Under the Programs tab,
you can specify your default applications for viewing web sites, email
messages, HTML editing and various other network related tasks. You can also
disable Internet Explorer from asking you if you would like it to be your
default web browser here.
See more information on securing web browsers at the US-CERT web site.
Internationalized Domain Names (IDN)
can be abused to allow spoofing of web page addresses. This can allow phishing
attacks to be more convincing. To protect against IDN spoofing in
Internet Explorer, enable the Always show encoded addresses option.
This will cause IDN addresses to be displayed in an encoded form in the
Internet Explorer address bar and status bar, which will remove the visual
similarity to the spoofing target address.
The Advanced tab
contains settings that apply to all of the security zones. We recommend that
you disable the Enable third-party browser extensions option.
This option includes toolbars and Browser Helper Objects (BHOs). While some
add-ons can be useful, they also have the ability to violate your privacy. For
example, a browser add-on may monitor your web browsing habits, or even change
the contents of web pages in an attempt to gather personal information.
Alternatively, if you do not wish to
receive warning dialogs when a site attempts to set a cookie, you can use Internet
Explorer’s pre-set privacy rules. Click the Default button and
then drag the slider up to High. Note that some web sites may fail
to function properly with the High setting. In such cases, you
may add the site to the list of sites for which cookies are allowed, as
described previously.
By selecting the Sites… button,
you can manage the cookie settings for specific sites. You can add or remove
sites, and you can change the current settings for existing sites. The bottom
section of this window will specify the domain of the site and the action to
take when that site wants to place a cookie on your machine. You can use the
upper section of this window to change these settings.
You can then evaluate the
originating site, whether you wish to accept or deny the cookie, and what
action to take (allow or block, with the option to remember the decision for
all future cookies from that web site). For example, if visiting a web site
causes a cookie prompt from a web domain that is associated with advertising,
you may wish to click Block Cookie to prevent that domain from
being able to set cookies on your computer, for privacy reasons.
US-CERT recommends that you select
the Advanced button and select Override automatic
cookie handling. Then select Prompt for both first and
third-party cookies. This will prompt you each time a site tries to place a
cookie on your machine. If the number of cookie prompts is too excessive, the
option to Always allow session cookies can be enabled.
The Privacy tab
contains settings for cookies. Cookies are text files placed on your computer
by various sites that you visit either directly (first-party) or indirectly
(third-party) through ad banners, for example. A cookie can contain any data
that a site wishes to store. It is often used to track your computer as you
move through a web site and store information such as preferences or
credentials.
Keep in mind that when the Internet
Zone is set to High, you may encounter web sites that do not
function properly due to one or more of the associated security settings. This
is where the Trusted sites zone can help. If you trust that
the site will not contain malicious content, you can add it to the list of
sites in the Trusted sites zone. Once a site is added to this zone, features
such as ActiveX and Active scripting will be enabled for the site.
The Trusted sites zone
is a security zone for
sites that you think are safe to visit. You believe that the site is designed
with security in mind and that it can be trusted not to contain malicious
content. To add or remove sites from this zone, you can click the Sites button.
This will open a secondary window listing the sites that you trust and
permitting you to add or remove them.
Infosec Insider content is written by a trusted community of Threatpost cybersecurity subject matter experts. Each contribution has a goal of bringing a unique voice to important cybersecurity topics. Content strives to be of the highest quality, objective and non-commercial.
Sponsored Content is paid for by an advertiser. Sponsored content is written and edited by members of our sponsor community. This content creates an opportunity for a sponsor to provide insight and commentary from their point-of-view directly to the Threatpost audience. The Threatpost editorial team does not participate in the writing or editing of Sponsored Content.
