Microsoft и новиот Office 2007 сигурносен водич

[LiquidWorm]

Microsoft helps firms secure Office 2007

Office 2007 Security Guide automates security settings through Active Directory

Microsoft is scheduled to release a tool and documentation that helps businesses to better tweak the security settings of Office 2007.

The Office 2007 Security Guide is slated for on Tuedsay at the Microsoft TechEd conference in Barcelona. In addition to detailed documentation of the security settings that are available in Office 2007, the programme also offers a Group Policy Object Accelerator, a free tool that allows administrators to change and set security policies across users through Active Directory.

Where previous versions of Microsoft Office allowed users to apply broad ranging security settings, Office 2007 introduced features that can be controlled at a granular level. The application offers 1,500 settings, 300 of which relate to security.

In previous versions of Office, administrators could enable or disable macros. Macros are considered a potential security risk, but many firms rely on them to automate tasks.

Office 2007 therefore supports trusted folders, where administrators can place documents that are pre-approved to be use macros. Or they can allow macros in Excel only, or for employees in a certain group.

Administrators or security architects can also block access to certain web services. Office 2007 for instance offers an automated translation tool that relies on internet access, and therefore could be perceived as privacy risk.

"The idea is to make security approachable to everyone," Joshua Edwards, technical product manager for Microsoft Office told vnunet.com.

"It is hard to configure what you are not aware of. It's about understanding what your options are and how you can implement those together."

The Group Policy Object Accelerator offers two choices of basic settings that are based on common security situations. The Enterprise Client settings will appeal to most businesses, while highly secure operations are expected to go for the so-called Specialized Security Limited Functionality settings.

Users seeking even more granular control can dive in even deeper and adjust each of the 300 security settings to fit their needs. The documentation that accompanies the tool will point out any interdependencies between settings.

Microsoft offers similar tools for Windows Vista and Windows XP. Edwards said that the software developer has been approached by client management software vendors. Companies like Altiris or LANdesk would be interested in automating the security settings through their management software as well.

Извор: http://www.vnunet.com/vnunet/news/2203266/microsoft-helps-firm-security

 

[LiquidWorm]

http://www.microsoft.com/technet/security/guidance/clientsecurity/2007office/default.mspx

2007 Microsoft Office Security Guide Components

The 2007 Microsoft Office Security Guide consists of the following components:

• Executive Overview. This document summarizes for business and technical managers how the guidance and tools in this Solution Accelerator can benefit your organization.

• Security Guide. This guide describes the security model for the 2007 Microsoft Office release as well as new security features and functionality. It includes recommended guidelines and best practices for implementing security settings for two different environments—an Enterprise Client (EC) environment, which seeks to balance functionality and security and is appropriate for most organizations, and the Specialized Security – Limited Functionality (SSLF) environment, which is only appropriate for organizations that require very strong security at the expense of application functionality. SSLF settings restrict some application features.

• Threats and Countermeasures. This guide is a comprehensive technical reference that explains the security and privacy settings for the six referenced applications, their recommended configurations, and which threats they address. It also contains Common Configuration Enumeration (CCE) IDs for all the settings. CCE provides identifiers to system configurations to facilitate fast and accurate correlation of configuration data across multiple information sources and tools.

• Security Settings spreadsheet. This Office Excel spreadsheet lists security settings for the six referenced applications and their recommended configurations for the EC and SSLF environments, as well as Common Configuration Enumeration (CCE) IDs for all the settings.

• GPOAccelerator. This tool helps you automatically deploy security configurations for the 2007 Microsoft Office release across your organization. It can also be used to deploy security settings for Windows® XP and Windows Vista®.