SECURITY TO THE CORE

Configuring Internet Explorer Advanced Security Settings:- A Step-By-Step Guide


Many Internet users are weary of compromising financial, personal & confidential data when browsing the Internet. How can properly using & configuring the internet browser mitigate this risk?

Today i will gonna explain how to configure Internet Explorer for a more secure online experience.

There might be some confusion to the readers as to which Internet Explorer security settings I am referring here, so let me clear about this. The security settings I am referring are under the Tools – Internet Options menu within Internet Explorer. Once you get the Internet Options dialog box open, you can then click on the Advanced tab. Under the Advanced tab, you have to scroll down until you see the Security section..

In this Security Section, There are some settings that can be configured in Internet Explorer to make the browsing experience more secure. Other web browsers have similar settings but this article will focus on how Internet Explorer can be configured to use Internet Phishing, Internet Active X Controls and Privacy Settings.

Difficulty: Average

Time Required: 10 Minutes

Allow Modifying the “Internet Explorer” Advanced Security Settings

Please be aware that these security settings will reduce  your risk, but will not eliminate all the threats. Of course, Common sense and a healthy dose of suspicion are still called for when browsing unknown sites. Complacency and carelessness are your worst enemies in the battle to maintain your privacy and security online.

1. Allow active contents from CD’s to run on my computer.

Active content includes Active X controls and web browser add-on used by many Internet Web sites. These programs are typically blocked because they can malfunction or attackers can compromise your Internet browser and can perform tasks on your computer without your knowledge.

Default Setting: Not checked
Recommended: Not checked

2.  Allow active contents to run files on my computer.

Same as above, except from files instead of from a CD

Default Setting: Not checked
Recommended: Not checked

3Allow software to run or install even if the signature is invalid.

By default, Windows blocks the installation of signed code if it has an invalid digital signature. Code with invalid signatures cannot be installed. This helps keep the application or installation “true” and helps you determine if the application or installation is a fake.

Default Setting: Not checked
Recommended: Not checked

4. Check for publisher’s certificate revocation.

A certificate needs to be revoked due to a compromised private key or the certificate has expired. This setting will gonna first check for the certificate on the revocation list before it allows it to be used.

Default Setting: Checked
Recommended: Checked

5. Check for server certificate revocation.

Default Setting: Checked
Recommended: Checked

6. Check for signatures on downloading programs.

Often a certificate needs to be revoked due to a compromised private key or the certificate has expired. This setting will gonna first check for the certificate on the revocation list before it is allowed to be used.

Default Setting: Checked
Recommended: Checked

7. Do not save encrypted pages to disk.

If data from an HTTPS Web site connection is saved to your disk, this will pose a potential attacker to access the data via the saved data in the Temporary Internet folder. Of course, it is more efficient and faster to save this data to the disk for future access to the Web site. Not saving this encrypted data is far more secure than allowing it to be saved.

Default Setting: Not Checked
Recommended: Checked

8. Empty temporary files folder when browser is closed.

The temporary files folder for Internet Explorer stores a lot of data from each site that you visit. This information is saved on your Hard disk for faster access the next time when you visit that site. However, worms, viruses, and other malicious items can be stored along with the good Web site data. Therefore, clearing out the files on a regular basis is a far more secure configuration than allowing it to be stored on your Hard Disk Drive.

Default Setting: Not Checked
Recommended: Checked

9. Enable DOM storage.

DOM (aka Document Object Model) Storage is designed to provide a larger, securer, and easier-to-use alternative to storing information in the form of cookies. DOM is also used for programs like JavaScript to provide dynamic websites and deliver customized web pages for the users. This behavior should not be allowed until and unless DOM storage is necessary for the business task on the Internet.

Default Setting: Checked
Recommended: Not Checked

10. Enable Integrated Windows Authentication.

Forces IE to use Kerberos or NTLM for authentication, instead of using anonymous, Basic authentication, or Digest.

Default Setting: Checked
Recommended: Checked

11. Enable memory protection to help mitigate online attacks.

This option controls whether or not Internet Explorer uses D.E.P (Data Execution Protection), which helps to protect your computer from ill-behaving applications that could harm your computer system.

Default Setting: Not Checked
Recommended: Checked

12. Enable native xmlhttp support.

Used by many companies as a standard today to provide dynamic control over data via many Web sites.

Default Setting: Checked
Recommended: Checked

13. Phishing Filter.

The Phishing Filter Add-in offers access to a new dynamic online service, updated several times an hour, to warn you and help protect your personal information from the fraudulent Web sites by Scanning Web sites you visit and issues warning you if they are potentially suspicious. This Add-in Dynamically check the Web sites you visit with up-to-the-hour online information via an online service run by Microsoft and blocking you from sharing personal information if a site is a known phishing Web site.

Default Setting: Not Checked
Recommended: Checked (Turn on automatic website checking)

13. Use SSL 2.0

SSL stands for Secure Sockets Layer. It is a type of encryption, a method of communication that is protected by scrambling information in a way that can only be read with a unique key. When you shop online or sign up for a membership that requires sensitive information such as a credit card number or Social Security number, Internet Explorer uses a secure connection that uses Secure Sockets Layer (SSL) technology to encrypt the transaction. SSL 2.0 is an outdated version of this encryption that has been replaced with SSL 3.0 and TLS (Transport Layer Security).

Default Setting: Not checked
Recommended: Not checked

14. Use SSL 3.0

Same as Use SSL 2.0, but this is the newer version of SSL.

Default Setting: Checked
Recommended: Checked

14. Use tls 1.0

The TLS protocol allows client/server applications to communicate across a network in a way designed to prevent eavesdropping, tampering, and message forgery. TLS provides endpoint authentication and communications confidentiality over the Internet using cryptography. TLS (Transport Layer Security) 1.0 is used when visiting SSL Web sites to protect and encrypt the data and connection.

Default Setting: Checked
Recommended: Checked

14. Use tls 1.1

TLS 1.1 was updated from the previous version 1.0. It is used when visiting SSL Web sites to protect and encrypt the data and connection. Enable only if you know the Web site supports this version of TLS.

Default Setting: Not checked
Recommended: Not checked

14. Use tls 1.2

TLS 1.1 was updated from the previous version 1.2  TLS  1.2 is used when visiting SSL Web sites to protect and encrypt the data and connection. Enable only if you know the Web site supports this version of TLS.

Default Setting: Not checked
Recommended: Not checked

15. Warn about certificate address mismatch.

Provides you the warnings when the certificate for a Web site is not matching the Web site for which it is being used.

Default Setting: Checked
Recommended: Checked

16. Warn if changing between secure and not secure mode.

If any Web site have a mixture of HTTP and HTTPS links, or you are being sent from an HTTPS site to a non-secure HTTP site,  the you will be immediately warned about this.

Default Setting: Not Checked
Recommended: Checked

17. Warn if POST submittal is redirected to a zone that does not permit posts.

This setting will warn you, if you are working on a form on the Internet that redirects you to an address that is different from the one that is hosting the form. This will help you to prevent your information or browser from being redirected to a non-secure website.

Default Setting: Not Checked
Recommended: Checked

Conclusion

The Advanced Security settings for Internet Explorer are very well detailed and can help you to protect computer system and the entire network from various attacks and vulnerabilities. Using them in correct form can make all the difference from a more secured computer and one that is not very well secured at all.

This completes the Internet Explorer Advanced tab Security Settings tutorial.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s