Securing Your Browser

Securing Your Browser
The way that your Web browser is configured provides a
front line to secure Web surfing. Though many of the
security features that relate to your browser are described
in other tutorials, these tutorials step you through a
complete assessment of your browser's security settings.

Important Note:
Make sure you back-up your system or create a Restore
Point before making any changes

Checking IE Connection Types

Step 1: Open Internet Options
Many of the security features of the Internet Explorer
browser can be set from the Internet Options window. To
open the Internet Options window, click on Tools, Internet
Options from the Internet Explorer window.

Step 2: Select Advanced Tab
The different types of secure connections that can be used
with Internet Explorer are configured on the Advanced tab
of the Internet Options window. Click on the Advanced tab,
then scroll down to the Security heading.

Step 3: Check Fortezza Connections
On the Internet Options, Advanced tab, if the Use Fortezza
box is checked it means that Internet Explorer is
configured to allow secure connections to Web sites that
support Fortezza cryptography connections. Fortezza is used
by the U.S. Department of Defense a Fortezza Crypto Card
reader, a Fortezza Crypto Card, and related software
drivers. Needless to say, this is a rather specialized type
of connection, though it doesn't hurt to have it turned on.

Step 4: Check PCT Connections
The Private Communications Technology (PCT) protocol is
developed by Microsoft to provide secure connections to
sites that support that protocol. SSL is much more widely
used than PCT, so there is generally no reason to select
this protocol. Click on the Use PCT 1.0 box if you want to
allow secure PCT connections from Internet Explorer.

Step 5: Check SSL Connections
Because most secure connections on the Web rely on Secure
Socket Layer (SSL) protocols, you should select both Use
SSL 2.0 and Use SSL 3.0 options on the Advanced tab of the
Internet Options window. SSL was a protocol that was
developed by Netscape Communications.

Step 6: Check TLS Connections
The Transport Layer Security protocol is an open standard
that is much like the SSL protocol. To allow connections
using TLS, click on the Use TLS 1.0 button.

Step 7: Apply Changes
After you have selected the secure connection types that
your browser supports, click on the Apply button to have
the changes applied to your browser.

Checking IE Cache Settings

Step 1: Open Internet Options
As you browse the Web, your browser will typically store
the pages you have visited on your hard disk. This can
speed up your browsing by having data ready immediately
when you step backward and forward among the pages you
visit. The potential security risk is that if others are
using your browser they may be able to see the stored
content later. You can clear stored pages by setting an
option on the Internet Options page. From IE, click on
Tools, Internet Options.

Step 2: Select Advanced Tab
Options for deleting stored Web surfing content in
Internet Explorer are configured on the Advanced tab of the
Internet Options window. Click on the Advanced tab, then
scroll down to the Security heading

Step 3: Check Save Encrypted Pages
Presumably, data that has been encrypted during
communication between your browser and a Web site will tend
to be more sensitive. For example, data is encrypted during
online shopping and other financial transactions. To
prevent any encrypted data from being saved to your disk,
select the "Do not save encrypted pages to disk" check box
on the Advanced tab of the Internet Options window.

Step 4: Check Empty Temporary Files
You can have all the Web content that is temporarily
stored on your hard disk be removed when you close your
browser. Click on the "Empty Temporary Internet Files
folder when browser is closed" check box to enable that
feature.

Step 5: Apply Changes
After you have selected the secure connection types that
your browser supports, click on the Apply button to have
the changes applied to your browser.

Setting IE Security Zones

Step 1: Open Internet Options
Internet Explorer allows you to set groups of Web sites to
have similar levels of security. These groups are referred
to as "Web Content Zones." You can set up these content
zones from the Internet Options page. From IE, click on
Tools, Internet Options.

Step 2: Select Security Tab
Options for setting content zones in Internet Explorer are
configured on the Security tab of the Internet Options
window. Click on the Security tab to begin setting these
options.

Step 3: Select Web Content Zone
There are four pre-defined Web content zones: Local
Intranet (for sites within your organization), Trusted
Sites (for sites you know are secure), Restricted sites
(for sites that are not secure) and Internet (for all other
Web sites). Click on one of those sites to set the level
and define the sites for that zone.

Step 4: Select a Security Level
Click on the slider bar on the Security tab to set the
security level for zone you have selected. You can set the
security zone to Low, Medium-low, Medium, or High. Each
level is described when you select that level on the slider
bar. If you try to change to a less secure level than the
default for the zone, you will be warned.

Step 5: Customize Security Level
If you want to fine tune any of the four preset security
levels, you can do so by clicking on the Custom Level
button. The Security Settings window appears. From that
window, you can select how different types of content are
handled (such as ActiveX controls, plug-ins, cookies, file
downloads, Java, etc.) when you try to download or start
that type of content. Click on OK when you are satisfied
with your settings.

Step 6: Apply Changes
Click on the Apply button to apply the changes you made to
the Web content zones.

Enabling Content in Netscape

Step 1: Open Preferences
Some types of content can pose a potential security risk
as you browse the Web. You can allow or disallow certain
types of content from the Netscape Preferences window. To
access this window, click on Edit, Preferences from the
Netscape window.

Step 2: Select Advanced Preferences
From the Preferences window, click on the Advanced title
in the left column. Preferences that relate to the kinds of
content that can be displayed in Netscape and the ways that
cookies may (or may not) be accepted are displayed

Step 3: Allow Java/JavaScript
By default, Java applets (small programs) and JavaScripts
(a series of commands) run in your browser when they are
encountered on the Web. Because these scripts can pose some
small security threat (and can also slow your browser), you
can choose to disallow these types of programs. Click on
the associated check boxes to turn off those features.
(Warning: some Web sites will not work with Java disabled.)

Step 4: Enabling Cookies
Cookies are small files that a Web site stores on your
hard disk so it can identify you (and possibly your
personal information) the next time you visit the site.
Some people dislike Web sites knowing too much about them
and choose to turn cookies off (click on Disable Cookies).
Rather than accept all cookies, however, you can limit a
cookie's use to the originating server or to be warned
before a cookie is accepted. (Warning: some sites won't
work with cookies off.)

Step 5: Applying Changes
Once you have changed the setting the way you want, click
on OK to have the changes take effect.

Setting Netscape Security

Step 1: Open the Security Window
From the Netscape window, you can open a Security Info
window to find security information about the current Web
page. It can also be used to define how Netscape behaves
when it encounters potentially insecure situations. To open
the Security Info window from Netscape, click on the
Security icon in the toolbar (it looks like a small padlock).

Step 2: Verify Web Page Security
When the Security Info page first appears, it tells you
two pieces of information about the current Web page. First
it tells you weather or not the page was encrypted and
second it verifies the Web address of the page you have
opened. To view details about the page, click on the Open
Page Info button.

Step 3: View Page Information
When the Page Info page appears, you can view detailed
security information relating to the current Web page. If
it is a secure Web page, you can see the type of security
that is used with the page and who owns the certificate
that verifies the authenticity of the page. When you are
done viewing this information, close the page by clicking
on the X in the upper right corner of the window.

Step 4: Set Security Warnings
If you are about to enter information about yourself into
a Web site, you probably want to make sure that the site is
secure. From the Security Info page, you can set Netscape
to warn when you enter or leave a secure site, as well as
when you view a page with some encrypted data or send
unencrypted information. (These features are on by
default.) To check these settings, click on Navigator in
the left column, then check how the values are set.

Step 5: Apply Changes
To apply any changes you made to the Security Info page,
click on the OK button.