When setting the security settings in any browser there are going to be some sacrifices made if you want to manage a tight security program. The following will explain the settings and sacrifices by item.
One of the things that Microsoft has done in order to reduce loss of functionality for security minded users is to allow different security settings for different classifications of sites. This way, we can enjoy the full featured display of sites that we know we can trust, while those we are unsure of can remain restricted in their functionality and thereby reduce the risk of being invaded by hostile code.
To get to these zones, open IE, on your tool bar select Tools, then Internet Options, and then select the Security tab.
The Security Zones in IE is comprised of 4 Zones; Internet, Local Intranet, Trusted Sites, and Restricted Sites. Each Zone has it's own separate default settings (security level) and each can be adjusted to suit your needs.
Internet Zone
This zone consists of the all the sites on the world wide web that you have not specifically included in any of the other three zones.
If you have selected the Internet Zone and clicked on the "Default Settings" button you should see a slider set at the default level of "Medium". If you move this slider up or down you will see an synopsis of how that level of security will affect your use.
Remember, this is general web site security, sites that you have NOT included in other zones.
Local Intranet Zone
The settings in this zone are used for sites that are in your local computer or on your company's local network servers. The security settings for this zone come with default setting of "Medium Low".
Other than changing the security setting, you can change the way this zone recognizes what sites belong in the zone. If you select the Local Intranet Zone from your main Security tab, then click on "Sites" you will see another box appear that looks like this.
A check in the "Include all local (Intranet) sites that are not listed in other zones" will include all sites on your own computer and sites that do not contain a dot such as .com, .org, or .net. This is due to the fact that local network sites are accessed via a computer name.
A check in the "Include all sites that bypass the proxy server" will only have an effect if you use a proxy server. In this case it will include sites that are not accessed through the proxy server.
A check in the Include all network paths (UNCs) will allow you to include web sites in this zone that you add by clicking on the advanced tab, and adding the web site using the Universal Naming Convention. That means by adding the site address, either by www.sitename.com, by \\sitename\pagename, or by //filename.
If you mark the "Require server verification (https:) for all sites in this zone", then you will only be able to access sites that this zone includes using a secure connection (SSL).
Trusted Sites
This zone is for sites that are highly trusted and functional. If you need minimal security for a site with active content and you are sure that it can be trusted then add the site to this zone.
The default security setting for this zone is low and sites must be added to it if you are going to use it. By selecting the "Trusted Sites" zone and then clicking on the "Sites" button, you can add each site that you want to be subject to these security settings.
Restricted Sites Zone
This zone is for sites that you may visit but know, or believe, contain suspicious hostile code of one kind or another. The default setting for security in this zone is "High", and sites may be added the same as in the "Trusted Sites Zone".
By properly utilizing the zones in IE you can maintain a good level of security while maintaining a rich experience on the Internet. The key is in the proper configuration of each zone, and the proper inclusion of sites in their respective zones.
Custom Level
Each of the above zones includes a "Custom Level" button. The slider settings of Low, Medium-low, Medium, and High, change the settings within this area but if you want to be extra selective you can change several security features manually.
Note: by Kleenedge
This article was originally published by CyberArmy.net in the CyberArmy Library.
|
|