Lock Down Ie

Mapping the Cloud: Dome9 Security looks to lock down the cloud

Tel Aviv-based Dome9 Security launched in May as a so-called security-management-as-a-service offering, to tackle the hot-button issue of cloud security. We talked to the company’s new VP of marketing, David Meizlik—late of IT security firm Websense—about security lapses and the value of a protective dome.

What was the market need Dome9’s founders were aiming to address?

The company was founded to help secure the cloud. Today, when an enterprise moves to the cloud—whether it’s in Amazon’s EC2, RackSpace, GoGrid, or another service provider—they’re forced to manually configure server security and leave many administrative ports, such as SSH and Remote Desktop, open so that they can connect to and manage their cloud machines. What’s more, because those machines are in the cloud, they’re not secured behind the corporate firewall infrastructure. Unfortunately, this means that too often, the only security that remains is a username and password for a server that has many open ports, and as a result most cloud servers are relatively unsecured.

What’s unique about Dome 9’s approach?

Dome9’s key innovation is its Secure Access Lease technology, which closes all administrative ports by default and opens them only when it’s needed, for as long as it’s needed, and for whom it’s needed. When an administrator or developer needs access to a cloud server, he uses Dome9 to get a time-based Secure Access Lease. The lease allows for access by a specified user, from a specified location, via a specified port, and from a specified location. Once the lease expires, Dome9 automatically reconfigures the cloud server’s security to close the firewall port. Dome9 works across hosting provider platforms—another key innovation, because many organizations that adopt the cloud have multiple cloud providers, and will often move machines across environments. With Dome9, cloud server security is centrally managed across providers, and is retained and persistent no matter what environment the machine is hosted in. This capability helps ensure security while providing flexibility and portability.

What are the company’s target customers?

Dome9 is an on-demand cloud service that can service an unlimited number of dedicated or virtual, private or public environments. We can service any size organization or hosting provider.Dome9 Security is ideal for both the enterprise and hosting providers. Enterprise customers using the cloud can use Dome9 directly from our website, and centrally manage cloud server security across multiple hosting platforms (i.e., centrally manage cloud server security across concurrent deployments in AWS EC2, RackSpace and others). Hosting providers can resell Dome9 as a security add-on, or bundle it into existing packages to help remove the number one barrier to cloud adoption: concern for security. What’s more, when hosting providers use Dome9 they provide customers with the ability to automate self-managed cloud server security, eliminating server lockouts, driving down support costs and providing customers with greater control and a secure cloud environment.

Yet another way to lock down the internet « Michael Ellerbeck

Http://www.boutell.com/newfaq/browser/restrictie.html

One trick, in order to use a wildcard you have to type it like http://*.google.com  (you need the http:// )

2006-10-19: Internet Explorer can be configured to restrict access so that only a short list of approved sites can be accessed by anyone without a special password. Here’s how to do it.

First, though, think about your audience. This can be a useful technique for a special-purpose computer in an office. For your kids, it is less effective because kids can find ways around such limitations. They might install an alternative web browser, disable Content Advisor through the Windows Registry, or boot the computer from a CD instead. And useful research for school often involves accessing many sites you haven’t seen before. For young children, this approach may be useful, but for teenagers there’s no substitute for supervision and education.  Put their computer next to yours!

Ready to go? Great! Here’s how to lock down Internet Explorer so that only certain sites of your choosing can be accessed. In a nutshell, we’ll do it by telling Internet Explorer to:

1. Use a website “rating service” that doesn’t actually rate any sites,

2. Forbid users from accessing sites that are not rated, and

3. Add the sites we do want to our private list of “Approved Sites” that can be accessed even though they are not rated.

1. Start Windows Notepad. Follow these steps:

Start Menu -> All Programs -> Accessories -> Notepad

Alternatively, right-click on the desktop (not an icon, on a blank area of the desktop), select “New,” and select “Text Document.”

2. Copy and paste the following into Notepad (everything within the parentheses). This is the rating service code for our special rating service that hates everything!

Then click “Always.” You don’t need the “Never” button as all other sites are already forbidden. You can use the “Remove” button if you add the wrong site by mistake.

22. Repeat step 21 for as many sites as you wish. You can add more sites later, here in the Content Advisor or via the dialog box that pops up when a user tries to access an unapproved site (only with your password, of course).

23. Click “OK” again to dismiss “Internet Options.

Windows 7 Annoyances

Fixing Windows XP annoyances, how to fix the most annoying things about the Windows OS

Windows Vista annoyances

Combating spyware in the enterprise

Countdown to Lockdown, A Hardcore Journal