/>
X

Images: How to run Internet Explorer securely

Here are the key configuration changes you can make to disable various features and reduce the attack surface in Microsoft's Internet Explorer. This guide provides a walk-through of IE 6.0 but applies to the latest IE 7.0 as well. (This guidance was prepared and distributed by Will Dorman, vulnerability analyst at Carnegie Mellon Software Engineering Institute CERT Cordination Center).
ryan-naraine.jpg
By Ryan Naraine, Contributor on
87875.png
1 of 10 Ryan Naraine/ZDNet
Here are the key configuration changes you can make to disable various features and reduce the attack surface in Microsoft's Internet Explorer. This guide provides a walk-through of IE 6.0 but applies to the latest IE 7.0 as well.

(This guidance was prepared and distributed by Will Dorman, vulnerability analyst at Carnegie Mellon Software Engineering Institute CERT Cordination Center).

To get started, to Tools > Internet Options. Please note that these options may vary slightly depending on your browser version.

87876.png
2 of 10 Ryan Naraine/ZDNet
Click on the Security tab which shows the various IE security zones.

For each of these zones, you can select a Custom Level of protection. By clicking the Custom Level button, you will see a second window open that permits you to select various security settings for that zone.

The Internet zone is where all sites initially start out. The security settings for this zone apply to all the web sites that are not listed in the other security zones. We recommend the High security setting be applied for this zone.

By selecting the High security setting, several features including ActiveX, Active scripting, and Java will be disabled. With these features disabled, the browser will be more secure.

Click the Default Level button and then drag the slider control up to High.

87877.png
3 of 10 Ryan Naraine/ZDNet
You can click on the Custom Level button to get a more granular control over what features are allowed in the zone.

Here you can control the specific security options that apply to the current zone.

Default values for the High security setting can be selected by choosing High and clicking the Reset button to apply the changes.

87878.png
4 of 10 Ryan Naraine/ZDNet
Trusted sites is a security zone for web sites that you believe are securely designed and contain trustworthy content. To add or remove sites from this zone, you can click the "Sites" button (see next slide).

CERT/CC recommends that you set the security level for the Trusted sites zone to Medium. When the Internet Zone is set to High, you may encounter web sites that do not function properly due to one or more of the associated security settings.

This is where the Trusted sites zone can help. If you trust that the site will not contain malicious code, you can add it to the list of sites in the Trusted sites zone (see next slide).

Once a site is added to this zone, features such as ActiveX and active scripting will be enabled. The benefit of this type of configuration is that IE will be more secure by default, and sites can be “whitelisted” in the Trusted sites zone to gain extra functionality.

87879.png
5 of 10 Ryan Naraine/ZDNet
When you click on the "Sites" button (previous slide), a new window pops up that lists the sites that you trust and permit you to add or remove sites.

You may also require that only sites with Secure Sockets Layer (SSL) implemented can be active in this zone.

This permits you to verify that the site you are visiting is the site that it claims to be.

87880.png
6 of 10 Ryan Naraine/ZDNet
In the Privacy tab, you can configure settings for (text files placed on your computer to track your movements about the Web.

CERT/CC recommends that you select the Advanced button and select Override automatic cookie handling.

See next slide for instructions on how to configure this setting.

87881.png
7 of 10 Ryan Naraine/ZDNet
Select Prompt for both first and third-party cookies. This will prompt you each time a site tries to place a cookie on your computer.

You can then evaluate the originating site, whether you wish to accept or deny the cookie, and what action to take in the future (always accept, always block, or continue to ask).

87882.png
8 of 10 Ryan Naraine/ZDNet
By selecting the "Sites" button (go back two slides), you can manage the cookie settings for specific sites.

You can add or remove sites, and you can change the current settings for existing sites.

The bottom section of this window will specify the domain of the site and the action to take when that site wants to place a cookie on your computer.

You can use the upper section of this window to change these settings.

87883.png
9 of 10 Ryan Naraine/ZDNet
In the Advanced tab, you can find default settings used by all zones.

The settings contained in the Multimedia section have features that you can adjust to protect against some potential vulnerabilities. For instance, attackers may be able to track your usage or exploit the software you use to play multimedia data.

CERT/CC recommends disabling the options to play sounds and videos by unchecking these boxes.

87884.png
10 of 10 Ryan Naraine/ZDNet
Under the Programs tab, you can specify your default applications for viewing Web sites, e-mails, and other network related tasks.

You can also prevent Internet Explorer from showing you a message asking to be your default Web browser.

Related Galleries

Linux turns 30: The biggest events in its history so far
05-debian.jpg

Related Galleries

Linux turns 30: The biggest events in its history so far

31 Photos
Say hello to the early days of web browsers
netscape-shutterstock-189041855.jpg

Related Galleries

Say hello to the early days of web browsers

9 Photos
Parallels Toolbox 5.0 for Windows and Mac, in pictures
Mac Dashboard

Related Galleries

Parallels Toolbox 5.0 for Windows and Mac, in pictures

12 Photos
Parallels Toolbox 4.5 for PCs, M1 and Intel Macs
Parallels Toolbox

Related Galleries

Parallels Toolbox 4.5 for PCs, M1 and Intel Macs

39 Photos
Parallels Toolbox 4 for Windows and Mac
parallels-toolbox-show-desktop-macos-screenshot

Related Galleries

Parallels Toolbox 4 for Windows and Mac

10 Photos
How to perform a clean install of Windows 10: Here's a step-by-step checklist
00-before-you-start.jpg

Related Galleries

How to perform a clean install of Windows 10: Here's a step-by-step checklist

17 Photos
Linux survival guide: These 21 applications let you move easily between Linux and Windows
apps-for-linux-and-windows.jpg

Related Galleries

Linux survival guide: These 21 applications let you move easily between Linux and Windows

22 Photos