Task 7.2: Using Internet Explorer Security Zones

Internet Explorer uses a simple concept to provide you with security when surfing the Internet: security zones. Security zones allow users to set levels of security based on the trust level of the site. With a fully trusted site, you will probably want to let all types of web content execute. With untrusted sites, you may want to block active content or prompt the user before the content is allowed to execute.

Scenario

Your manager has been reading up on the various ways that computers can become infected with malicious code. His main concern is the web access that most of the company’s end users have. He has asked you to come up with a simple way to control active web content and block this activity to all but a few trusted sites.

Scope of Task

Duration

This task should take about 10 minutes.

Setup

For this task, you need a Windows computer, access to the Administrator account, and an Internet connection.

Caveat

While increasing security can better secure a computer, it also can reduce usability and add a layer of complexity for users attempting to view active web content.

Procedure

In this task, you will learn to configure Internet Explorer security zones.

Equipment Used

For this task, you must have:

  • A Windows XP, Windows Vista, or Windows 7 computer
  • Access to the Administrator account
  • An Internet connection

Details

This task will show you how to configure Internet Explorer security zones to reduce the threat of Internet-based malicious code. Zones have flexibility in allowing various levels of security.

To configure Internet Explorer security zones, follow these steps:

1. Open Internet Explorer. Then choose Tools ⇒ Internet Options.

2. Click the Security tab. You will notice four icons at the top of the page:

Internet This includes all websites that are not contained in any of the following categories.

Local Intranet These are websites that your organization manages and are internal.

Trusted Sites These are trusted websites that must be specified by address.

Restricted Sites These are untrusted sites that have strict security settings applied.

These categories allow websites to be segregated. As an example, websites located within your company would be given a higher level of trust than those outside the organization.

3. On the Security tab, select the Internet globe icon. This will allow you to configure the settings for this category of websites. The following settings are available:

High This is the highest setting. Many websites will not display content at this setting.

Medium-High Notice that this is the default setting as Microsoft feels that it offers a good balance between usability and security. This setting offers some security, as most content will run only after prompting.

Medium This setting offers little security, as most content will run without prompting. However, it does block unsigned ActiveX controls from being downloaded.

Low There is no real protection at this level and it should be used only for sites you fully trust.

image
image

Even on a High security setting, it may still be possible for a user to download content from a site and run it locally. Doing so would bypass security controls and allow the malware to execute.

4. Click the Custom Level button at the bottom of the page. This will allow you to make specific changes to the profile.

image

5. In the Security Settings dialog box, change Run Components Not Signed With Authenticode to Disable. Next, change Run Components Signed With Authenticode to Prompt. Click OK to save these changes and complete the changes needed for the Internet zone.

6. Choose the Local Intranet icon at the top of the page, then click the Sites button.

7. Verify that the Local Intranet settings are checked for the following:

  • Include All Local (Intranet) Sites Not Listed In Other Zones
  • Include All Sites That Bypass The Proxy Server
  • Include All Network Paths (UNCs)

After verifying these options are checked, close the Local Intranet window.

image
image

Network paths, or Universal Naming Convention (UNC) paths, are treated as local sites. These usually take the form of \company_servershareschedule.htm and are used for network files that are included in the Local Intranet zone.

8. Click the Trusted Sites icon and click the Sites button. The Trusted Sites window is where you can add or remove websites that you trust and that have a low level of security applied.

9. Add www.thesolutionfirm.com to the list of trusted sites and then close the Trusted Sites window.

image

10. Click the Restricted Sites icon and click the Sites button. This will allow you to add sites that could potentially damage or harm the computer.

11. With the Restricted Sites window open, add www.thewhitehouse.com to the list of restricted sites.

12. Once this site has been added to the Restricted Sites window, you can click OK and then close the Internet Options dialog box.

Criteria for Completion

You have completed this task when you have used Internet Explorer security zones to add a site to the trusted list and blocked access to a restricted site.

..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.
Reset
3.136.234.229