IE Security settings

Discussion in 'other security issues & news' started by polo, Aug 25, 2002.

Thread Status:
Not open for further replies.
  1. polo

    polo Guest

    Can someone tell me the safest "Internet" settings in IE 5.00? It's more complicated than NS, KM or Moz since you have more options than just Java, JS and Cookies.

    Medium setting isn't THAT safe? You have to do a Custom setting from Medium to disable scripting etc? Should _anything_ related to ActiveX be disabled?

    What about the Intranet (only for if on a LAN not home single PC?), Restricted and Trusted sites settings?
     
  2. javacool

    javacool BrightFort Moderator

    Joined:
    Feb 10, 2002
    Posts:
    3,995
    Pertaining to just ActiveX controls - those who want to retain functionality with Windows Update, Office Update, and other similar sites (the Symantec vulnerability scanner also uses ActiveX) may find the following custom settings useful:

    -Download signed ActiveX controls: PROMPT
    -Download unsigned ActiveX controls: DISABLE
    -Initialize and script ActiveX controls not marked as safe: DISABLE
    -Run ActiveX controls and plug-ins: ENABLE
    -Script ActiveX controls marked safe from scripting: ENABLE
    (some people may want to set the last one to prompt, although you may get a lot of pop up windows asking for permission because of it)

    If you feel no need for ActiveX in your internet zone, you may also decide to totally disable all of those features in the Internet Zone, and add Windows Update and related sites to your "Trusted Sites Zone", where I still recommend that you apply the above options (i.e. disabling unsigned and un-safe ActiveX controls).

    -Javacool
     
  3. javacool

    javacool BrightFort Moderator

    Joined:
    Feb 10, 2002
    Posts:
    3,995
    Also, you may find it useful to edit the following two settings:

    -Allow paste operations via script: DISABLE
    -Scripting of Java applets: DISABLE

    If you decide not to disable Active Scripting, because many sites you visit use it, then disabling the two features noted above will provide a *slightly* more secure environment, in that area (there are vulnerabilities that exploit both).

    I have no issues disabling the two above settings in the Internet Zone (or any other zone for that matter).

    -Javacool
     
  4. Javacool has you covered on this and here are some sites that might help....

    IE safe setting

    http://www.markusjansson.net/eienbid.html#safe

    http://www.markusjansson.net/eienbid.html

    IE Settings - A Simple Tutorial
    http://members.tccoa.com/ryang/ie.html
     
  5. Prince_Serendip

    Prince_Serendip Registered Member

    Joined:
    Apr 8, 2002
    Posts:
    819
    Location:
    Canada
  6. javacool

    javacool BrightFort Moderator

    Joined:
    Feb 10, 2002
    Posts:
    3,995
    If I remember, there was also a bug that allowed exploitation using the folder view for FTP sites...so if that option appears under your Advanced settings toolbar in the Internet Options, I would disable it (look for "Enable folder view for FTP sites").

    -Javacool
     
  7. JacK

    JacK Registered Member

    Joined:
    Jun 20, 2002
    Posts:
    737
    Location:
    Belgium -Li?ge
    Hi Javacool,

    For confidentiality purpose, I should also disable "permanence des données utilisateur" (user 's data permanence, in Eng or something of the kind)

    Rgds,
     
  8. Mike_Healan

    Mike_Healan Registered Member

    Joined:
    Mar 6, 2002
    Posts:
    302
    Location:
    USA
    User data persistance I think you mean.
     
  9. polo

    polo Guest

    I like http://members.tccoa.com/ryang/ie.html
    So from what I understand you don't have to actually choose an IE setting since you will be customising the settings anyway. Even "High" setting is dangerous without user modification.

    The Intranet zone is redundant for home PC if you are using a dial-up to 1 PC?

    The Restricted and Trusted sites allow you to configure those sites you add separately from the "general" Internet one, saves you always going to Options and changing the settings?

    Just a bit scary at first if you've been using Netscape and others. They have no ActiveX features or IFRAME,- simpler set of options. Plus there's no Restricted or Trusted settings.

    Other than that which IE should you have for Win98? IE5.0 is old... You should make sure all patches are added too.
     
  10. Tinribs

    Tinribs Registered Member

    Joined:
    Mar 14, 2002
    Posts:
    734
    Location:
    England
    Heres a follow on from this, recieved today from Kaspersky;


    Microsoft Offers Security Fixes for Explorer, XP and NT 4.0
    Microsoft has announced several security flaws in its software, with
    some of the flaws given a high degree of importance.

    Critical flaws are reported in Internet Explorer 5.01, 5.5 and 6.0 that
    could allow an attacker to access a victim's computer and run
    unauthorized commands. Also announced are less serious security
    vulnerabilities in Windows XP Professional and Windows NT 4.0, which
    give an attacker the chance the crash these systems.

    Fixes for the vulnerabilities described above can be found on the
    Microsoft Web site at: http://www.microsoft.com/security
     
Loading...
Thread Status:
Not open for further replies.