Wednesday, November 11, 2009

Securing Web Browser Basic to In-depth Home Computer Security Guide Page 19

Securing Web Browser

Web browsers are capable of parsing active code in many forms, including JavaScript, ActiveX, and Java code. These are automatically downloaded and executed by web browser. Malicious individuals often take advantage of this to attack systems, distribute malicious code, or negatively impact systems. Microsoft Internet Explorer (IE) is installed as a default component of Windows Operating System and is closely integrated with it. Because of this, an exploitation of IE can seriously impact the underlying Windows installation, so it is critical to stay current with all IE updates. IE updates can be acquired through the Windows Update and Automatic updates features as described earlier.

Need for Securing the Browser

Since Internet Browser is the primary interface through which users connect to the Internet, there is a need to secure the web browser. Increasing the security of the browser, allows us to access trusted sites while disallowing access to possibly harmful ones.

Browser setting for Internet Explorer and Mozilla Firefox

Microsoft Internet Explorer

We shall briefly discuss the various security settings that Microsoft Internet Explorer (IE) offers. Owing to little difference in the versions of IE, we shall discuss the versions up to and including IE6.0 and IE7.0 separately.

1. Pop-up Blockers:

In IE6.0, click on Tools Pop-up Blocker. Turn on the pop-up blocker. The previously greyed 'Popup Blocker Settings' will be activated. If the pop-up blocker was already active then all you need is to look into the settings. It is advised to keep this list empty (i. e. block all pop-ups) and as you browse the web you will get notifications of any blocked web pages and you may then choose to let a few legitimate pop-ups through. This allows you control over the unwanted, annoying and possibly malicious pop-ups from opening. The 'Filter Level' in the pop-up blocker setting lets you control the extent of pop-up blocker intervention. For more information on pop-ups click on the 'Pop-up Blocker FAQ' at the lower left corner of the 'Pop-up Blocker Settings' window.

2. Trusted and Untrusted Websites:

Click on Tools|Internet Options to open the options window of IE. Click on the Security tab to open the security settings related to web pages. On this page you will have the choice of rating websites based on the suitability of the website contents. The 'Intranet Sites' are not of much use in the home environment. 'Trusted Sites' are the sites that you prefer to have relaxed access criteria. The 'Restricted Sites' are those whose content are inappropriate to be viewed and are consequently blocked if attempts to access these are initiated. 'Internet' encompassed the websites that are not put into any of these categories. Adding of websites to 'Trusted' and 'Restricted' areas is just a matter
of clicking the 'Sites' control and keying in the address of the website.

A note of caution though is to be remembered. A 'HIGH' security level provides high security at the cost of functionality. Similarly, a 'LOW' security level offers high functionality at the cost of security. Consequently, both these settings should be used with sound judgment.

3. Privacy Settings:

A website sets cookies (files that store user related information in your computer) to provide for added functionality in terms of access to the website content. However, since these cookies store information such as credit card details from an on line e-commerce site or user names and passwords, they need to be given a thought on whether or not a cookie should be allowed to be set by a website. The 'Privacy' tab in the IE6.0 options window ( Tools|Internet Options) offer for 6 levels of settings with increasing privacy protection. The 'Low' level is least intrusive but also least secure. Contrastingly, the 'Block All Cookies' setting block any cookie from being set and prevents websites from reading the existing cookies as well.

It is advised to delete all cookies those have been set by a website at the end of every browsing session. One can achieve this objective by clicking the 'Delete Cookies' command button on the 'General' tab of the options window.

4. Content Advisor:

The content advisor allows users view a website depending upon the content of the website. The content filtering is done on the following four criteria: Language, Nudity, Sex and Violence. These are particularly useful for restricting access to certain websites when a child is accessing the Internet. Click on the 'Content' tab of the IE potions window and then click on the 'Enable' button in the 'Content Advisor' section. In the window that opens, move the slider bars to adjust the extent of permissible content. The 'Approved Sites' tab lists those websites that are allowed irrespective of the settings in the 'Ratings' tab.

5. Private Data:

It is advisable to clear the cached cookies, pages visited and the temporary information created during a browser session. This results in clearing of information that would otherwise be left back in your system and might be used by a malicious user should he find an entry into your system. We can do this by opening the IE options window and click on the following entries:

• Delete Cookies

• Delete Files

• Clear History


No comments:

Post a Comment

You Have Successfully Posted the Message.