Friday, December 23, 2011

How To Manage Site Security & Access With Windows’ Internet Options

How To Manage Site Security & Access With Windows’ Internet Options:

internet optionsMany computers are owned by a single person, but many others are public or used by a family. It’d be nice to think everyone with access to a computer would follow the rules set up by the organization or family that owns it, but often, someone tries to tread where they shouldn’t. I mean, come on – It’s the Internet!

If you want to stop such shenanigans, one option is to manage access via Windows’ Internet Options menu. Here’s how.

The Privacy Tab

internet options

We’re going to be spending most of our time in the Internet Options menu, so if you don’t have that up already, do so and go to the privacy tab.

There’s not much here for blocking specific websites, but if you’re merely concerned about PC security rather than the sites people on the computer view, this section is helpful.

By default, privacy will be set to medium. My suggestion, if you don’t trust the users of the computer to exercise personal and computer security, is to elevate the privacy level to “Block All Cookies.” That will make logging into sites a hassle, but it also will prevent users from accidently leaving account information behind.

You might also want to check the “Never allow websites to request your physical location” box.

The Security Tab

internet connection options

In this tab you’ll find the bulk of the settings that actually block websites. The security tab has four different “zones” called Internet, Local intranet, Trusted sites and Restricted sites.

You can make site access more secure by disabling certain features. Here’s what I recommend if maximum security is your concern. These are in order from top-to-bottom. I’m assuming you’re starting at “Medium-High” security.

  • Disable XPS documents
  • Disable “Run components not signed with Authenticode
  • Disable all the ActiveX controls
  • Disable file downloads
  • Disable font downloads
  • Disable “Allow webpages to use restricted protocols for active content
  • Disable “Display mixed content
  • Disable MIME sniffing
  • Disable “Submit non-encrypted form data
  • Disable Userdata persistence
  • Disable all Scripting options except “Enable XSS filter

internet connection options

Or alternatively, you could just switch it over to “High” settings, which are actually even more restrictive. The settings above are simply a custom selection that fit my personal preferences (a mix of functionality and security) so take your pick. The point is that, on a public PC, you want to disable likely sources of exploit – and that’s what the above settings / High settings do.

Using Trusted & Restricted Sites

internet connection options

Perhaps you want to have maximum security, so you’ve set the Internet to “High” security settings. However, you also want full functionality on a few sites that you visit frequently. That’s what Trusted Sites are for.

Open Trusted Sites by clicking on the green checkmark icon in the Security tab. There’s a slider here for security, just like Internet. If you really do trust the sites in question, you can throw security all the way to “Low” to minimize annoying prompts. To add sites, click the Sites button and add them via their URL. I recommend that you keep the “require server verification” option checked, even though it could cause sites to be flagged as untrusted from time to time (that’s the point – after all, it’s possible for hackers to fake a link to a website you trust).

Then we have Restricted Sites. Honestly, this is a hard feature to use effectively. If you know a site might harm your computer, you shouldn’t visit it, no matter what your settings are. So why would you place it in a specific zone? Still, if for some reason you have to access a potentially damaging site you can yet again use the Sites button to add URLs.

Disabling Site Access

internet options

The security restrictions are sufficient for most users, but what if you’re concerned someone might to try access illegal or pornographic content? Perhaps your kid just became a teenager, and you’d like to ward off curiosity so you can have “the talk?” You’ll find options for these sorts of restrictions in the Content tab. One is Parental Controls, and the other is Content Advisor.

I’ve already covered Window’s parental controls in another article. There’s another content control feature, however, called Content Advisor. This tool is found just below the Parental Controls button and lets you restrict sites based on their content rating by an organization called the ICRA. Just one small problem –ICRA recently stopped existing. All current ratings still work, but there will be no future updates.

It’s possible to add a third-party rating system by using the Rating Systems options under the General tab of Content Advisor. Reviewing these systems is a bit outside the scope of this article, however.

Even better is the “Approved Sites” tool that lets you create a list of websites that are never viewable. The way it works is simple. Just type in a URL, then click the “Always” or “Never” viewable option. All currently restricted/allowed sites will be viewable, and you can change their settings or delete them from management.

Conclusion

Keep in mind that Internet Options generally apply to Internet Explorer. Also keep in mind that they can be changed by administrators. That shouldn’t be a big deal, however. A public computer, or a family computer that can be used by young children, should have a password protected administrator account anyway.

If you’re interested in blocking all Internet access, you can do so by disabling Internet Options entirely. Or you could hide your router. Maybe you know of another method? If so, let us know in the comments.

Similar Stuff



No comments:

Post a Comment

[Please do not advertise, or post irrelevant links. Thank you for your cooperation.]