Configuring Windows Internet Explorer 7 Security Lesson 5

  • Slides: 54
Download presentation
Configuring Windows Internet Explorer 7 Security Lesson 5

Configuring Windows Internet Explorer 7 Security Lesson 5

Technology Skill Understanding Internet Explorer Security Objective Domain Skill Domain # Configure and troubleshoot

Technology Skill Understanding Internet Explorer Security Objective Domain Skill Domain # Configure and troubleshoot 2. 1 security for Windows Internet Explorer 7+ • Troubleshoot policysetting issues Understanding Security Zones Troubleshoot policy-setting 2. 1 issues Understanding Internet Explorer Protected Mode Troubleshoot Protected Mode issues Skills Matrix 2. 1

Technology Skill Understanding Active. X Opt -in and Active. X Installer Services Understanding Active.

Technology Skill Understanding Active. X Opt -in and Active. X Installer Services Understanding Active. X Opt -in Understanding and Configuring the Active. X Installer Service Objective Domain Skill Domain # Active. X Opt-in and Active. X 2. 1 Installer Service Understanding and Managing Add-Ons Configure and troubleshoot 2. 1 security for Windows Internet Explorer 7+ Skills Matrix Active. X Opt-in and Active. X 2. 1 Installer Service

Technology Skill Understanding and Configuring the Phishing Filter Objective Domain Skill Domain # Configure

Technology Skill Understanding and Configuring the Phishing Filter Objective Domain Skill Domain # Configure and troubleshoot 2. 1 security for Windows Internet Explorer 7+ Resetting Internet Explorer Settings Configuring Additional Group Policy Security Settings Troubleshoot policy-setting 2. 1 issues Understanding Certificates Troubleshoot certificate issues Skills Matrix 2. 1

Understanding Internet Explorer Security Internet Explorer 7 security has several new additions, including Internet

Understanding Internet Explorer Security Internet Explorer 7 security has several new additions, including Internet Explorer Protected Mode (available only on Windows Vista) and Active. X Opt-in. Ø Explorer Protected Mode Ø Active. X Opt-in and Active. X Installer Services Ø Phishing Filter Ø Reset Internet Explorer Settings (REIS) Understanding Internet Explorer Security

Configuring IE 7 Security Settings Through Group Policy Click Start. In the Start Search

Configuring IE 7 Security Settings Through Group Policy Click Start. In the Start Search box, key gpmc. msc and then press Ctrl + Shift + Enter. A User Account Control dialog box appears. Provide OK. administrator credentials, and then click In the console tree, expand Forest: Forest. Name > Domains > Domain. Name > Group Policy Objects. Understanding Internet Explorer Security

Configuring IE 7 Security Settings Through Group Policy (cont. ) • Right-click the Group

Configuring IE 7 Security Settings Through Group Policy (cont. ) • Right-click the Group Policy object for which you want to configure Internet Explorer security settings, and then click Edit. The Group Policy Object Editor opens with the GPO you selected loaded. • In the console tree, expand Computer Configuration > Administrative Templates > Windows Components > Internet Explorer. Understanding Internet Explorer Security

Configuring IE 7 Security Settings Through Group Policy (cont. ) Internet Explorer Group Policy

Configuring IE 7 Security Settings Through Group Policy (cont. ) Internet Explorer Group Policy settings Understanding Internet Explorer Security

Understanding Security Zones Security zones are divisions of URL namespaces that enable you to

Understanding Security Zones Security zones are divisions of URL namespaces that enable you to vary security according to where the content is coming from. Ø Internet Ø Local Intranet Ø Trusted Sites Ø Restricted Sites Ø Local Machine Understanding Security Zones

Understanding Security Zones (cont. ) Low security Ø Default template for the Local Machine

Understanding Security Zones (cont. ) Low security Ø Default template for the Local Machine zone Ø Minimal safeguards and warning prompts provided Ø Most content is downloaded and run without prompts Ø All active content can run Ø Appropriate for sites that you absolutely trust Understanding Security Zones

Understanding Security Zones (cont. ) Medium-low security Ø Default template for the Local Intranet

Understanding Security Zones (cont. ) Medium-low security Ø Default template for the Local Intranet zone Ø Appropriate for websites on your local network (intranet) Ø Most content will run without prompting you Ø Unsigned Active. X controls will not be downloaded Ø Same as Medium level without prompts Understanding Security Zones

Understanding Security Zones (cont. ) Medium security Ø Default template for the Trusted Sites

Understanding Security Zones (cont. ) Medium security Ø Default template for the Trusted Sites zone Ø Prompts before downloading potentially unsafe content Ø Unsigned Active. X controls will not be downloaded Understanding Security Zones

Understanding Security Zones (cont. ) Medium-high security Ø Default template for the Internet zone

Understanding Security Zones (cont. ) Medium-high security Ø Default template for the Internet zone Ø Appropriate for most websites Ø Prompts before downloading potentially unsafe content Ø Unsigned Active. X controls will not be downloaded Understanding Security Zones

Understanding Security Zones (cont. ) High security Ø Default template for the Restricted Sites

Understanding Security Zones (cont. ) High security Ø Default template for the Restricted Sites zone Ø Appropriate for websites that might contain harmful content Ø Maximum safeguards Ø Less secure features are disabled Understanding Security Zones

Configuring Zone Security Settings Locally It is not uncommon for a user to experience

Configuring Zone Security Settings Locally It is not uncommon for a user to experience browser problems due to an action that is disallowed by the settings for the security zone. In Internet Explorer, in the Tools menu, click Internet Options. Click the Security tab. Understanding Security Zones

Configuring Zone Security Settings Locally (cont. ) In the Select a zone to view

Configuring Zone Security Settings Locally (cont. ) In the Select a zone to view or change security settings section, select the zone for which you want to configure a security setting. To change the template that Windows assigns to the zone, use the slide in the Security level for this zone section. To customize security for the selected zone, click Custom level. The Security Settings – Zone. Name Zone dialog box appears. Understanding Security Zones

Configuring Zone Security Settings Locally (cont. ) • To configure custom settings, select the

Configuring Zone Security Settings Locally (cont. ) • To configure custom settings, select the options as desired for each of the security settings in the Settings standard list box. • To restore all settings to their original configuration, click Reset. Understanding Security Zones

Internet Explorer Protected Mode is a feature of Internet Explorer 7 available on Windows

Internet Explorer Protected Mode is a feature of Internet Explorer 7 available on Windows Vista. Protected Mode protects against unsolicited installation of software and modification of data. Understanding Internet Explorer Protected Mode

Enabling or Disabling Protected Mode Locally Select a zone to view or change security

Enabling or Disabling Protected Mode Locally Select a zone to view or change security settings from the Security tab to configure Protected Mode. Understanding Internet Explorer Protected Mode

Configuring Protected Mode Through Group Policy Open the GPO you want to edit in

Configuring Protected Mode Through Group Policy Open the GPO you want to edit in the Group Policy Object Editor. In the console of the Group Policy Object Editor, expand Computer Configuration > Administrative Templates > Windows Components > Internet Explorer > Internet Control Panel > Security Page. Understanding Internet Explorer Protected Mode

Configuring Protected Mode Through Group Policy (cont. ) • Select Zone. Name, where Zone.

Configuring Protected Mode Through Group Policy (cont. ) • Select Zone. Name, where Zone. Name is the zone for which you want to configure Windows Protected Mode policy. • In the details pane, right-click Turn on Protected Mode, and then click Properties. Understanding Internet Explorer Protected Mode

Configure Protected Mode Through Group Policy (cont. ) Select one of the following: Ø

Configure Protected Mode Through Group Policy (cont. ) Select one of the following: Ø Not Configured – Select this option to enable users to turn Windows Protected Mode on or off for this zone. Ø Enabled – Select this option to turn on Protected Mode for this zone and to disallow users the ability to turn it off. Understanding Internet Explorer Protected Mode

Configure Protected Mode Through Group Policy (cont. ) Select one of the following: Ø

Configure Protected Mode Through Group Policy (cont. ) Select one of the following: Ø Disabled – Select this option to turn off Protected Mode for this zone and to disallow users the ability to turn it on. Understanding Internet Explorer Protected Mode

Active. X Opt-in and Active. X Installer Services Active. X Opt-in limits exposure to

Active. X Opt-in and Active. X Installer Services Active. X Opt-in limits exposure to malicious Active. X controls by disabling most Active. X controls and by requiring permission from a user with administrator credentials before installing any of the remainder of Active. X controls. The Active. X Installer Services enable administrators to specify a list of Active. X controls that users are enabled to install without administrator credentials. Understanding Active. X Opt-in and Active. X Installer Services

Active. X Opt-in and Active. X Installer Services (cont. ) By default, Active. X

Active. X Opt-in and Active. X Installer Services (cont. ) By default, Active. X Opt-in will not disable the following Active. X controls: Ø Commonly used controls whose security Microsoft has already deemed acceptable Ø Controls used in a previous version of Internet Explorer before upgrading to Internet Explorer 7 Ø Controls that Active. X Opt-in automatically enables during the install process when the user downloads them using IE 7 Understanding Active. X Opt-in and Active. X Installer Services

Active. X Opt-in and Active. X Installer Services (cont. ) When you select Install

Active. X Opt-in and Active. X Installer Services (cont. ) When you select Install Active. X Control, a User Account Control dialog box will open. You can then provide administrator credentials to install the Active. X Control. Understanding Active. X Opt-in and Active. X Installer Services

Enabling or Disabling Active. X Opt -in Locally Open the Security Settings – Zone.

Enabling or Disabling Active. X Opt -in Locally Open the Security Settings – Zone. Name Zone dialog box for the zone in which you want to enable or disable Active. X Opt-in. Scroll the list box until you find the Active. X controls and plug-ins section. Understanding Active. X Opt-in and Active. X Installer Services

Enabling or Disabling Active. X Opt -in Locally (cont. ) Under the Allow previously

Enabling or Disabling Active. X Opt -in Locally (cont. ) Under the Allow previously unused Active. X controls to run without prompt setting, select one of the following: Ø Disable – Select this option to Enable Active. X Opt-in (this is correct: you disable this setting to enable Active. X Opt-in). Ø Enable – Select this option to disable Active. X Opt -in (this is correct: you enable this setting to disable Active. X Opt-in). Understanding Active. X Opt-in and Active. X Installer Services

Configuring Active. X Opt-in Through Group Policy Turn Off First-Run Opt-In Properties dialog box

Configuring Active. X Opt-in Through Group Policy Turn Off First-Run Opt-In Properties dialog box with Enabled selected Understanding Active. X Opt-in and Active. X Installer Services

Active. X Installer Service The Active. X Installer Service (Ax. IS) enables administrators to

Active. X Installer Service The Active. X Installer Service (Ax. IS) enables administrators to allow standard users to install Active. X controls. Using the Active. X Installer Service requires four components: Ø Internet Explorer 7+ Ø Active. X Installer Service Ø Group Policy configuration Ø Approved installation sites for Active. X controls Understanding Active. X Opt-in and Active. X Installer Services

Turning on the Active. X Installer Service Locally Select the Active. X Installer Service

Turning on the Active. X Installer Service Locally Select the Active. X Installer Service check box, and then click OK. Understanding Active. X Opt-in and Active. X Installer Services

Configuring Active. X Installer Service Through Group Policy Key 2, 2, 1, 0 x

Configuring Active. X Installer Service Through Group Policy Key 2, 2, 1, 0 x 00002000 to: Ø Install Active. X controls silently (TPSSigned. Contro=2 and Signed. Control=2), Ø Require user permission to install unsigned Active. X controls (Unsigned. Control=1) Ø Ignore invalid certificate dates for Active. X controls: (Server. Certificate. Policy=0 x 00002000) Understanding Active. X Opt-in and Active. X Installer Services

Managing Add-ons You can manage Add-ons using the Manage Add -ons dialog box. Add-ons

Managing Add-ons You can manage Add-ons using the Manage Add -ons dialog box. Add-ons extend the functionality of Internet Explorer, but can also be malicious or cause instability or poor performance. Understanding and Managing Add-ons

Running Internet Explorer Without Add-Ons From the Start menu, click All Programs. Click Accessories,

Running Internet Explorer Without Add-Ons From the Start menu, click All Programs. Click Accessories, click System Tools, and then click Internet Explorer (No Add-ons). An intercept page indicates that Internet Explorer is running without add-ons. Understanding and Managing Add-ons

Managing Internet Explorer -Ons Add-ons that have been used by Internet Explorer – Select

Managing Internet Explorer -Ons Add-ons that have been used by Internet Explorer – Select this option to display a complete list of the add-ons that reside on your computer. Add-ons currently loaded in Internet Explorer – Select this option to display only those add-ons that were needed for the current web page or a recently viewed web page. Understanding and Managing Add-ons

Managing Internet Explorer -Ons (cont. ) Add-ons that run without requiring permission – Select

Managing Internet Explorer -Ons (cont. ) Add-ons that run without requiring permission – Select this option to display addons that are pre-approved by Microsoft, your computer manufacturer, or a service provider. These add-ons are less likely to be the cause of problems. Downloaded Active. X Controls (32 -bit) – Select this option to display only 32 -bit Active. X controls. Understanding and Managing Add-ons

Certificates identify the owner of Internet entities, such as websites. They also enable you

Certificates identify the owner of Internet entities, such as websites. They also enable you to communicate with other users through public key encryption. Understanding Certificates

Certificates (cont. ) If you click Certificate Error, the Untrusted Certificate warning box will

Certificates (cont. ) If you click Certificate Error, the Untrusted Certificate warning box will open. You can click View certificates to see detailed information on the certificate, including who issued it. Understanding Certificates

Phishing Filter Phishing is the action taken when attackers attempt to trick users into

Phishing Filter Phishing is the action taken when attackers attempt to trick users into giving personal or financial information through fraudulent emails for the purpose of identity theft. The Phishing Filter monitors websites and alerts you when it suspects that you have encountered a phishing website. Understanding and Configuring the Phishing Filter

Enabling or Disabling the Phishing Filter Locally Open Internet Explorer, and then open the

Enabling or Disabling the Phishing Filter Locally Open Internet Explorer, and then open the Security Settings – Zone. Name Zone dialog box for the zone in which you want to enable or disable the Phishing Filter. In the Security Settings – Zone. Name Zone dialog box, scroll the list box until you find the Miscellaneous section. Understanding and Configuring the Phishing Filter

Enabling or Disabling the Phishing Filter Locally (cont. ) Continue scrolling down to the

Enabling or Disabling the Phishing Filter Locally (cont. ) Continue scrolling down to the Use Phishing Filter setting, and then select one of the following: Ø Disable – Select this option to disable the Phishing Filter. Ø Enable – Select this option to enable the Phishing Filter. Understanding and Configuring the Phishing Filter

Configuring the Phishing Filter Through Group Policy Ø Not Configured – Select this option

Configuring the Phishing Filter Through Group Policy Ø Not Configured – Select this option to prompt users to choose the mode of operation for the Phishing Filter. Ø Enabled – Select this option to enable the Phishing Filter without prompting the user. Ø Disabled – Select this option to prompt users to choose the mode of operation for the Phishing Filter. Understanding and Configuring the Phishing Filter

Resetting Internet Explorer Settings You can reset many Internet Explorer settings simultaneously to restore

Resetting Internet Explorer Settings You can reset many Internet Explorer settings simultaneously to restore the browser to a more uncorrupted state in an attempt to remedy instability. Resetting Internet Explorer Settings

Resetting Internet Explorer Settings (cont. ) REIS resets the following: Ø Browser settings –

Resetting Internet Explorer Settings (cont. ) REIS resets the following: Ø Browser settings – Resets all user-defined browser settings Ø Extensibility – Any extensions that you have added, such as toolbars, are prevented from running automatically. Also, Active. X Opt-in is reset. Resetting Internet Explorer Settings

Resetting Internet Explorer Settings (cont. ) Browsing history and temporary files are restored including

Resetting Internet Explorer Settings (cont. ) Browsing history and temporary files are restored including temporary Internet files, cookies, browsing history, form data, passwords, and auto-complete data. Manufacturer settings for Internet Explorer as set by the computer manufacturer are restored. Resetting Internet Explorer Settings

Resetting Internet Explorer Settings (cont. ) Reset Internet Explorer Settings on the Advanced tab

Resetting Internet Explorer Settings (cont. ) Reset Internet Explorer Settings on the Advanced tab of the Internet Options dialog box. Resetting Internet Explorer Settings

Managing Internet Explorer Security Using Group Policy You can centrally manage Internet Explorer 7

Managing Internet Explorer Security Using Group Policy You can centrally manage Internet Explorer 7 security settings by using Group Policy. Configuring Additional Group Policy Security Settings

You Learned Internet Explorer 7 security is improved compared with previous versions. It is

You Learned Internet Explorer 7 security is improved compared with previous versions. It is raised further by Internet Explorer Protected Mode, which is available only on Windows Vista. Protected Mode protects against unsolicited installation of software and modification of data. You learned how to enable or disable Protected Mode. Summary

You Learned (cont. ) Security zones divide URL namespaces and enable you to vary

You Learned (cont. ) Security zones divide URL namespaces and enable you to vary security according to where the content is coming from. You learned how to configure zone security settings. Summary

You Learned (cont. ) Active. X Opt-in limits exposure to malicious Active. X controls

You Learned (cont. ) Active. X Opt-in limits exposure to malicious Active. X controls by disabling most Active. X controls by default and requiring permission from a user with administrator credentials before installing any of the remaining Active. X controls. Summary

You Learned (cont. ) Active. X Installer Services enable administrators to specify a list

You Learned (cont. ) Active. X Installer Services enable administrators to specify a list of Active. X controls that users can install without administrator credentials. You learned how to enable or disable Active. X Opt-in. You learned how to configure the Active. X Installer Service. Summary

You Learned (cont. ) Add-ons extend the functionality of Internet Explorer, but they can

You Learned (cont. ) Add-ons extend the functionality of Internet Explorer, but they can also be malicious or cause instability or poor performance. You learned how to manage Add-ons using the Manage Add-ons dialog box. You learned how to run Internet Explorer without add-ons. Summary

You Learned (cont. ) Certificates identify the owner of Internet entities, such as websites.

You Learned (cont. ) Certificates identify the owner of Internet entities, such as websites. They also enable you to communicate with other users through public key encryption. The Phishing filter monitors websites and alerts you when it suspects that you have encountered a phishing website. Summary

You Learned (cont. ) You learned how to enable or disable the Phishing Filter.

You Learned (cont. ) You learned how to enable or disable the Phishing Filter. You learned how to configure the Phishing Filter. You learned how to simultaneously reset many Internet Explorer settings using REIS to restore the browser to a more uncorrupted state in an attempt to remedy instability. Summary