Browsing the "wild, wild Web" can be dangerous. Combine today’s highly functional Microsoft Internet Explorer (IE) 5.0 with less-than-security-savvy users who visit all types of Web sites, and you take some serious risks. Several methods exist for embedding malicious content into Web pages. To suffer from a security attack, however, you don’t need to land on the Web site of a malicious Web master. Many Web sites such as eBay and Hotmail let users embed HTML and active content into their postings. When you view a Web page that contains active content (e.g., a Java applet), you let untrusted code execute on your computer. Even with the built-in security features in Java and other scripting languages, attackers have found many ways to access files on the local drives of the computer browsing the Web and to access resources on your company's other servers.
In this series of articles, I’ll show you how to reduce the risk of browsing the Web by properly configuring IE’s security options. However, because you can have hundreds or thousands of IE installations, you can’t afford to configure each computer individually—not to mention reconfigure IE installations when users reverse your security settings. I’ll show you how to use Group Policy to securely configure IE and to prevent users from defeating your restrictions. To begin, it's important that you know how to use IE's security zones to apply the appropriate level of security and restrictions to each Web site that you and your users visit. . . .
Register
Barbara Hale March 30, 2001