Join Lisa Bock for an in-depth discussion in this video Navigating security zones, part of IT Security Foundations: Core Concepts.
- Websites can be assigned to a security zone which have different default security levels that determine what kind of content might be blocked for that site. You can customize the settings for each zone to decide, for example, not allowing ActiveX controls to run automatically. You can change your security zone settings or add or remove a site from a security zone. If you open Internet Explorer, and over in the upper right-hand corner, you'll see Tools.
Select Tools, and Internet options. Select the tab, Security. Here you can select a zone to view or change its security settings. The Internet zone includes all websites that are not part of your network and not assigned to a different zone, meaning they're not assigned to a trusted zone or a restricted zone. With the Internet zone, you cannot add or remove any sites in this zone. You can see the security level for this zone is set at Medium-high which is appropriate for most websites.
Local intranet, this is a website deployed on your private network that is accessible through a URL path. You can see here that because it is a trusted site, it's in your own network, the level is set a little lower. However, you can increase that if you like. It can automatically find the sites that are on your Local intranet as well. Trusted sites contain those websites that you have identified as safe, such as lynda.com.
If we go to Sites and we want to add the website, we just type lynda.com, and select Add. Restricted zone is for unsafe websites. Now this doesn't block the website, but it doesn't allow any scripting or active content. Here we can add the sites that we want on the Restricted sites list. I'll put example.com, and Add.
Now I'll say Apply, and Ok. ActiveX is an add-on for Internet Explorer and other Microsoft applications, such as Microsoft Office. A website that requires an ActiveX control is an Internet Explorer only website. ActiveX can do other malicious things such as monitor browsing habits, install malware, generate pop-ups, log keystrokes, and steal passwords. Spyware programs use ActiveX objects to install themselves.
A drive-by installation could occur if the security settings are set to enable instead of prompt for the assigned ActiveX objects. As you see, ActiveX can be a security risk. Support for ActiveX will end when Microsoft releases its next-generation browser, Edge. Back in Internet Explorer, I can view and manage ActiveX controls by taking a look at the gear menu in Internet Explorer and selecting Managing add-ons. Click the box under Show and select Currently loaded add-ons.
You'll see that ActiveX commonly installed system-wide controls include Shockwave Flash, Silverlight, and Windows Media Player. Here's our Shockwave Flash object and, as you can see, I can disable that here. You can disable them from here but to permanently remove them, you'll have to uninstall them from the Control Panel. Enhanced protection mode helps to protect your PC and personal data from malware and other attacks. Go up to the gear and select Internet options.
Click on Advanced and scroll down to Security. Here we can select Enable Enhanced Protection Mode. When it's turned on, add-ons, such as toolbars, extension, and browser helper objects, can only run if they're compatible with the Enhanced Protection Mode. You'll be notified if that add-on is incompatible. If you do need to run an incompatible add-on, you can turn it off when you get into the Desktop browser.
Note: This course maps to a number of the exam topics on the Microsoft Technology Associate (MTA) Security Fundamentals 98-367 certification exam and is recommended test prep viewing.
- Evaluating risks, threats, and vulnerabilities
- Minimizing the attack surface
- Avoiding worms and viruses
- Protecting your system from spyware
- Making web browsers more secure
- Securing wireless transmissions
- Encrypting files, folders, and drives
- Using virtual private networks