Page 334 - StudyBook.pdf
P. 334

318    Chapter 5 • Communication Security: Web Based Services

                      loaded, and the user is prompted before downloading potentially unsafe
                      content.

                  ■   Medium-High, which is the default setting for the Internet zone, as it is
                      suitable for most Web sites. Unsigned ActiveX content isn’t downloaded,
                      and the user is prompted before downloading potentially unsafe content.

                  ■   High, which is not only the default level for Restricted Sites, it is the only
                      level available for that zone. It is the most restrictive setting and has a min-
                      imum number of security features disabled.

                 Custom security levels can be defined to exactly fit the security restrictions of
             an environment.There are numerous individual security controls related to how
             ActiveX, downloads, Java, data management, data handling, scripting, and logon are
             handled.The most secure configuration is to set all zones to the High security
             level. However, keep in mind that increased security means less functionality and
             capability.
                 The Privacy tab defines how IE manages personal information through
             cookies.As seen in Figure 5.15, the Privacy tab offers a slide controller with six set-
             tings ranging from full disclosure to complete isolation.These settings are only
             applicable to the Internet zone, and include the following levels:

                  ■   Accept All Cookies, which allows cookies from any Web site to be saved
                      on the computer, and any cookies already on the computer to be read by
                      the sites that created them.
                  ■   Low, which blocks third-party cookies that don’t have a compact privacy
                      policy, as well as restricting third-party cookies that don’t have your
                      implicit consent to store information that contains information that could
                      be used to contact you without explicit consent.
                  ■   Medium, which is the default level.This level blocks third-party cookies
                      that don’t have a compact privacy policy, as well as blocking third-party
                      cookies that don’t have your explicit consent and restricting first party
                      cookies that don’t have your implicit consent to store information that
                      contains information that could be used to contact you without explicit
                      consent.

                  ■   Medium-High, which blocks third-party cookies that don’t have a com-
                      pact privacy policy, and first- and third-party cookies that store informa-
                      tion that contains information that could be used to contact you without
                      explicit consent.



          www.syngress.com
   329   330   331   332   333   334   335   336   337   338   339