Page 332 - StudyBook.pdf
P. 332
316 Chapter 5 • Communication Security: Web Based Services
damage. If the threat from the vulnerability is minimal, it is often safer to
wait and experience the problem that a patch is designed to address before
deploying a questionable patch.
Securing Web Browser Software
Although the same general principles apply, each of the popular Web browser pro-
grams has a slightly different method to configure its security options.To illustrate
some of the settings available in a browser, we’ll look at how to make changes in IE
7, and see how to turn off features that allow security holes to be exploited.To find
information on how to secure other browsers available on the Internet, you can
visit their individual Web sites and refer to the browser documentation to deter-
mine which options are available and how to properly configure them.The Web
sites for other popular browsers include:
■ Konqueror www.konqueror.org
■ Mozilla Firefox www.mozilla.com/en-US/firefox/
■ Mozilla Suite www.mozilla.org/products/mozilla1.x
■ Netscape http://browser.netscape.com
■ Opera www.opera.com/support/tutorials/security
EXAM WARNING
For the Security+ exam, you will not be expected to know how to set
specific settings on your Web browser, but you will be expected to know
what will be exploited if you do not set such settings.
Securing Microsoft IE
Securing Microsoft IE involves applying the latest updates and patches, modifying a
few settings, and practicing intelligent surfing. Microsoft routinely releases IE-spe-
cific security patches, so it is important to visit the Windows Update site regularly.
You can visit this site at http://windowsupdate.microsoft.com, or by clicking the
Windows Update menu item on IE’s Tools menu.As we mentioned earlier in
this chapter, this constant flow of patches is due to both the oversights of the pro-
www.syngress.com
