Internet Explorer (IE) is a well-known web browser for all of us. Microsoft, the famous American software company that developed the Windows operating system, has “widely” integrated this browser into Windows.
The components in IE are closely related to the Windows environment, which means that any changes made to the options in IE will also affect other related applications like Outlook Express and Windows Media Player.
New security vulnerabilities in IE are continuously discovered every day, so you need to regularly update to the latest version of IE and fix files from www.microsoft.com. Even if you use web browsers from other companies like Opera or Firefox, the need to update to new versions to avoid attacks from “uninvited guests” – viruses is always a critical concern.
ActiveX controls or Java applets can offer a complete immersive experience on websites; however, they also carry risks when unexpected errors occur.
Using SECURITY ZONES
SECURITY ZONES are the first layer of protection in the IE browser. There are four levels of protection available if you install Windows in the standard way.
+ Local Intranet: All sites protected by a firewall. This means that only computers within your internal network can access them.
+ Trusted sites: Trusted sites. Sites that you trust the most should be added to the Trusted sites list.
+ Restricted sites: Conversely, this section should include sites that raise the most suspicion.
+ Internet: the default setting of Windows.
There is a fifth layer of protection, but by default, this layer is not set up in Windows. ActiveX controls installed on your computer will “reside” in this layer.
To assign sites to any protection layer or change the default configuration, go to Internet Options by accessing the Tools menu in IE or via the Control Panel.
Configuring Local Intranet:
– All internal sites not assigned to other zones. URLs without domain name delimiters like http://localhost… are considered internal sites.
– To remove one or more items from Local Intranet, select Local Intranet in the Security tab of the Internet Options window. Choose Sites, uncheck the appropriate checkboxes, and then click OK.
Note:
All actual Internet addresses are 32-bit integer values, which are always compiled into byte values. That’s why we see addresses like: 124.198.20.57
Adding and Removing Sites in Each Zone:
Select the Zone you want to add a site to, then click the “Sites…” button. Type or Copy and Paste the site address into the “Add this Website to the Zone…” box. The entered website will appear in the list of websites in the adjacent box. To remove that site from the list, simply select it and then click the Remove button.
Note:
– By default, IE will use the “http” protocol. When you type “www.google.com,” it is equivalent to typing http://www.google.com.
– “Require server verification (https:) for all sites in this zone” ensures that the Zone you are logged into is protected by SSL. The checkbox is selected for Trusted Sites. You can combine them by unchecking the box when accessing the Site.
– When you enter the full address of a website, IE will only automatically update the main domain address of the Site. For example, when you enter http://www.bbc.co.uk/doctorwho/characters/index.shtml, only http://www.bbc.co.uk/ will appear in the list.
– If you use a direct IP address, it will not be understood as synonymous with the site name. For example, the site address www.google.com is not considered different from 216.239.63.104 (which is also the IP address of that site). Therefore, if you want to use the IP address simultaneously, you must add both addresses to the Zone.
– To move a site from one Zone to another, you need to remove it from the current Zone and then add it to the desired Zone.
– Regularly check the list of Trusted Zones. Some malicious software may automatically insert unwanted sites into the Trusted Zone without the user’s permission.
Creating a Custom Security Zone
If the Zones provided in Windows do not meet your needs, you can create a custom Zone according to your preferences. IE does not allow you to create new Zones at will; however, there is still a way to easily achieve a similar result.
Zones are controlled by the following key in the Registry “HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionInternet SettingsZones“. This key includes four subkeys:
0)MyComputer
1)Local Intranet
2)Trusted sites
3)Internet
4)Restricted Sites
The simplest way to create a new zone is to export one of the above keys using the Registry Editor, modify it, and then import the new keys.
1. If you are using Windows XP, you can use the System Restore feature to create a new restore point.
2. Open the Registry Editor and navigate to HKCUSoftwareMicrosoftWindowsCurrentVersionInternet SettingsZones2. The number 2 here corresponds to Trusted Sites, and 4 corresponds to Restricted Sites. Other Zones have properties that do not allow easy backup.
3. Select Files –> Export and save the selected key as a file with the “.reg” extension. Close the Registry Editor.
4. Locate the exported file, then right-click on it. Select Edit and open it with a text editor, typically Notepad.
5. Change the line starting with the key [HKEY_CURRENT_USER, changing 4 to 5 at the end. You can use any number, but 5 is required.
6. In the “Display Name” and “Description” sections, you can change the information as you wish.
7. The Icon is the icon that will appear in the Internet Options window.
8. Change the “MinLevel” and “RecommendedLevel“. MinLevel is the lowest security level you can set for a Zone. RecommendedLevel is the default setting.
Security Levels include:
dword:00010000 Low level
dword:00010500 Medium-low level
dword:00011000 Medium level
dword:00012000 High level
9. Change the parameters in the Flags line. This line sets different properties for each Zone.
1 (0x01) allows changing optional settings
2 (0x02) allows users to add sites to the Zone.
4 (0x04) Requires https protocol
8 (0x08) includes sites that pass through the proxy server
16 (0x10) includes sites not listed in other Zones
32 (0x20) Not part of any Zone in the Internet Options window
64 (0x40) includes the checkbox “Require server verification for all sites listed in this zone”
128 (0x80) treats UNC paths as paths in the Intranet.
Note: The numbers in parentheses are values in hexadecimal.
10. Save the changes, then double-click to import the modified content into the Registry.
M.H
