+ All Categories
Home > Documents > Configuring Windows Internet Explorer 7 Security Lesson 5.

Configuring Windows Internet Explorer 7 Security Lesson 5.

Date post: 17-Dec-2015
Category:
Upload: sherman-beasley
View: 230 times
Download: 2 times
Share this document with a friend
Popular Tags:
54
Configuring Windows Configuring Windows Internet Explorer 7 Internet Explorer 7 Security Security Lesson 5
Transcript
Page 1: Configuring Windows Internet Explorer 7 Security Lesson 5.

Configuring Windows Configuring Windows Internet Explorer 7 Internet Explorer 7

SecuritySecurityLesson 5

Page 2: Configuring Windows Internet Explorer 7 Security Lesson 5.

Skills MatrixSkills Matrix

Technology Skill Objective Domain Skill Domain #Understanding Internet Explorer Security

Configure and troubleshoot security for Windows Internet Explorer 7+• Troubleshoot policy-setting issues

2.1

Understanding Security Zones

Troubleshoot policy-setting issues

2.1

Understanding Internet Explorer Protected Mode

Troubleshoot Protected Mode issues

2.1

Page 3: Configuring Windows Internet Explorer 7 Security Lesson 5.

Skills MatrixSkills Matrix

Technology Skill Objective Domain Skill Domain #Understanding ActiveX Opt-in and ActiveX Installer Services

ActiveX Opt-in and ActiveX Installer Service

2.1

Understanding ActiveX Opt-in

ActiveX Opt-in and ActiveX Installer Service

2.1

Understanding and Configuring the ActiveX Installer Service

ActiveX Opt-in and ActiveX Installer Service

2.1

Understanding and Managing Add-Ons

Configure and troubleshoot security for Windows Internet Explorer 7+

2.1

Page 4: Configuring Windows Internet Explorer 7 Security Lesson 5.

Skills MatrixSkills Matrix

Technology Skill Objective Domain Skill Domain #Understanding and Configuring the Phishing Filter

Configure and troubleshoot security for Windows Internet Explorer 7+

2.1

Resetting Internet Explorer Settings

Troubleshoot policy-setting issues

2.1

Configuring Additional Group Policy Security Settings

Troubleshoot policy-setting issues

2.1

Understanding Certificates Troubleshoot certificate issues

2.1

Page 5: Configuring Windows Internet Explorer 7 Security Lesson 5.

Internet Explorer 7 security has several new additions, including Internet Explorer Protected Mode (available only on Windows Vista) and ActiveX Opt-in.

Explorer Protected Mode

ActiveX Opt-in and ActiveX Installer Services

Phishing Filter

Reset Internet Explorer Settings (REIS)

Understanding Internet Explorer Security

Understanding Internet Explorer Understanding Internet Explorer SecuritySecurity

Page 6: Configuring Windows Internet Explorer 7 Security Lesson 5.

Click Start. In the Start Search box, key gpmc.msc and then press Ctrl + Shift + Enter. A User Account Control dialog box appears.

Provide administrator credentials, and then click OK.

In the console tree, expand Forest: ForestName > Domains > DomainName > Group Policy Objects.

Configuring IE7 Security Settings Through Group Policy

Understanding Internet Explorer Understanding Internet Explorer SecuritySecurity

Page 7: Configuring Windows Internet Explorer 7 Security Lesson 5.

• Right-click the Group Policy object for which you want to configure Internet Explorer security settings, and then click Edit. The Group Policy Object Editor opens with the GPO you selected loaded.

• In the console tree, expand Computer Configuration > Administrative Templates > Windows Components > Internet Explorer.

Configuring IE7 Security Settings Through Group Policy (cont.)

Understanding Internet Explorer Understanding Internet Explorer SecuritySecurity

Page 8: Configuring Windows Internet Explorer 7 Security Lesson 5.

Configuring IE7 Security Settings Through Group Policy (cont.)

Understanding Internet Explorer Understanding Internet Explorer SecuritySecurity

Internet Explorer Group Policy settings

Page 9: Configuring Windows Internet Explorer 7 Security Lesson 5.

Security zones are divisions of URL namespaces that enable you to vary security according to where the content is coming from.

Internet

Local Intranet

Trusted Sites

Restricted Sites

Local Machine

Understanding Security Zones

Understanding Security ZonesUnderstanding Security Zones

Page 10: Configuring Windows Internet Explorer 7 Security Lesson 5.

Low security

Default template for the Local Machine zone

Minimal safeguards and warning prompts provided

Most content is downloaded and run without prompts

All active content can run

Appropriate for sites that you absolutely trust

Understanding Security Zones (cont.)

Understanding Security ZonesUnderstanding Security Zones

Page 11: Configuring Windows Internet Explorer 7 Security Lesson 5.

Medium-low security

Default template for the Local Intranet zone

Appropriate for websites on your local network (intranet)

Most content will run without prompting you

Unsigned ActiveX controls will not be downloaded

Same as Medium level without prompts

Understanding Security Zones (cont.)

Understanding Security ZonesUnderstanding Security Zones

Page 12: Configuring Windows Internet Explorer 7 Security Lesson 5.

Medium security

Default template for the Trusted Sites zone

Prompts before downloading potentially unsafe content

Unsigned ActiveX controls will not be downloaded

Understanding Security Zones (cont.)

Understanding Security ZonesUnderstanding Security Zones

Page 13: Configuring Windows Internet Explorer 7 Security Lesson 5.

Medium-high security

Default template for the Internet zone

Appropriate for most websites

Prompts before downloading potentially unsafe content

Unsigned ActiveX controls will not be downloaded

Understanding Security Zones (cont.)

Understanding Security ZonesUnderstanding Security Zones

Page 14: Configuring Windows Internet Explorer 7 Security Lesson 5.

High security

Default template for the Restricted Sites zone

Appropriate for websites that might contain harmful content

Maximum safeguards

Less secure features are disabled

Understanding Security Zones (cont.)

Understanding Security ZonesUnderstanding Security Zones

Page 15: Configuring Windows Internet Explorer 7 Security Lesson 5.

It is not uncommon for a user to experience browser problems due to an action that is disallowed by the settings for the security zone.

In Internet Explorer, in the Tools menu, click Internet Options.

Click the Security tab.

Configuring Zone Security Settings Locally

Understanding Security ZonesUnderstanding Security Zones

Page 16: Configuring Windows Internet Explorer 7 Security Lesson 5.

In the Select a zone to view or change security settings section, select the zone for which you want to configure a security setting.

To change the template that Windows assigns to the zone, use the slide in the Security level for this zone section.

To customize security for the selected zone, click Custom level. The Security Settings – ZoneName Zone dialog box appears.

Configuring Zone Security Settings Locally (cont.)

Understanding Security ZonesUnderstanding Security Zones

Page 17: Configuring Windows Internet Explorer 7 Security Lesson 5.

Configuring Zone Security Settings Locally (cont.)

Understanding Security ZonesUnderstanding Security Zones

• To configure custom settings, select the options as desired for each of the security settings in the Settings standard list box.

• To restore all settings to their original configuration, click Reset.

Page 18: Configuring Windows Internet Explorer 7 Security Lesson 5.

Internet Explorer Protected Mode is a feature of Internet Explorer 7 available on Windows Vista. Protected Mode protects against unsolicited installation of software and modification of data.

Internet Explorer Protected Mode

Understanding Internet Explorer Understanding Internet Explorer Protected ModeProtected Mode

Page 19: Configuring Windows Internet Explorer 7 Security Lesson 5.

Enabling or Disabling Protected Mode Locally

Understanding Internet Explorer Understanding Internet Explorer Protected ModeProtected Mode

Select a zone to view or change security settings from the Security tab to configure Protected Mode.

Page 20: Configuring Windows Internet Explorer 7 Security Lesson 5.

Open the GPO you want to edit in the Group Policy Object Editor.

In the console of the Group Policy Object Editor, expand Computer Configuration > Administrative Templates > Windows Components > Internet Explorer > Internet Control Panel > Security Page.

Configuring Protected Mode Through Group Policy

Understanding Internet Explorer Understanding Internet Explorer Protected ModeProtected Mode

Page 21: Configuring Windows Internet Explorer 7 Security Lesson 5.

• Select ZoneName, where ZoneName is the zone for which you want to configure Windows Protected Mode policy.

• In the details pane, right-click Turn on Protected Mode, and then click Properties.

Configuring Protected Mode Through Group Policy (cont.)

Understanding Internet Explorer Understanding Internet Explorer Protected ModeProtected Mode

Page 22: Configuring Windows Internet Explorer 7 Security Lesson 5.

Select one of the following:

Not Configured – Select this option to enable users to turn Windows Protected Mode on or off for this zone.

Enabled – Select this option to turn on Protected Mode for this zone and to disallow users the ability to turn it off.

Configure Protected Mode Through Group Policy (cont.)

Understanding Internet Explorer Understanding Internet Explorer Protected ModeProtected Mode

Page 23: Configuring Windows Internet Explorer 7 Security Lesson 5.

Select one of the following:

Disabled – Select this option to turn off Protected Mode for this zone and to disallow users the ability to turn it on.

Configure Protected Mode Through Group Policy (cont.)

Understanding Internet Explorer Understanding Internet Explorer Protected ModeProtected Mode

Page 24: Configuring Windows Internet Explorer 7 Security Lesson 5.

ActiveX Opt-in limits exposure to malicious ActiveX controls by disabling most ActiveX controls and by requiring permission from a user with administrator credentials before installing any of the remainder of ActiveX controls.

The ActiveX Installer Services enable administrators to specify a list of ActiveX controls that users are enabled to install without administrator credentials.

ActiveX Opt-in and ActiveX Installer Services

Understanding ActiveX Opt-in and Understanding ActiveX Opt-in and ActiveX Installer ServicesActiveX Installer Services

Page 25: Configuring Windows Internet Explorer 7 Security Lesson 5.

By default, ActiveX Opt-in will not disable the following ActiveX controls:

Commonly used controls whose security Microsoft has already deemed acceptable

Controls used in a previous version of Internet Explorer before upgrading to Internet Explorer 7

Controls that ActiveX Opt-in automatically enables during the install process when the user downloads them using IE7

ActiveX Opt-in and ActiveX Installer Services (cont.)

Understanding ActiveX Opt-in and Understanding ActiveX Opt-in and ActiveX Installer ServicesActiveX Installer Services

Page 26: Configuring Windows Internet Explorer 7 Security Lesson 5.

ActiveX Opt-in and ActiveX Installer Services (cont.)

Understanding ActiveX Opt-in and Understanding ActiveX Opt-in and ActiveX Installer ServicesActiveX Installer Services

When you select Install ActiveX Control, a User Account Control dialog box will open. You can then provide administrator credentials to install the ActiveX Control.

Page 27: Configuring Windows Internet Explorer 7 Security Lesson 5.

Open the Security Settings – ZoneName Zone dialog box for the zone in which you want to enable or disable ActiveX Opt-in.

Scroll the list box until you find the ActiveX controls and plug-ins section.

Enabling or Disabling ActiveX Opt-in Locally

Understanding ActiveX Opt-in and Understanding ActiveX Opt-in and ActiveX Installer ServicesActiveX Installer Services

Page 28: Configuring Windows Internet Explorer 7 Security Lesson 5.

Under the Allow previously unused ActiveX controls to run without prompt setting, select one of the following:

Disable – Select this option to Enable ActiveX Opt-in (this is correct: you disable this setting to enable ActiveX Opt-in).

Enable – Select this option to disable ActiveX Opt-in (this is correct: you enable this setting to disable ActiveX Opt-in).

Enabling or Disabling ActiveX Opt-in Locally (cont.)

Understanding ActiveX Opt-in and Understanding ActiveX Opt-in and ActiveX Installer ServicesActiveX Installer Services

Page 29: Configuring Windows Internet Explorer 7 Security Lesson 5.

Configuring ActiveX Opt-in Through Group Policy

Understanding ActiveX Opt-in and Understanding ActiveX Opt-in and ActiveX Installer ServicesActiveX Installer Services

Turn Off First-Run Opt-In Properties dialog box with Enabled selected

Page 30: Configuring Windows Internet Explorer 7 Security Lesson 5.

The ActiveX Installer Service (AxIS) enables administrators to allow standard users to install ActiveX controls. Using the ActiveX Installer Service requires four components:

Internet Explorer 7+

ActiveX Installer Service

Group Policy configuration

Approved installation sites for ActiveX controls

ActiveX Installer Service

Understanding ActiveX Opt-in and Understanding ActiveX Opt-in and ActiveX Installer ServicesActiveX Installer Services

Page 31: Configuring Windows Internet Explorer 7 Security Lesson 5.

Turning on the ActiveX Installer Service Locally

Understanding ActiveX Opt-in and Understanding ActiveX Opt-in and ActiveX Installer ServicesActiveX Installer Services

Select the ActiveX Installer Service check box, and then click OK.

Page 32: Configuring Windows Internet Explorer 7 Security Lesson 5.

Key 2,2,1,0x00002000 to:

Install all ActiveX controls silently (TPSSignedContro=2 and SignedControl=2),

Require user permission to install unsigned ActiveX controls (UnsignedControl=1)

Ignore invalid certificate dates for ActiveX controls: (ServerCertificatePolicy=0x00002000)

Configuring ActiveX Installer Service Through Group Policy

Understanding ActiveX Opt-in and Understanding ActiveX Opt-in and ActiveX Installer ServicesActiveX Installer Services

Page 33: Configuring Windows Internet Explorer 7 Security Lesson 5.

You can manage Add-ons using the Manage Add-ons dialog box. Add-ons extend the functionality of Internet Explorer, but can also be malicious or cause instability or poor performance.

Managing Add-ons

Understanding and Managing Add-onsUnderstanding and Managing Add-ons

Page 34: Configuring Windows Internet Explorer 7 Security Lesson 5.

From the Start menu, click All Programs.

Click Accessories, click System Tools, and then click Internet Explorer (No Add-ons).

An intercept page indicates that Internet Explorer is running without add-ons.

Running Internet Explorer Without Add-Ons

Understanding and Managing Add-onsUnderstanding and Managing Add-ons

Page 35: Configuring Windows Internet Explorer 7 Security Lesson 5.

Add-ons that have been used by Internet Explorer – Select this option to display a complete list of the add-ons that reside on your computer.

Add-ons currently loaded in Internet Explorer – Select this option to display only those add-ons that were needed for the current web page or a recently viewed web page.

Managing Internet Explorer Add-Ons

Understanding and Managing Add-onsUnderstanding and Managing Add-ons

Page 36: Configuring Windows Internet Explorer 7 Security Lesson 5.

Add-ons that run without requiring permission – Select this option to display add-ons that are pre-approved by Microsoft, your computer manufacturer, or a service provider. These add-ons are less likely to be the cause of problems.

Downloaded ActiveX Controls (32-bit) – Select this option to display only 32-bit ActiveX controls.

Managing Internet Explorer Add-Ons (cont.)

Understanding and Managing Add-onsUnderstanding and Managing Add-ons

Page 37: Configuring Windows Internet Explorer 7 Security Lesson 5.

Certificates identify the owner of Internet entities, such as websites. They also enable you to communicate with other users through public key encryption.

Certificates

Understanding CertificatesUnderstanding Certificates

Page 38: Configuring Windows Internet Explorer 7 Security Lesson 5.

Certificates (cont.)

Understanding CertificatesUnderstanding Certificates

If you click Certificate Error, the Untrusted Certificate warning box will open. You can click View certificates to see detailed information on the certificate, including who issued it.

Page 39: Configuring Windows Internet Explorer 7 Security Lesson 5.

Phishing is the action taken when attackers attempt to trick users into giving personal or financial information through fraudulent emails for the purpose of identity theft.

The Phishing Filter monitors websites and alerts you when it suspects that you have encountered a phishing website.

Phishing Filter

Understanding and Configuring the Understanding and Configuring the Phishing FilterPhishing Filter

Page 40: Configuring Windows Internet Explorer 7 Security Lesson 5.

Open Internet Explorer, and then open the Security Settings – ZoneName Zone dialog box for the zone in which you want to enable or disable the Phishing Filter.

In the Security Settings – ZoneName Zone dialog box, scroll the list box until you find the Miscellaneous section.

Enabling or Disabling the Phishing Filter Locally

Understanding and Configuring the Understanding and Configuring the Phishing FilterPhishing Filter

Page 41: Configuring Windows Internet Explorer 7 Security Lesson 5.

Continue scrolling down to the Use Phishing Filter setting, and then select one of the following:

Disable – Select this option to disable the Phishing Filter.

Enable – Select this option to enable the Phishing Filter.

Enabling or Disabling the Phishing Filter Locally (cont.)

Understanding and Configuring the Understanding and Configuring the Phishing FilterPhishing Filter

Page 42: Configuring Windows Internet Explorer 7 Security Lesson 5.

Not Configured – Select this option to prompt users to choose the mode of operation for the Phishing Filter.

Enabled – Select this option to enable the Phishing Filter without prompting the user.

Disabled – Select this option to prompt users to choose the mode of operation for the Phishing Filter.

Configuring the Phishing Filter Through Group Policy

Understanding and Configuring the Understanding and Configuring the Phishing FilterPhishing Filter

Page 43: Configuring Windows Internet Explorer 7 Security Lesson 5.

You can reset many Internet Explorer settings simultaneously to restore the browser to a more uncorrupted state in an attempt to remedy instability.

Resetting Internet Explorer Settings

Resetting Internet Explorer SettingsResetting Internet Explorer Settings

Page 44: Configuring Windows Internet Explorer 7 Security Lesson 5.

REIS resets the following:

Browser settings – Resets all user-defined browser settings

Extensibility – Any extensions that you have added, such as toolbars, are prevented from running automatically. Also, ActiveX Opt-in is reset.

Resetting Internet Explorer Settings (cont.)

Resetting Internet Explorer SettingsResetting Internet Explorer Settings

Page 45: Configuring Windows Internet Explorer 7 Security Lesson 5.

Browsing history and temporary files are restored including temporary Internet files, cookies, browsing history, form data, passwords, and auto-complete data.

Manufacturer settings for Internet Explorer as set by the computer manufacturer are restored.

Resetting Internet Explorer Settings (cont.)

Resetting Internet Explorer SettingsResetting Internet Explorer Settings

Page 46: Configuring Windows Internet Explorer 7 Security Lesson 5.

Resetting Internet Explorer Settings (cont.)

Resetting Internet Explorer SettingsResetting Internet Explorer Settings

Reset Internet Explorer Settings on the Advanced tab of the Internet Options dialog box.

Page 47: Configuring Windows Internet Explorer 7 Security Lesson 5.

You can centrally manage Internet Explorer 7 security settings by using Group Policy.

Managing Internet Explorer Security Using Group Policy

Configuring Additional Group Policy Configuring Additional Group Policy Security SettingsSecurity Settings

Page 48: Configuring Windows Internet Explorer 7 Security Lesson 5.

SummarySummary

Internet Explorer 7 security is improved compared with previous versions. It is raised further by Internet Explorer Protected Mode, which is available only on Windows Vista.

Protected Mode protects against unsolicited installation of software and modification of data.

You learned how to enable or disable Protected Mode.

You Learned

Page 49: Configuring Windows Internet Explorer 7 Security Lesson 5.

SummarySummary

Security zones divide URL namespaces and enable you to vary security according to where the content is coming from.

You learned how to configure zone security settings.

You Learned (cont.)

Page 50: Configuring Windows Internet Explorer 7 Security Lesson 5.

SummarySummary

ActiveX Opt-in limits exposure to malicious ActiveX controls by disabling most ActiveX controls by default and requiring permission from a user with administrator credentials before installing any of the remaining ActiveX controls.

You Learned (cont.)

Page 51: Configuring Windows Internet Explorer 7 Security Lesson 5.

SummarySummary

ActiveX Installer Services enable administrators to specify a list of ActiveX controls that users can install without administrator credentials.

You learned how to enable or disable ActiveX Opt-in.

You learned how to configure the ActiveX Installer Service.

You Learned (cont.)

Page 52: Configuring Windows Internet Explorer 7 Security Lesson 5.

SummarySummary

Add-ons extend the functionality of Internet Explorer, but they can also be malicious or cause instability or poor performance.

You learned how to manage Add-ons using the Manage Add-ons dialog box.

You learned how to run Internet Explorer without add-ons.

You Learned (cont.)

Page 53: Configuring Windows Internet Explorer 7 Security Lesson 5.

SummarySummary

Certificates identify the owner of Internet entities, such as websites. They also enable you to communicate with other users through public key encryption.

The Phishing filter monitors websites and alerts you when it suspects that you have encountered a phishing website.

You Learned (cont.)

Page 54: Configuring Windows Internet Explorer 7 Security Lesson 5.

SummarySummary

You learned how to enable or disable the Phishing Filter.

You learned how to configure the Phishing Filter.

You learned how to simultaneously reset many Internet Explorer settings using REIS to restore the browser to a more uncorrupted state in an attempt to remedy instability.

You Learned (cont.)


Recommended