Slashdot Mirror

← Back to Stories (view on slashdot.org)

Ask Slashdot: How To Communicate Security Alerts?

Posted by Soulskill on from the your-computer-is-broadcasting-an-ip-address dept.

Capt.Michaels writes: "I need to start sending security alerts and warnings to employees at my somewhat sizable company. My problem: I'm not sure how to send these alerts without freaking everyone out and causing the help desk to get flooded with phone calls. For example, let's take the current Internet Explorer exploit that caused US-CERT to recommend switching browsers. I don't want everyone killing our limited help desk with ridiculous questions like, 'I downloaded $New_Browser, how can I get my toolbar? How do I bookmark things in this browser? Can you tell me which browser you recommend?' Simply put: some vulnerabilities are worth major changes, but many aren't. If we switched software every time a new vulnerability came out, we'd never get anything done. Sooner or later, a patch will come out, and everything will be back to normal. But how do I communicate to end users that they should be aware of an issue and take extra care until it's fixed, without causing panic?"

2 of 84 comments (clear)

  1. Re:My thoughts. by Anonymous Coward · · Score: 2, Informative

    Then you could sit tight waiting on a patch for your existing browser

    That patch he was waiting for? it was pushed yesterday ... FYI.

    If he followed your advice, he would have spent more time creating, testing, and implementing the scripts/GPO's you suggested, than it took to get the patch. Plus he'd get to have all the fun of hearing from the Help Desk about users who're confused by a different browser appearance, and oh, hey, where'd all of my favourites go?

    Not to mention, if the enterprise also uses GPO's to manage browser functionality / appearance / behaviour, woops, none of that on Chrome/Safari/Firefox...

    If he did ANYTHING, on Monday, he could have pushed EMET to his Windows Vista/7/8.x clients, thereby hardening all of them against not only this attack, but also most others going forward; IE11 with EMET has YET to be compromised and was the ONLY browser configuration that came out of PWN2OWN undefeated; (FWIW: If you think that's just from weak-efforts, and manage to find a way to defeat it, there's a $150,000 reward available...)

    -AC

  2. fix it at the proxy level by SethJohnson · · Score: 3, Informative
    Modify your outbound proxy rules to redirect every outbound http request that has a useragent string belonging to the affected browser. Send them to an internal HTML page that explains the security threat and provides a link to download and install the browser preferred by the organization.

    This will:
    1. Selectively communicate the issue to only the affected users.
    2. Prevent anyone on the internal network from being compromised due to this vulnerability.
    3. Prevent anyone from ignoring the 'advisory.'

    If you're not using an outbound proxy, god help you.

    --
    $5 / month hosted VPS on linux = awesome!