About
"Distrust and caution are the parents of security" - Benjamin Franklin
By selecting the Sites… button,
you can manage the cookie settings for specific sites. You can add or remove
sites, and you can change the current settings for existing sites. The bottom
section of this window will specify the domain of the site and the action to
take when that site wants to place a cookie on your machine. You can use the
upper section of this window to change these settings.
You can then evaluate the
originating site, whether you wish to accept or deny the cookie, and what
action to take (allow or block, with the option to remember the decision for
all future cookies from that web site). For example, if visiting a web site
causes a cookie prompt from a web domain that is associated with advertising,
you may wish to click Block Cookie to prevent that domain from
being able to set cookies on your computer, for privacy reasons.
US-CERT recommends that you select
the Advanced button and select Override automatic
cookie handling. Then select Prompt for both first and
third-party cookies. This will prompt you each time a site tries to place a
cookie on your machine. If the number of cookie prompts is too excessive, the
option to Always allow session cookies can be enabled.
The Privacy tab
contains settings for cookies. Cookies are text files placed on your computer
by various sites that you visit either directly (first-party) or indirectly
(third-party) through ad banners, for example. A cookie can contain any data
that a site wishes to store. It is often used to track your computer as you
move through a web site and store information such as preferences or
credentials.
Keep in mind that when the Internet
Zone is set to High, you may encounter web sites that do not
function properly due to one or more of the associated security settings. This
is where the Trusted sites zone can help. If you trust that
the site will not contain malicious content, you can add it to the list of
sites in the Trusted sites zone. Once a site is added to this zone, features
such as ActiveX and Active scripting will be enabled for the site.
The Trusted sites zone
is a security zone for
sites that you think are safe to visit. You believe that the site is designed
with security in mind and that it can be trusted not to contain malicious
content. To add or remove sites from this zone, you can click the Sites button.
This will open a secondary window listing the sites that you trust and
permitting you to add or remove them.
For a more fine-grained control over
what features are allowed in the zone, click the Custom Level button.
At this point, you can control the specific security options that apply
to the current zone. For example ActiveX can be disabled by selecting Disable for Run
ActiveX controls and plug-ins.
Default values for the High security
setting can be selected by choosing High and clicking
the Reset button to apply the changes.
Select the Security tab.
This provides a list of the various security zones that Internet Explorer uses.
For each of these zones, you can select a Custom Level of protection. By
clicking the Custom Level button, you will see a second window
open that permits you to select various security settings for that zone.
The Internet zone is where all sites initially start out. The
security settings for this zone apply to all the web sites that are not listed
in the other security zones.
Here are steps to disable various
features in the latest version of Microsoft’s Internet Explorer browser.
Start by opening Internet Explorer
and selecting Tools then Internet Options…
With assistance from the United States Computer
Emergency Response Team (US-CERT), this slideshow will walk you through the
steps to configure Microsoft’s Internet Explorer to limit the damage from
hacker attacks. Keep in mind that, in some cases, these recommended
settings may interfere with normal usage of some applications.
Note that menu options may vary
between versions of IE, so you should adapt the steps below as appropriate.
Infosec Insider content is written by a trusted community of Threatpost cybersecurity subject matter experts. Each contribution has a goal of bringing a unique voice to important cybersecurity topics. Content strives to be of the highest quality, objective and non-commercial.
Sponsored Content is paid for by an advertiser. Sponsored content is written and edited by members of our sponsor community. This content creates an opportunity for a sponsor to provide insight and commentary from their point-of-view directly to the Threatpost audience. The Threatpost editorial team does not participate in the writing or editing of Sponsored Content.
