1 / 27

Microsoft ® Office 2007 Training

John Deere presents:. Microsoft ® Office 2007 Training. Security II: Turn off the Message Bar and run code safely. Who is this course for?. Developers of code (macros) for use at Deere Users of that code We’re assuming you already know how to create and/or run macros. Course Goals.

palani
Download Presentation

Microsoft ® Office 2007 Training

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. John Deere presents: Microsoft® Office 2007 Training Security II: Turn off the Message Bar and run code safely

  2. Who is this course for? • Developers of code (macros) for use at Deere • Users of that code • We’re assuming you already know how to create and/or run macros. Security II: Turn off the Message Bar and run code safely

  3. Course Goals • Understand how Office 2007 protects users from potentially malicious code • Developers will know how to obtain a Code Signing Certificate at Deere and how to add the digital signature to their work • Users learn how to add a digital certificate to their list of trusted publishers Security II: Turn off the Message Bar and run code safely

  4. Lesson Developers: Getting a Digital Certificate at Deere

  5. Run macros and other code safely Imagine you’ve created a macro — an automated set of instructions — for one of your Microsoft Office Word documents. Your co-workers like using the file, but every time they run it they have to use the Message Bar and a security dialog box before the macro can run. They’d love to just open the file without having to deal with the Message Bar and a security dialog box. Security II: Turn off the Message Bar and run code safely

  6. Overview: When a source is trustworthy Whenever you open a file that contains code such as a macro, ActiveX control, or add-in, Office disables the code, and you have to use the Message Bar to enable the blocked content. Why does Office do this? Because macros can be a source of malicious code. Why turn off the Message Bar? Because you can save yourself and your co-workers a lot of time. Security II: Turn off the Message Bar and run code safely

  7. Getting a Digital Certificate at Deere Who needs a digital certificate? Developers of applications and code that are used internal to the Deere network on computers in the JDNet domain. Benefits for developers?A single digital certificate can be used to sign multiple projects. Your code can be ‘trusted.’ Where can the certificates be used? On all Microsoft operating systems (including Office products) and IE browsers in the JDNet domain. Security II: Turn off the Message Bar and run code safely

  8. Computer Security Policy Regarding Macros Unsigned or untrusted code requires interaction Macro security is set to medium in Office 2003 and Office 2007 Macro settings are enforced by group policy Security II: Turn off the Message Bar and run code safely

  9. How to request a Digital Certificate Developers must be a member of their units’ G##_Code_Signing_Certs group which is in turn nested in L90_Code_Signing_Certs group. Developers can request group membership by contacting the helpdesk and asking for membership in their unit’s code signing certificate group. See the EDS KB article “How to Enroll for an Internal Code Signing Certificate” at http://edskb.deere.com for details. Security II: Turn off the Message Bar and run code safely

  10. II’s: Request a Unit Digital Certificate Group If a unit does not have a code signing certificate group, one can be requested. II’s put in a ticket for creation of G##_Code_Signing_Certs group which is in turn nested in L90_Code_Signing_Certs group. II’s should manage the group. Again, see the EDS KB article “How to Enroll for an Internal Code Signing Certificate” at http://edskb.deere.com for details. Security II: Turn off the Message Bar and run code safely

  11. User benefits of Digital Certificates A digital certificate can be ‘trusted’ by users (added to list of trusted publishers). Once the publisher is trusted, the user will no longer be prompted for macros and automation signed by the certificate that they have chosen to trust. In other words, trusting the publisher allows users to turn off the Message Bar and run code safely. Security II: Turn off the Message Bar and run code safely

  12. Lesson Developers: How to sign your code with your digital certificate.

  13. Is Developer Tab Available? In Office 2007, you must be able to view the Developer tab on the ribbon to code or sign macros Open the Office document that has the macro(s) you want to sign Click the Office Button on the ribbon -- Excel Options – Show developer tab in Ribbon. Click OK. Select Visual Basic Editor (or press ALT + F11). Security II: Turn off the Message Bar and run code safely

  14. Developers: How to Digitally Sign Code Find the certificate In the Visual Basic Editor Window, Click Tools – Digital Signature. This will display the VBA project to be unsigned or signed by another certificate. Click Choose if [No Certificate] is displayed. Otherwise click remove and select another certificate. Security II: Turn off the Message Bar and run code safely

  15. Developers: How to Digitally Sign Code Attaching the certificate If your user profile has been issued a Code Signing Certificate via AutoEnrollment, then will see a certificate named “Code Signing Certificate”. Select the certificate you want to use and click OK. The Digital Signature screen shows that the VBA project has been signed. Click OK. Close the Visual Basic Editor, save the file and close it. The macro is now signed. Repeat this process for each file with a macro to be signed. Security II: Turn off the Message Bar and run code safely

  16. Questions On Developer steps to sign a macro?

  17. Myth Busting: Macro-style Myth: Macros don’t work in Office 2007. Busted: Lots of users are missing the fact that they have to use the Message Bar to enable the blocked content. Myth: Macro security is higher in Office 2007. Busted: It’s set to MEDIUM – the same as Office 2003. DID YOU KNOW? You don’t have to enable macros to be able to see the content of a file that contains macros. Security II: Turn off the Message Bar and run code safely

  18. Lesson Users: Run macros and other code safely

  19. Trust a digital certificate You “trust” a digital certificate by adding it to your list of trusted publishers. It’s a straightforward process, but remember you don’t see the commands discussed here unless you open a file that contains signed code. If a file contains unsigned code, you can enable it, but not trust it permanently, which means you’ll see the message bar every time you open the file. Security II: Turn off the Message Bar and run code safely

  20. Trust a digital certificate How to “trust” a digital certificate. When you open a file that contains code, the Message Bar displays a security warning, indicated by the shield on the left. Click Options. That starts the Security Warning dialog box. Security II: Turn off the Message Bar and run code safely

  21. Trust a digital certificate You “trust” a digital certificate by adding it to your list of trusted publishers. If the code is signed, you can click Trust all documents from this publisher, and then click OK. Security II: Turn off the Message Bar and run code safely

  22. Questions On user steps to trust a Digital Certificate?

  23. Remove a digital certificate As a rule, you should check your list of trusted publishers regularly, and remove any invalid certificates. Certificates that come from large corporations, such as Verisign, are updated automatically and you almost never need to remove them. However, self certificates do expire. They can also become invalid for a variety of reasons, such as when someone tampers with a macro. Security II: Turn off the Message Bar and run code safely

  24. Remove a digital certificate So it’s a good idea to keep your list of trusted publishers up to date. Click the Microsoft Office button, and then click the program’s Options button. For example, if you’re working in Word, click Word Options. Click Trust Center, and then click Trust Center Settings. Security II: Turn off the Message Bar and run code safely

  25. Remove a digital certificate So it’s a good idea to keep your list of trusted publishers up to date. Click Trusted Publishers, click the certificate you want to remove, and then click Remove. Security II: Turn off the Message Bar and run code safely

  26. Self Certificates: Not Recommended Self certificates aren’t valid for your co-workers or other users because they haven’t been authenticated by a certificate authority, and therefore are not recommended for use at Deere. Security II: Turn off the Message Bar and run code safely

  27. End of Presentation

More Related