98-367 Chapter Twelve

Chapter 12: Understanding Internet Explorer Security

Topics Covered:

  • Exploring browser settings
  • Comparing security zones
  • Using IE tools to identify malicious websites
Exploring Browser Settings

Boring UI explanation of IE

Understanding IE Enhanced Security Configuration

Enabled by default and intended to provide an added layer of protection for the server by preventing many web based attacks.
It does this VIA blocking different types of web content and scripts.

Selecting Cookies Settings

Default setting of Medium. Cookies are small text files that websites place on computer to track preferences and activity.

Cookie Terms:

First-Party Cookie: placed by site you visit
Third-Party Cookie: placed by different site than the one you visited (advertisers)
Compact Privacy Policy: Summary of a companies privacy policy embedded in the web page in XML

Cookies can present risks if they store sensitive info in plaintext.

Manipulating the Pop-up Blocker

Popups are annoying, mostly bad and blocked but can enable for some websites.

Using InPrivate Filtering and InPrivate Browsing

InPrivate Filtering: analyzes content on a web page to determine if the same content is being used on a number of different websites.
If same content is found on other sites it is probably being provided by a third party which is likely gathering information about you.
InPrivate Filtering helps prevent this information gathering. Off by default.

InPrivate Browsing lets you browse websites without storing history, temporary files, form data, cookies or usernames and passwords. Useful
for public computers.

Deleting Browser History

IE stores history and info, can delete it.

Managing Add-ons

Addons provide extra functionality, can crash or conflict and make IE unstable. IE reset will elminate all addons and restore IE to defaults.

Exploring Advanced Security Settings

Can be set with GPO and locked so users cant change. Settings on Advanced tab apply to all security zones, other settings
can be configured for other specific zones.

Comparing Security Zones
  • Internet: Any website not on local computer, local intranet or are not assigned to another zone. Default for internet zone is Medium-High security level
  • Local Intranet: Website hosted on internal network. If accessed via UNC (Universal Naming Convention) using \servername\sharename\pagename
    it will be recognized as intranet zone. If site is placed in trusted or restricted zones those take precidence.
    IE will use Internet zone if you use an IP or FQDN. Default for local intranet zone is Medium-Low security level (Lowest security level of all four zones)
  • Trusted Sites: sometimes orgs host on internet due to employees being outside network or other reasons. THis allows sites to run scripts etc. When in trusted
    sites zone default security level is Medium
  • Restricted Sites: Sites known to host malware but still need to be visited

ActiveX control is a small program that can run in a web browser. Can be configured to only allow digitally signed controls.

Using IE Tools to Identify Malicious Websites

SmartScreen Filter helps identify malicious websites before the page is displayed.
Protected Mode helps protect your system from malicious activity if you do visit a malicious website.

####### Understanding the SmartScreen Filter

Helps protect against phishing. Is turned on by default. Email hyperlinks should be treated with suspicion.

Drive By Download: download initiated by website when user visits. No additional action such as clicking a download button required.
Downloads could include malicious software etc.

SmartScreen also blocks downloads reported as unsafe.

Modifying Protected Mode

Protected Mode runs IE with restrivted priviledges to provide a layer of protection from malicious websites. By default protected mode
is enabled for the Internet and restricted sites zone. It is possible to disable but not recommended. Admins can use GPO to make sure
protected mode is not turned off.

Chapter Review Questions:

  1. You have launched Internet Explorer on Windows Server 2008, and you have noticed that some webpages are not displaying correctly.
    What is causing this?
    a. InPrivate Filtering
    b. InPrivate Browsing
    c. IE Enhanced Security Configuration is enabled
    d. IE Enhanced Security Configuration is disabled
  2. True or false: A cookie is an executable file that tracks a users behavior
  3. What can be used to block all cookies from being stored on a user’s computer durring a browsing session?
    a. InPrivate Browsing
    b. InPrivate Filtering
    c. Pop-up blocker
    d. Protected Mode
  4. True or false: It is not possible to remove the history of browsing sessions
  5. An add-on is causing IE to become unstable, but you are not sure which one is causing the problem. What should you do?
  6. Which zone is used by default for a website with a fully qualified domain name?
    a. Internet
    b. Local intranet
    c. Restricted Sites
    d. Trusted Sites
  7. Which IE security zone has the most relaxed security settings?
  8. Which one of the following helps detect phishing sites?
    a. InPrivate Browsing
    b. InPrivate Filtering
    c. SmartScreen Filter
    d. Protected Mode

Answers:

  1. C
  2. False
  3. A
  4. False
  5. Reset IE
  6. A
  7. Local Intranet
  8. C

Relevant sections of Certification Exam

Notes