seguridad IT Service

Ir a contenido Ir a Estudios, Gobernanza y organización
Logo UA
Realizar búsqueda
Menú
Services
Logo IT Service   IT Service
IT Service

seguridad

SECURITY

Aims:



In Word the most usual form of entrance of virus is through the execution of the macros. However, Word has the suitable tools to limit in the possible the execution of these programs. When we received a document with macros of an entity that the system does not trust or no situated in a directory of confidence will appear the following message.

seguridad2


By defect the macros are deshabilitadas. With the options of configuration can allow his execution, but have to have care that to the deshabilitar the controls can leave step to virus and another code malintencionado.

It exists another way to execute code without deshabilitar the macros:

¿How can resolve this problem without putting in risk the teams and the data? Office Offer several options.

  1.  If the code is signed, that is to say, has applied him a digital certificate, can "trust" the certificate and add it to a list of editors of confidence. This is the safest option and the one who has to try use always.
  2.  If the code is not signed, but is sure that it can trust the editor, can place the file in a location of confidence. A location of confidence is simply a folder that designate as of confidence. When it opens a file in a location of confidence, execute the macros and other codes. However, the folders of confidence no always are safe since they can execute code malintencionado.
  3.  If it writes code for his own use, also can create a certificate autofirmado, use this certificate to sign the code and, afterwards, trust said certificate.


Trust a certificate

 

seguridad5

  1. When it opens a file that contains code, the bar of messages shows a warning of security, indicated by the shield of the left.
  2.  It do click in Options. It will open the picture of dialogue Warning of security.
  3.  If the code is signed, do click in Trusting all the documents of this editor and, to continuation, in Accepting.


Trust a location of confidence.

We can say him to Word that all the documents that are in a directory will be documents of confidence.


seguridad6

 

If it receives code that is not signed but is sure that it is of confidence, as a file created by a colleague, can avoid that it appear the bar of messages when executing the code in a location of confidence. A location of confidence is simply a folder designated and of confidence.

  1.  It initiate the picture of dialogue Options for his program, do click in Centre of confidence and, to continuation, in Configuration of the Centre of confidence.
  2.  It do click in Locations of confidence and, to continuation, do click in Adding new location.
  3.  It use the picture of dialogue Location of confidence of Microsoft Office to look for the folder that wishes to designate as of confidence. Like norm, this folder has to residir in the unit of local hard disk. When it finish, place the files with code without signing in the folder. The code will execute when it open the file.

It remember, the locations of confidence allow him execute code without signing, what can result dangerous. Use with care the locations of confidence; of the contrary, can put in danger his team or his data. Besides, it have care when assigning him the name to the folder in which wishes to trust. For example, it do not use names like Location of confidence or Folder of confidence. ¿Why facilitate him the life to the hackers?

 

Other characteristics of security

Office 2007 offers diverse characteristics of security from the Centre of confidence.


seguridad7

 

Note    will not be able to see all these options in all the programs of Office.

  1.  It use the page Complementos to require that all the complementos have codes signed or for deshabilitarlos completely.
  2.  It use the page Configuration of macros to establish the conditions under which execute the macros and the type of notification that will see the other users when they try to execute a macro.
  3.  It use the page Sweep of messages to show or hide the bar of messages. Unless it know what is doing, no deshabilite never the bar of messages. If the deshabilita, will not be able to execute the code.
  4. Llamada 4 It use the page Options of privacy to control diverse elements, even to control if the main program checks the files that provienen of suspicious bonds or of other sources.

Important    Unless it have some experience in security, do not modify these characteristics neither the configuration. If it modifies them, can hamper the utilisation of his team, or put in risk the team and the data. If it needs help with an option, do click in the button Helps, the question mark situated in the upper corner right of the picture of dialogue Options.