< Day Day Up > |
Recipe 21.2. Basic Checklist: Preparing to Build Spam Malware Defenses21.2.1 ProblemYou administer a mixed LAN, with clients running Windows, Linux, and maybe a few other platforms as well. You're most concerned about your Windows machines, because as much as you would like to lock them down in quarantine and deny them all network access to protect the rest of the LAN, it can't be done. So how can you harden your LAN against email and web infection? 21.2.2 SolutionStart with your Windows hosts. Remove:
Replace these with any of the following fine free email clients and web browsers:
You have now closed off the major malware ports of entry, and you can move on to the next steps. 21.2.3 DiscussionLocking down Outlook/Outlook Express/Internet Explorer is theoretically possible, but in my estimation it's too risky. If all you need are a mail client and a web browser, there are many first-rate alternatives. IE has fallen far behind other web browsers in functionality, so you're not even getting a benefit for the increased risk. If you need the groupware features of Outlook because you are running an MS Exchange server, you might give Novell Evolution a test drive. It runs on Linux, so it's not an option for your Windows hosts, but if you're considering migrating some desktops, or want to integrate your Linux users, it's a great choice. It connects to an Exchange server via the Evolution Connector, which is currently free from Novell. You'll get all the features of Outlook and none of the vulnerabilities. See http://www.novell.com for more information. SuSE OpenExchange is a fine candidate for a cross-platform, out-of-the box mail and groupware server. Instead of using standalone mail clients, users can connect via a well-organized web interface, so you don't have to worry about mail clients or client compatibility at all. It also supports all POP/IMAP clients, for those who cannot live without them. Because OpenExchange is assembled from standard free/open components, you can replicate it yourself if you have the know-how. (Chapter 20 tells how do to some of this.) If you want to standardize on a single web browser or mail client, look no further than Mozilla. It is standards-compliant, fully featured, and runs on Windows, OS X, Linux, OS/2, Solaris, HPUX, AIX, and many more platforms. Also, keep an eye on Novell. They appear to be serious about supporting Linux and about developing good, enterprise-quality network integration and management products. 21.2.4 See Also
|
< Day Day Up > |