Hands-On Project 12-2: Examining Internet Explorer Security Settings
Time Required: 20 minutes
Objective: Become familiar with the security settings in Internet Explorer version 9.
Description: In this activity, you examine Internet Explorer’s settings for handling security functions, such as browsing history, cookie management, security zones, and pop-ups.
1. If necessary, log on to Windows 7.
2. Start Internet Explorer. Verify the version number by clicking the Tools icon and then clicking About Internet Explorer. These controls are indicated by an “A” and “B” in Figure 12-9. If necessary, use Windows Update to upgrade Internet Explorer to version 9.
3. Click the Tools icon, and click Internet options.
4. Click the General tab, and examine the Browsing history section. Click Delete. You can delete temporary Internet files, cookies, and the history of the Web sites you have visited. In addition, you can control whether to save your Web site passwords, and you can determine whether to keep track of Web sites for which you want to allow ActiveX controls. Click Cancel.
5. Click the Security tab. Verify that the Internet icon is selected. In the Security level for this zone section, note that the default level for the Internet zone is Mediumhigh. What note is displayed at this level about the treatment of ActiveX controls? Slide the level controller up to High and down to Medium to observe the explanations of these levels. Note also that the Enable Protected Mode box is selected. This feature isolates Internet Explorer from system resources that could be exploited by malicious code. 6. Click Custom level. Here you can make specific changes to a variety of functions by disabling them, enabling them, or requiring them to request permission to run (prompt).
7. Scroll to the ActiveX controls and plug-ins section. For the first ActiveX control setting, Allow ActiveX Filtering, click the Disable option button. For all remaining ActiveX control settings, click the Enable option button. When you enable particularly unsecure settings, the color of the setting changes to alert you that the setting is not recommended.
8. Click OK to close the Security Settings window. When you see a warning message about changing security settings for this zone, click Yes. Note that the Security level for this zone is now listed as Custom, and several indications show that the Internet zone setting puts your computer at risk. See Figure 12-10.
9. Click Local intranet and examine the default settings for sites that you classify as being on a more trusted network: your company’s intranet.
10. Click Trusted sites. Here you can configure the specific Web sites that you trust and that can have a lower security filtering level. Click Sites. Here you can add specific Web site addresses. Click Close.
11. Click the Privacy tab. In the Settings section, explore the various settings for the Internet zone by using the sliding control. These settings are mostly associated with cookies, the files placed on your hard drive by Web sites that you visit. You can also control whether Web sites can request access to information about your physical location and whether to allow or block pop-ups.
12. Click the Security tab, click Reset all zones to default level, and click Apply. Note that the security warnings associated with the Internet zone are removed. Close the Internet Options window and Internet Explorer.
13. Leave your system running for the next project.