Exercise
UNIT 10: Internet Explorer: Security Table of Contents
2. Click the Local intranet zone
3. Click Sites, and then select the following check boxes that apply.
Include all local (intranet) sites not listed in other zones.
Intranet sites, such as http//local, have names that do not include dots. In contrast, a site name that does contain dots, such as http://www.microsoft.com, is not local. This site would be assigned to the Internet zone. The intranet site name rule applies to File URLs as well as HTTP URLs.
Include all sites that bypass the proxy server. Typical intranet configurations use a proxy server to gain access to the Internet but have a direct connection to intranet servers.
The setting uses this kind of configuration information to distinguish intranet from Internet content. If your proxy server is configured otherwise, you should clear this check box and then use other means to designate the Local intranet zone membership. For systems without a proxy server, this setting has no effect.
Include all network paths (UNCs). Network paths (for example, \ \ servername \ sharename \ file.txt) are typically used for local network content that should be included in the Local intranet zone. If some of your network paths should not be in the Local intranet zone, clear this check box and then use other means to designate the Local intranet zone membership.
In certain common Internet File system (CIF S) configurations, for example, it is possible for a network path to reference Internet content.
Click Advanced
Type the address of the site you want to include in this zone, and then click Add
To require that server verification be used, select the Required server verification (https:) for all sites in this zone check box.
After the Local intranet zone is confirmed to be secured, consider changing the zone's security level to Low so that users can perform a wider range of operations. You can also adjust individual security settings by using the Custom level of security for this zone. If parts of your intranet are less secured or otherwise not trustworthy, you can exclude the sites from this zone by assigning them to the Restricted sites zones.
3.4 Trusted and Restricted Sites Zones
You can add trusted and untrusted Web sites to the trusted sites and restricted sites security zones.
These two zones enable you to assign specific sites that you trust more or less than those in the Internet zone or the Local intranet zone. By default, the Trusted sites zone is assigned the Low security level. This zone is intended for highly trusted sites, such as the sites of trusted business partners.
If you assign a site to the Trusted sites zone, the site will be allowed to perform a wider range of operations. Also, Internet Explorer will prompt you to make fewer security decisions. You should add a site to this zone only if you trust all of its content never to perform any harmful operations on your computer. For the Trusted sites zone, Microsoft strongly recommends that you use the Hypertext Transmission Protocol Secure (HTTPS) protocol or otherwise ensure that connections to the site are completely secure.
By default, the Restricted sites zone is assigned the High security level. If you assign a site to the Restricted sites zone, it will be allowed to perform only minimal, very safe operations. This zone is for sites that you do not trust. Because of the need to ensure a high level of security for content that is not trusted, pages assigned to this zone might not function or be displayed properly.
Exercise 3
Distinguish between trusted and untrusted Zones.
Sites in the trusted zones are allowed to perform a wider range of operations while sites from untrusted zones are allowed to perform only minimal, and safe operations.
3.5 Domain Name Suffixes
You can address Web content by using either the DNS name or the Internet Protocol (IP) address.
You should assign sites that use both types of addresses to the same zone. In some cases, the sites in the Local intranet zone are identifiable either by their local names or by IP addresses in the proxy bypass list. However, if you enter the DNS name but not the IP address for a site in the Trusted sites or Restricted sites zone and the site is accessed by using the IP address that site might be treated as part of the Internet zone.
To set up this capability, you must add the domain name suffix for TCP/IP properties to the domain suffix search order.
To add the domain name suffix for TCP/IP properties to the domain suffix search order in Microsofta Windows XPa and Windowsa 2000
In Microsoft windows XP or Windows 2000, right-click the My Network Places icon, and then click Properties.
Right-click the appropriate network connection, and then click Properties.
On the General tab (for a local area connection) or the Networking tab (for all other connections), click Internet Protocol (TCP/IP), and then click Properties
Click Obtain DNS server address automatically If it is not already selected.
Click Advanced, and then click the DNS tab.
Clic k Append th ese D NS suff ixes (in o rder), an d then click Add
Type the domain suffix, and then click Add
To add the domain name suffix for TCP/IP properties to the domain suffix search order in Windows 98.
In Microsofth windows 98d, right-click the Network Neighborhood desktop icon, and then click Properties.
On the Configuration tab, click TCP/IP, and then click Properties.
Click the DNS Configuration tab, and then select Enable DNS if it is not already selected.
In the Domain Suffix Search Order box, add the search order that you want.
It is important to set up security zones correctly for this capability. By default, the URL, without dots (http://sample) is considered to be in the Local intranet zone, and the URL with dots (http://
sample sharon.com) is considered to be in the Internet zone. Therefore if you use this capability and no proxy server bypass is available to clearly assign the content to the proper zone, you need to change the zone settings.
Depending on whether the content accessed by the domain name suffix is considered intranet or Internet content, you need to assign the ambiguous site URLs to the appropriate zones. To assign URLs, such as http://sample to the Internet zone, clear the Include all local (intranet) sites not listed in other zones, check box for the Local intranet zone, and include the site in the Internet zone.
3.6 Custom Level Settings
The Custom Level button on the Security tab gives you additional control over zone security. You can enable or disable specific security options depending on your needs and its users.
The Custom level security options for Internet Explorer are grouped into the following categories.
M ic ro sof ta Active ra c ontro ls an d plu g -in s
D o w n l o a d s
M i c r o s o f t V M
M i s c e l l a n e o u s
S c r i p t i n g
U s e r A u t h e n t i c a t i o n
Exercise 4
What is the advantage of using Custom Level Settings?
As discussed, the custom level setting allows you to make your own security settings depending on your needs and use.
4.0 Conclusion
When you set up the security zone, you can specify the URL categories in addition to specific sites in the zone you trust. You can place individual URLs or entire domains in the Trusted sites zone. For other sites on the Internet that are known to be sources of potentially harmful Web content, you can select the highest restrictions.
5.0 Summary
In this unit, we discussed how you can manage your security zone settings through the automatic browser configuration feature of Internet Explorer. We also discussed how you can add trusted and untrusted Web sites in your security zone.
6.0 References and Suggestion for Further Reading
Widernet Project, http//www.widernet.org Microsoft Windows, http//www. Microsoft.com
7.0 Tutor-Marked Assignment
Question
Explain why you would want to download a web page and state the procedure for it.