Page 333 - StudyBook.pdf
P. 333

Communication Security: Web Based Services • Chapter 5  317

                 grammers who wrote the code and to the focused attacks on Microsoft products by
                 the malevolent cracker community. In spite of this negative attention, IE can still be
                 employed as a relatively secure Web browser—when it is configured correctly.
                    The second step is to configure IE for secure surfing. Users can do this through
                 the Internet Options, which is available to access through the Windows Control
                 Panel or through the Internet Options menu item found under IE’s Tools
                 menu of IE. If the default settings are properly altered on the Security, Privacy,
                 Content, and Advanced tabs, IE security is improved significantly.
                    Zones are defined on the Security tab, which we saw earlier in Figure 5.12.A
                 zone is nothing more than a named collection of Web sites (from the Internet or a
                 local intranet) that can be assigned a specific security level. IE uses zones to define
                 the threat level a specific Web site poses to the system. IE offers four security zone
                 options:

                      ■  Internet Contains all sites not assigned to other zones.
                      ■  Local Intranet  Contains all sites within the local intranet or on the local
                         system.The OS maintains this zone automatically.

                      ■  Trusted Sites  Contains only sites manually added to this zone. Users
                         should add only fully trusted sites to this zone.

                      ■  Restricted Sites Contains only sites manually added to this zone. Users
                         should add any sites that are specifically not trusted or that are known to
                         be malicious to this zone.

                    Each zone is assigned a predefined security level or a custom level can be cre-
                 ated.The predefined security levels are offered on a slide controller with up to five
                 settings with a description of the content that will be downloaded under particular
                 conditions.The possible available settings are:

                      ■  Low, which provides the least security, and allows all active content to
                         run, and most content to be downloaded and run without prompts.With
                         this setting, there is minimal security for users, so it should only be used
                         with sites that are explicitly trusted.

                      ■  Medium-Low, which is the default setting for the Local intranet zone,
                         and provides the same security as the Medium level except that users
                         aren’t prompted.

                      ■  Medium, which is the default level for Trusted Sites, and the lowest set-
                         ting available for the Internet zone. Unsigned ActiveX content isn’t down-




                                                                              www.syngress.com
   328   329   330   331   332   333   334   335   336   337   338