Internet Explorer Security in XP

Before you start

Objectives: learn how to configure Internet Options in XP.

Prerequisites: you should be aware of different Internet Options in general.

Key terms: zone, site, cookie, activex, local, control, restrict, manage, privacy


Example Zone Configuration

We can use Internet Options in Control Panel to manage security of Internet Explorer. Let’s open Internet Options and then go to the Security tab. We want to allow ActiveX installations only from Local Intranet or from Trusted Sites. ActiveX file should not be installed from any other location in our case. Other settings for each zone should remain unchanged. First, we will restrict ActiveX installation on the Intranet zone. Notice that our current default level is Medium-high.

 Security Zones

Image 272.1 – Zones

This setting is appropriate for most websites. Notice that unsigned ActiveX controls will not be downloaded, but signed ones will. We want to disable any ActiveX controls. While we could move the slider to High setting to disable ActiveX controls, this would impact other settings as well. We only want to disable ActiveX controls. To do that we will click on the Custom Level button.

 ActiveX Controls Disabled

Image 272.2 – ActiveX Disabled

We have to make sure that all ActiveX options are set to ‘Disable’. In this window we could also set various security options like Downloads, .NET Framework, Scripting and other settings. We will confirm those changes and also make them in the Restricted Sites zone. If we check default settings for Restricted Sites zone we will notice that ActiveX controls are disabled by default. The next thing we need to to is allow ActiveX controls on Trusted Sites and Local Intranet zone. Simply select the zone, click on the Custom Level button, and check appropriate options in the ActiveX section of settings. One last thing we need to do is to add sites to the Trusted Sites zone so that ActiveX controls can run on those particular sites. To do that we have to select Trusted Sites zone and click on the Sites button. Notice that by default this zone requires server verification (https:) for all sites in this zone. We are going to keep that option. We will add https://home.live.com/. Notice that we are using https protocol.

 Site Added

Image 272.3 – Trusted Sites

We don’t have to add sites to the Local Intranet zone because zone membership is managed automatically. All LAN and UNC locations are members of the Local Intranet zone.

 Local Intranet

Image 272.4 – Local Intranet

We could actually add sites by clicking on the Advanced button, but in our situation it is not necessary. Membership of the Internet zone is also managed automatically. All sites that are not in the Local Intranet, Trusted Sites or Restricted Sites zone are members of the Internet zone.

Example Cookie Configuration

Cookies are files that our browser places on our computer. Websites create cookies to keep track of personal information, often to simplify filling out forms or to customize content based on our preferences. We can use Internet Options to customize how our system handles cookies. We will go to Privacy tab.

 Privacy Tab

Image 272.5 – Privacy Settings

Notice that settings configured here only apply to the Internet zone. The slider has predefined levels for cookie handling. If we move it to the highest level, all cookies will be blocked. In our case we want to manually configure our settings so we will click on the Advanced button and then select ‘Override automatic cookie handling’ option. In our case we will block third-party cookies, check the ‘Prompt’ option for first-party cookies and check the ‘Always allow session cookies’.

 Cookies Set

Image 272.6 – Cookies Set

We can also configure cookie handling on a site basis. To set per-site settings we can go back to the Privacy tab and click on the Sites button. In our case we have entered the www.saadz26.sg-host.com and clicked the Allow button. This will allow all cookies on saadz26.sg-host.com site and will override any general cookie settings.

 Allowed Cookies

Image 272.7 – Allowed Cookies

Remember

We can use Internet Options in Control Panel to manage security of Internet Explorer. Security in Internet Explorer is managed trough Security Zones. Security Zones allow us to control different types of access depending on sites, which we can group into general categories. Local Intranet and Internet zone membership is managed automatically. All sites that are not in the Local Intranet, Trusted Sites or Restricted Sites zone are members of the Internet zone. Cookies are files that our browser places on our computer to keep track of personal information. We can configure cookie handling on a site basis.