I don't really think there is an industry standard way to manage ActiveX
controls. Most firewall product you may come across will simply give you
the ability to either allow or block ActiveX controls. This obviously
will be of no help to you.
It also depends on wether you just want to scan what controls are access
or executed or wether you want to shut down hostile controls.
I would suspect the latter.
Have a look at FINJAN products.
Surfin Shield Xtra ( Desktop)
you can have a look either at www.portcullis-security.com or
You may simply want to protect the users data from attack. For this
there are a few interesting new products on the market,
You may want to have a squiz at 2in1 PC, 2in1 Net by Voltaire or
DataSecure 2.0 by a company called Nisista.
The FINJAN web site is quite informative for the Java / ActiveX beginer,
explaining the risks etc...
Hope this helps out, sorry about the plug, but if I don't say you may
never know. I'm not a sales man I'm a techie.
> From: Information Security[SMTP:infosec @
> Reply To: STROLAN @
> Sent: Wednesday, February 25, 1998 5:20PM
> To: 'firewalls @
> Subject: Default Firewall management of AcitveX
> > I am supporting the development an extranet and one of the dependent
> > technologies of the site is to use ActiveX. I am aware of the
> > threat/risk of both ActiveX and Java but I am curious how it is
> > managed accross various industries.
> > What is the industry 'standard' security implementation for managing
> > ActiveX?
> > What is the default configuration for firewall products with Activ-X
> > blocking capability, enabled or disabled? (please reference specific
> > firewalls.)
> > From a business perspective, what percentage of businesses and/or
> > ISP's are choosing to block it?
> > Thanks in advance.
> > Steve T.
> strolan @
com <------ Please reply to this email address.