Microsoft Internet Explorer (IE) offers advanced security options. To access these options in IE 5.0, select Tools, Internet Options, then select the Advanced tab. Among other choices (e.g., Browsing, Java), the Advanced tab contains a Security section that includes several configuration options pertaining to encrypted communications. Although most of the default settings are acceptable, certain security levels disable the first four items by default. These items are as follows:
- Check for publisher's certificate revocation
- Check for server certificate revocation (requires restart)
- Do not save encrypted pages to disk
- Empty Temporary Internet Files folder when browser is closed
You need to enable these four items for maximum browser security.
The next item in the list is Enable Profile Assistant. This setting governs how the browser interacts with a Web site that requests user profile information. Because I'm paranoid when it comes to security, I keep this item disabled. However, if you want to enable the Profile Assistant, the browser will prompt you before sharing information with a Web site that requests user profile data and let you select which data to send to the requesting site.
Following Enable Profile Assistant are five items that control encrypted communications:
- Use Fortezza
- Use PCT 1.0
- Use SSL 2.0
- Use SSL 3.0
- Use TLS 1.0
Enabling these features involves a few risks. Someone might intercept, hijack, or decrypt your communications. Although these threats have minimal potential, you might want to consider not using older technologies that are more vulnerable to these attacks. For example, Secure Sockets Layer (SSL) 2.0 is less secure than SSL 3.0, so disabling SSL 2.0 might be a good idea. However, if you disable SSL 2.0, you might not be able to connect to sites that still use that protocol.
The last three items in the list provide warnings. You should enable these items to heighten security:
- Warn about invalid site certificates
- Warn if changing between secure and not secure mode
- Warn if forms submittal is being redirected
The first warning helps alert you to invalid URLs embedded into site certificates. The second warning will alert you when moving from an encrypted connection to a nonencrypted connection so that you don't inadvertently transmit sensitive information over an unsecure link. The last warning tells you that a Web site's form is returning to that same site. Enabling this item will help guard against a malicious Web page hijacking your information.
Take a few minutes to familiarize yourself with the advanced security options that IE offers. With this heightened awareness, you can make conscious decisions about the detailed options that IE offers and increase your network's security.