Survey
* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
Appendix C: Internet Explorer Security Settings Selecting Custom-Level Security Settings Microsoft® Internet Explorer contains four default security zones: Internet, local intranet, trusted sites, and restricted sites. Microsoft Internet Explorer 5.0 allows custom security levels to be defined for these security zones. You can enable or disable specific security options depending on the needs of your organization and its users. The custom-level security options for Internet Explorer are grouped into the following categories: ActiveX® controls and plug-ins Cookies Downloads Java Miscellaneous Scripting User authentication Note These custom-level security options apply to Internet Explorer. These security options are for Microsoft Windows® 32-bit platforms, but some options might also apply to Windows 16-bit or UNIX platforms. ActiveX Controls and Plug-Ins ActiveX controls and plug-in options dictate how Internet Explorer approves, downloads, runs, and allows ActiveX controls and plug-ins to interact with scripts. Note If a user downloads an ActiveX control from a site that is different from the page on which it is used, Internet Explorer applies the more restrictive of the two sites’ zone settings. For example, if a user accesses a Web page within a zone that is set to permit a download, but the code is downloaded from another zone that is set to prompt a user first, Internet Explorer will prompt the user before downloading the ActiveX control. The following options are included for ActiveX controls and plug-ins: Download signed ActiveX controls. Determines whether users can download signed ActiveX controls from a page in the zone. 2 Appendix C: Internet Explorer Security Settings Download unsigned ActiveX controls. Determines whether users can download unsigned ActiveX controls from the zone. ActiveX controls are potentially harmful, especially when coming from an untrusted zone. Initialize and script ActiveX controls not marked as safe. Determines whether ActiveX controls that are classified as untrusted can be initialized. Untrusted controls are not meant for use on Internet Web pages, but in some cases, they can be used with pages that can absolutely be trusted to not use the controls in a harmful way. Object safety must be enforced unless you can trust all ActiveX controls and scripts on pages in the zone. Run ActiveX controls and plug-ins. Determines whether Internet Explorer can run ActiveX controls and plug-ins from pages in the zone. Script ActiveX controls marked safe for scripting. Determines whether an ActiveX control that is marked safe for scripting can interact with a script. The following table identifies the default value for each custom-level security option for ActiveX controls and plug-ins. Security option Low Medium-low Medium High Download signed ActiveX controls Enable Prompt Prompt Disable Download unsigned ActiveX controls Prompt Disable Disable Disable Initialize and script ActiveX controls not marked as safe Prompt Disable Disable Disable Run ActiveX controls and plug-ins Enable Enable Enable Disable Script ActiveX controls marked safe for scripting Enable Enable Enable Disable Cookies The cookie security options determine the settings for per-session cookies (text files that store the user’s preferences) and cookies that are stored on the client computer. The cookie security options include: Allow cookies that are stored on your computer. Determines whether cookies are stored on the hard drive for future browsing sessions. For example, this option can allow a list of preferences or a user’s name to be retained for the user’s next browsing session. Allow per-session cookies (not stored). Determines how long cookies are stored when users browse a Web site. For example, this setting can allow a virtual shopping cart to be created while a user is shopping online. Persession cookies do not remain on the hard disk; they are, in effect, only for the specific browsing session. The following table identifies the default value for each custom-level security option for cookies. Security option Low Medium-low Medium High Allow cookies that are stored on your computer Always Always Always Disable Allow per-session cookies (not stored) Always Always Always Disable Appendix C: Internet Explorer Security Settings 3 Downloads Download options specify how Internet Explorer handles downloads from the Internet. The download options include: File download. Controls whether file downloads are permitted within the zone. This option is determined by the zone of the page that contains the download link, not the zone from which the file originates. Font download. Determines whether Web pages within the zone can download Hypertext Markup Language (HTML) fonts. The following table identifies the default value for each custom-level security option for downloads. Security option Low Medium-low Medium High File download Enable Enable Enable Disable Font download Enable Enable Enable Prompt Java Java options control the permissions that are granted to Java applets when Java applets are downloaded and run in a security zone. Depending on the Internet Explorer components that you install, you might not be able to view or set these options. If a Java applet is downloaded from a different site than the page on which it is used, the more restrictive of the two sites’ zone settings is applied. For example, if a user accesses a Web page within a zone that is set to allow a download, but the code is downloaded from another zone that is set to prompt a user first, Internet Explorer uses the prompt setting. The only setting for Java is Java permissions. The following settings can be set for Java permissions: Custom. Controls permission settings individually. Disable Java. Prevents any Java applets from running. High safety. Enables applets to run in their own memory space, but does not allow applets to make programming calls outside their own memory space. Low safety. Enables applets to perform all operations. Medium safety. Enables applets to run in their own memory space. In addition, applets are given other capabilities, such as access to a safe and secure storage area on the client computer, and user-controlled file input and output. The following table identifies the default value for each custom-level security option for Java settings. Security option Low Medium-low Medium High Java permissions Low safety Medium safety Medium safety High safety Miscellaneous Miscellaneous options control file and data access options. The following options are available for configuration: 4 Appendix C: Internet Explorer Security Settings Access data sources across domains. Specifies whether components that connect to data sources can be allowed to connect to a different server to obtain data. Drag and drop, or copy and paste files. Controls whether users can drag and drop, or copy and paste, files from Web pages within the zone. Installation of desktop items. Controls whether users can install desktop items from Web pages within the zone. Launching applications and files in an IFRAME. Controls whether users can launch applications and files from an element containing a directory or folder reference (known as an IFRAME) in Web pages within the zone. Software channel permissions. Controls the permissions given to software distribution channels. This option has the following settings: High safety. Prevents users from being notified of software updates by email, software packages from being automatically downloaded to users’ computers, and software packages from being automatically installed on users’ computers. Low safety. Notifies users of software updates by e-mail, software packages to be automatically downloaded to users’ computers, and software packages to be automatically installed on users’ computers. Medium safety. Notifies users of software updates by e-mail and software packages to be automatically downloaded to (but not installed on) users’ computers. The software packages must be validly signed; the user is not prompted about the download. Submit nonencrypted form data. Determines whether HTML pages in the zone can submit forms to, or accept forms from, servers in the zone. Forms sent with Secure Sockets Layer (SSL) encryption are always allowed; this option only affects data that non-SSL forms submit. Userdata persistence. Determines whether a Web page can save a small file of personal information associated with the page at the client computer. The following table identifies the default value for each custom-level security option for miscellaneous settings. Security option Low Medium-low Medium High Access data sources across domains Enable Prompt Disable Disable Drag and drop, or copy and paste files Enable Enable Enable Prompt Installation of desktop items Enable Enable Prompt Disable Launching applications and files in an IFRAME Enable Enable Prompt Disable Software channel permissions Low safety Medium safety Medium safety High safety Submit nonencrypted form data Enable Enable Prompt Prompt Userdata persistence Enable Enable Enable Disable Scripting Scripting options specify how Internet Explorer will handle any scripts that are encountered. Options include: Active scripting. Determines whether Internet Explorer can run script code on pages in the zone. Appendix C: Internet Explorer Security Settings 5 Allow paste operations via script. Determines whether a Web page can cut, copy, and paste information from the Clipboard. Scripting of Java applets. Determines whether scripts within the zone can use objects that exist within Java applets. This capability allows a script on a Web page to interact with a Java applet. The following table identifies the default value for each custom-level security option for scripting. Security option Low Medium-low Medium High Active scripting Enable Enable Enable Enable Allow paste operations via script Enable Enable Enable Disable Scripting of Java applets Enable Enable Enable Disable User authentication User authentication determines how Hypertext Transfer Protocol (HTTP) user authentication is handled. The one setting, Logon, can be set to one of four values: Anonymous logon. Disables HTTP authentication and uses the assigned anonymous account for all file and resource access permissions. Automatic logon only in Intranet zone. Prompts for user account and password to access data in other zones. After users are prompted, these values can be used silently for the remainder of the session. Automatic logon with current user name and password. Attempts to log on by using Microsoft Windows NT® Challenge/Response (also known as NTLM authentication), an authentication protocol between the client computer and the application server. If the server supports Windows NT Challenge/Response, the logon request uses the network user name and password to log on. This is transparent to the user accessing the server. If the server does not support Windows NT Challenge/Response, users are prompted to provide their user name and password. Prompt for user name and password. Prompts users for their user account and password. After users are prompted, the submitted credentials are used for the remainder of the session and the user is not prompted to re-enter the credentials. The following table identifies the default value for the custom-level security option for Logon. Security option Low Medium-low Medium High Logon Automatic Automatic Prompt Prompt