|
|
|
|
|
Securing Internet Explorer
Basic Security Checklist
- Install the latest version of Internet Explorer (with 128 bit encryption).
- Go to 'Internet Options' and select 'Security', set Internet Zone to High. Click ok to apply and then click 'Custom Level' and search for Allow META Refresh and select enable.
- Keep up with security patches and service packs.
Advanced Security Checklist
- Install the latest version of Internet Explorer (with 128 bit encryption).
- Go to 'Internet Options' and select 'Security', set Internet Zone to High. Click ok to apply and then click 'Custom Level' and search for Font Dowload and select disable.
- Make sure no web sites are in your Trusted Sites.
- Go to 'Internet Options' - 'Content' and click on Certificates. Remove all certificates in all tabs. This means that you don't trust any of those companies and do not allow them to run their code on your computer!
- Go to 'Internet Options' - 'Content' and click on Publishers. Remove all trusted publishers.
- Go to 'Internet Options' - 'Content' and click on AutoComplete. AutoComplete is a feature which allows the browser to remember filled in forms on web sites or even usernames and passwords. This last thing is something you should disable. To do this clear the checkbox next to (Use AutoComplete for) User names and passwords on forms and also click on clear all passwords.
- Go to 'Internet Options' - 'Advanced' and make sure these items are selected:
- Close unused folders in History and Favorites
- Disable script debugging
- Notify when downloads complete
- Java logging enabled
- Don't display online media content in the media bar
- Do not search from the Address bar
- Check for publisher's certificate revocation
- Check for server certificate revocation
- Check for signatures on downloaded programs
- Do not save encrypted pages to disk
- Empty temporary Internet Folders when browser is closed
- Warn about invalid site certificates
- Warn if changing between secure and not secure mode
- Warn if form submittal is being redirected
- Go to 'Internet Options' - 'Advanced' and make sure these items are NOT selected:
- Enable folder view for FTP sites
- Enable Install On Demand (Internet Explorer)
- Enable Install On Demand (Other)
- Enable third-party browser extensions
- Reuse windows for launching shortcuts
- Show friendly URLs
- Use inline AutoComplete
- Use passive FTP
- Java console enabled
- JIT compiler for virtual machine enabled
- Always show Internet Explorer Radio toolbar
- Play animations in web page
- Play sounds in web page
- Play videos in web page
- Enable Integrated Windows Authentication
- Use TLS 1.0
- Enable Profile Assistant
- Keep up with security patches and service packs.
- Lock down the My Computer zone. All exploits try to navigate to this zone and execute their payload in this zone, so locking down this zone will block all exploits. But be careful, locking down too much can result in locking up your desktop or windows itself.
Real Security Checklist
Run the Advanced Security Checklist and install another browser (like Mozilla) and disable internet explorer by selecting lan connection and set manual proxy to an unexisting proxy. Read this if you don't believe me: Unpatched IE Holes.
Other Checklists
Tools
| Published: 3/07/2002 | Document Type: INFO |
| Last modified: 30/08/2004 | Target: General |
| Visibility: Public | Language: English |
[top]
|
