In Depth
10 IE Browser Settings for Safer Surfing
Here are 10 essential security settings from Zscaler Senior Security Engineer Jeff Forristal, plus tips from other experts
By Bill Brenner, Senior Editor
Downside: This can affect simple XPS document viewing, but you can get a standalone XPS viewer from MS that doesn't require IE, he said.
2. Disable font download
Tools/Internet Options/Security tab/Internet zone/Custom Level/Font download: disable.
Websites can offer to have your browser install an appropriate font file in order to display international characters correctly when viewing a Web page. This is, however, just another file format and attack vector that could harbor unknown/undiscovered vulnerabilities, Forristal said. If you don't tend to browse websites outside your normal language, then you really don't need this.
Downside: It might make some Web pages slightly less pretty, but Forristal said they will still be usable.
3. Disable inclusion of local file directory path when uploading files to a server
Tools/Internet Options/Security tab/Internet zone/Custom Level/Include local file directory path when uploading files to a server: disable.
Whenever you upload a file to a Web server (such as an image to your blog or Flickr account), the browser has the choice of sending just the file name or the entire file path, even though the website only needs the file name, Forristal said. This results in a mild privacy concern because the file path can include identifying information such as your computer's login account name. Sending "c:\Users\jforristal\Pictures\blog.gif" exposes my username "jforristal," he noted.
Downside: No obvious negatives.
4. Disable prompting if you are prone to just clicking "yes"
Tools/Internet Options/Security tab/Internet zone/Custom Level/(various).
Many of the semi-security options in the zone security tab have "Prompt" set by default, which means to ask you what to do. If you are prone to always selecting "yes" whenever a popup box is presented to you (note: not a good habit!), you can remove the temptation by simply switching all the "Prompt" options to "Disable." This is usually safe if you don't find yourself being prompted for much anyway.
Downside: No obvious negatives.
5. Always prompt for username and password
Tools/Internet Options/Security tab/Internet zone/Custom Level/User Authentication/Logon: Prompt for username and password.
For home users and others using computers that are not in a business environment that uses Active Directory, there is no advantage to having auto-logon enabled since there is practically nothing you would want to auto-logon to out on the Internet, he said. Normally IE will limit this auto-logon behavior to sites in the Intranet zone, but what if an attacker can trick IE to thinking a website is in a different zone? No point in taking that risk for a feature you don't need, anyway, he said.
Internet Explorer
Security Directions: A Virtual Conference
Available On Demand Sept. 30 - Dec. 30
Join us for a virtual event with candid, expert information on top security challenges and issues - all from the comfort of your desktop.
Protecting PII: How to Work with IT to Manage Risk
Understand the critical nature of the test data privacy problem and get tips on how to work with IT to implement a test data privacy program.
Get instant notifications when whitepapers, webcasts and case studies are added
to our library. Sign up for a Resource Alert now!
CSO Corporate Partners
CSO Perspectives
-
April 5-7, 2010Hyatt Regency Santa ClaraClick here for more information!
Santa Clara, California
(ISC)2 members can earn up to 24 CPE Credits!
