|
IE has the ability to provide a secure browsing experience. But it's the responsibility of the organization or the user to configure it properly. Most Web browsers offer the option of controlling a wide variety of potential security issues and annoyances, yet each browser takes a different approach to handling these issues. Let's take a look at the method that Microsoft's Internet Explorer (IE) uses to provide a secure browser experience. When it comes to the newer versions of Windows (including Windows XP, Windows Server 2003, and Windows 2000), IE 6 is an extension and integral part of the operating system. Using IE 6, you can block pop-ups, disable Java and ActiveX controls, and protect yourself from cross-site scripting. You can access these options by going to Tools | Internet Options in Internet Explorer and selecting the Security tab. This area also allows you to configure security zones for different levels of trust for different Web sites. The security settings you select here control the security for each zone. Here's a look at the default security settings for IE. Security option | Low | Medium-Low | Medium | High | | ActiveX Controls | | Download signed ActiveX controls | Enable | Prompt | Prompt | Disable | | Download unsigned ActiveX controls | Prompt | Disable | Disable | Disable | | Initialize and script ActiveX controls not marked as safe | Prompt | Disable | Disable | Disable | | Run ActiveX controls and plug-ins | Enable | Enable | Enable | Disable | | Script ActiveX controls marked safe for scripting | Enable | Enable | Enable | Disable | | Downloads | | File download | Enable | Enable | Enable | Disable | | Font download | Enable | Enable | Enable | Prompt | | Miscellaneous | | Access data sources across domains | Enable | Prompt | Disable | Disable | | Allow META REFRESH | Enable | Enable | Enable | Disable | | Display mixed content | Prompt | Prompt | Prompt | Prompt | | Don't prompt for client certificate selection when no certificates or only one certificate exists | Enable | Enable | Disable | Disable | | Drag and drop or copy and paste files | Enable | Enable | Enable | Prompt | | Installation of desktop items | Enable | Prompt | Prompt | Disable | | Launching programs and files in an IFRAME | Enable | Prompt | Prompt | Disable | | Navigate sub-frames across different domains | Enable | Enable | Enable | Disable | | Software channel permissions | Low safety | Medium safety | Medium safety | High safety | | Submit non-encrypted form data | Enable | Enable | Prompt | Prompt | | Userdata persistence | Enable | Enable | Enable | Disable | | Scripting | | Active scripting | Enable | Enable | Enable | Disable | | Allow paste operations via script | Enable | Enable | Enable | Disable | | Scripting of Java applets | Enable | Enable | Enable | Disable | | User Authentication | | Logon | Automatic logon with current username and password | Automatic logon only in Intranet zone | Automatic logon only in Intranet zone | Prompt for user name and password |
Let's take a look at how you can best apply these default settings in each zone to ensure security:
- Internet: When it comes to security risks for your computer and your network, consider this to be the Wild West. I recommend selecting the Medium level, which disables most ActiveX content (unless signed by a trusted publisher).
- Local Intranet: This zone controls internal corporate Web pages, and you should set the security setting for Low. This provides all of the functionality that the browser has to offer with the most permissive security settings.
- Trusted Sites: This zone controls the Web sites, external to your own network, that you trust. Such sites typically include your bank, your personal e-mail site, etc. I suggest setting this zone to Medium-Low or Low if required to properly display all of the content of these select trusted sites.
- Restricted Sites: This zone addresses the Web sites that you probably shouldn't be visiting anyway. The default setting for this zone is High—and for good reason. I don't recommend modifying this setting under any circumstances.
While these are the suggested security settings, you can also modify and create a custom setting for each zone if you prefer. However, the four default settings generally provide the balance of security and functionality that you're looking for. In a corporate environment, you can deploy these settings throughout the enterprise. You can do so by using the Internet Explorer Administration Kit and deploying those settings through a package delivery system such as Systems Management Server (SMS).
|
