Internet Explorer
Internet Explorer and Internet Settings on Windows XP
Contents
- F11 for fullscreen mode
- customisable toolbars
- iexplore -nohome to start with blank page (or change start page to 'Use Blank')
- drag icon at left of address bar to quickly create favourite (or Ctrl+D)
- Advanced options to enable personalised favourites menu
- change text size: Ctrl+wheel
- advanced options: reuse windows for shortcuts
- IE6 can send email notification if offline pages have changed: supply email address and mailserver name
- use explorer to organise favourites (shift+favourites: organise favourites or type 'favorites' in run dialogue)
- Import/Export favourites to html file. Can be printed from IE6 with links showing
- can be used to connect to network shares also by giving a UNC
Platform for Privacy Preferences - P3P
Top BottomPlatform for Privacy Preferences (P3P) standard allows cookie filtering by comparing your privacy preferences with Web Sites compact privacy statement. Cookies can be blocked, allowed or restricted (accepted for the current session only)
| Level | Effect |
|---|---|
| Block All | blocks all new cookies prevents existing cookies being read |
| High | blocks cookies from sites without compact privacy statement blocks cookies using personally identifiable information without explicit consent |
| Medium High | blocks 3rd party cookies from sites without compact privacy statement blocks 3rd party cookies using personally identifiable information without explicit consent blocks 1st party cookies using personally identifiable information without implicit consent |
| Medium | blocks 3rd party non-compact blocks 1st and 3rd party PII without implicit consent |
| Low | blocks 3rd party non-compact restricts 3rd party PII without explicit accepts 1st person cookies |
Double clicking icon (eye + no entry sign) in status bar allows you to view Privacy Report (or via View: Privacy Report). Backup cookies using File: Export. To override automatic cookie handling, click advanced on the privacy tab. You can also set per-site privacy settings
IE Security Zones
Top BottomSettings:
- Low: minimal safeguards
- Medium Low: unsigned activeX components are not downloaded
- Medium: no unsigned activeX, user prompted before downloading
- High: all insecure features disabled, loss of functionality
Add sites to trusted sites to override settings for that zone. Custom Settings allow you to control:
ActiveX Controls
- download signed
- download unsigned
- initialize activeX not marked as safe
- initialize activeX marked as safe
Downloads
- file download
- font download
Miscellaneous
- access data sources across domains
- allow META refresh
- display mixed content
- don't prompt for client certificate
- drag and drop copy
- installation of desktop items
- launching programs and files in an IFRAME
- navigate sub-frames across domains
- software channel permissions
- submit non-encrypted form data
- user data persistence
Scripting
- active scripting
- allow paste operations via scripts
- scripting of Java applets
User Authentication
- Logon “ anonymous, auto on intranet, auto with current username, prompt
Searching
Top Bottom- click search
- View: Explorer Bar: Search
- Ctrl+E
Provides option to send results to other search engines, select default engine and switch to classic search. You can also search direct from the address bar: search is passed to current default autosearch engine
FTP
Top Bottom- ftp://name:passwords@ftp.somehost.com/
- ftp://ftp.somehost.com
- then choose File: Logon As
- folder based view can be disabled in advanced options
Internet Security
Top BottomIf not on a LAN
- activate ICF
- disable File and Printer Sharing for Microsoft Networks
ICF features
Top BottomDo not enable ICF on machines that connect to the internet via another machines connection. NAT devices provide a public address to the internet, and assign private addresses to hosts on your network. Do not use ICF behind NAT device: if gateway does not use NAT, then use ICF. ICF blocks inbound traffic that is not recognised as a response to outbound communication (keeps a table of all outbound requests). Dropped packets can be logged. ICF should not be used on VPN connections. Using Outlook with Exchange will not work with ICF: the exchange server polls the client to deliver mail. ICF will block the exchange server polling because it is not initiated by the client. However, ICF is not enabled by default on internal network cards. Enable ICF using the advanced tab of the network connection. ICF logs dropped packets using W3C format. Enable ports using the settings tab. Services that are preconfigured for enabling are:
- FTP (tcp/21)
- Incoming VPN (udp/1701)
- IMAP3/4 (tcp/220 and tcp/143)
- SMTP (tcp/25)
- IP Security (IKE) (udp/500)
- POP3 (tcp/110)
- Remote Desktop (tcp/3389)
- HTTPS (tcp/443)
- Telnet (tcp/23)
- HTTP (tcp/80)
Use Advanced to enable other ports, but ICMP is enabled on a tab of it's own. If using ICS with ICF, you can open the port for another IP address using the 'Service Settings' button
- enabling ICMP: disabled by default
- does not block outbound traffic
- If internet and LAN share the same TCP connection, ICF will break the LAN connection. Use a NAT device or second network card (in other words do not use ICF on a LAN)
Internet Explorer can download
ActiveX controls. Have full access to your system
Java Applets. Run in a particular area of memory (sandbox)
Scripts (Jscript or VBScript) run on the client computer
Use 'View Objects' to see what has been downloaded: shows status and version and provides option to update. Before downloading an ActiveX control or Java applet, and warning dialogue appears. Use security zones to manage trust accorded to sites.
Content Advisor
Top Bottomwhen enabled a password is required to access sites
disable password with regedit; policies\ratings\key
unrated sites can also be blocked
Autocomplete
web addresses
forms
usernames and passwords
Clear autocomplete at Content/Autocomplete
