Virtualized IE 6 Security risks?
We have three software packages that will not run in IE8 and are trying to figure out how to manage a migration to Windows 7 without upgrading these (total cost for the three would be in the millions and the budget won't support that for a while yet). It was suggested that we simply run them on Windows 7 with the already created virtualized IE 6, which I believe will work in our case. However, we have some major security questions before we go thqat route.
If we go the route of virtualizing IE 6 for these three web applications, how do we "lock it down" so that nothing outside our internal network can be accessed with the virtualized browser? All of our desktop users have full admin authority on thier own desktops, a requirement for a different application, so they would not be prevented from reconfiguring any "fake" proxy settings we put into place. Is there another way to do this?
Comments
Can anyone assist Shannon?
Can anyone assist Shannon?
Shannon, I've also asked support to take a look. I know you were asked in a different thread to repost here since the second part of your question had more to do with virtualization.
Mike Clemson, Senior Systems Engineer
Intuitive Technology Group -- Symantec Platinum Partner
The "Browser Selector Object" can be used
The "Browser Selector Object" can be used to define a policy that restricts certain URLs to only be launched in a specific browser.
See: http://www.symantec.com/connect/articles/introducing-symantec-browser-selection-tool
If I understand right..
If I understand correctly, it cannot be used in the inverse, can it? Can it restrict the browser to only allow certain URLs? Or would they have to somehow use Content Advisor to limit the users to a short list of approved (internal) sites?
Mike Clemson, Senior Systems Engineer
Intuitive Technology Group -- Symantec Platinum Partner
The BSO can restrict websites
The BSO can restrict websites to a certain browser so you could, for example, create rules that say if the following intrantet site use IE6 else use base IE.
So what you're doing is making certain sites redirect to IE6 and everything redirect to the version of IE installed in the base regardless of the browser they were called from (shortcuts, address bar and so on).
If you want to block URLs or only allow certain ones to be seen at all you'll have to follow normal windows policies for that.
If a forum post solves your problem please flag is as the solution
How-To Documentation
Okay, this might be an option for us then. Can you point me to a link for the documentation on how I would go about setting this up using our current version (CMS/SMS 6.x) and whatever versions of virtualization that includes so I can begin testing it? We will eventually be moving to ITMS 7.1 in the next few months (pending a hardware upgrade) so if this will need to be handled differently in 7.1 I'll also need what ever documentation is available for this version as well.
Thanks in advance.
Shannon DuBey
CMS/SMS 6.x & 7.x
https://www-secure.symantec.c
https://www-secure.symantec.com/connect/articles/introducing-symantec-browser-selection-tool
If a forum post solves your problem please flag is as the solution
Would you like to reply?
Login or Register to post your comment.