[Dshield] Filtering ActiveX

Shaun Gray sgray at camdendiocese.org
Wed Sep 17 16:41:07 GMT 2003


Alright maybe I should have reworded that to say filtering ActiveX at the firewall level via the PIX.  We have been filtering about a day and I have not heard many complaints.  However, I realize that the complaints may be around the corner.  I was able to view the in-browser PDFs and use Windows Update after enabling the filter.  The filtering is supposed to block only the HTML<object> commands within the web page by commenting them out.  Are the same dangerous inherent in this process?

-----Original Message-----
From: Josh Tolley [mailto:josh at raintreeinc.com]
Sent: Wednesday, September 17, 2003 11:51 AM
To: General DShield Discussion List
Subject: Re: [Dshield] Filtering ActiveX


Shaun Gray wrote (excerpt):

>is there any good to having activex enabled on a business network.
>
Remember if you disable activex, it will in turn disable Flash, 
in-browser PDF viewing w/ Adobe Acrobat, Windows Update... Disabling 
activex totally (not just in the browser, but system-wide) would hose 
your system, but I don't think you can do that. Anyway, keep in mind 
that lots of stuff depends on ActiveX... not just the latest skiddie 
virii...

Josh Tolley


_______________________________________________
list mailing list
list at dshield.org
To change your subscription options (or unsubscribe), see: http://www.dshield.org/mailman/listinfo/list




More information about the list mailing list