must be regularly used when new patches are made available.
  • Turn on Macro Virus Protection in Microsoft applications such as Word. Select "Tools", "Options", select the "General" tab, and select "Macro Virus Protection". In some later Microsoft Applications, this feature is always on and there is no checkbox to turn it on.
  • Turn the auto-execute feature off in Microsoft applications.
  • Turn off scripts in Outlook.

E-mail

  • Send Rich Text Format (.RTF) email attachments rather than Microsoft Word (.DOC) email attachments. Rich Text Format files cannot contain Word macro programs which may contain viruses. When opening the file, first open it in a plain text editor such as Notepad (Wordpad won't work) to be sure it is really a text file (Some viruses can disguise a DOC file as a RTF file).
  • Turn off "Auto Preview" in Outlook (not Outlook Express).