You can control security in several ways: through Site Certificates, Authenticode publishers, and security zones. You can preinstall certificates on users' computers and block them from downloading other certificates. You can also set ratings for the content your users view.
Corporate administrators can specify security settings and ratings in Stage 4 and Stage 5 of the IEAK wizard.
The new Internet Explorer 4.0 security options enable you to assign specific Web sites to various zones, depending on how much you trust the content of the specific Web site.
When you install Internet Explorer 4.0, four security zones are set up:
You can view and change all the security settings by clicking the Internet icon in Control Panel, and then clicking the Security tab.
Remember, security on the Internet is as good as your settings. Internet Explorer 4.0 provides you with the information you need to make good security decisions, and more flexible tools to implement those decisions.
By default, the Internet zone is set to the Medium security level. If you are concerned about possible security problems browsing the Internet, you might want to change the setting to High. If you raise the security setting, some pages will not be allowed to perform certain potentially hazardous operations.
If you are an expert user, you might want to choose Custom Settings so that you can control each individual security decision for the zone. To do this, from the Security tab, click Custom, and then click Settings.
There are two zones available to which you can assign Web sites that you specifically trust more or less than the Internet or the local intranet. To add sites to these zones, first choose the zone, and then click Add Sites.
The Trusted Sites zone is assigned a Low security setting by default. If you assign a site to the Trusted Sites zone, the site will be allowed to perform more powerful operations. Also, Internet Explorer will ask you to make fewer security decisions. Add a site to this zone only if you trust all of its content never to do anything potentially harmful to your computer. For the Trusted Sites zone, we strongly recommend use of the HTTPS: protocol so that connections to the site are secure.
The Restricted Sites zone is assigned a High security setting by default. If you assign a site to the Restricted Sites zone, the site will be allowed to perform only minimal, very safe operations. This zone is for the rare case of a site you don't trust.
To be secure, it is imperative that the Local Intranet zone be set up in conjunction with the proxy server and firewall. All sites in the zone should be "inside the firewall," and proxy servers should be configured so that they do not allow an external DNS name to be resolved to this zone.
By default, the Local Intranet zone consists of local domain names and those set in proxy override of the Connections tab. The network administrator should confirm that these settings are indeed secure for the installation, or adjust the settings as needed to be secure. After the Local Intranet zone is confirmed secure, consider changing the zone's security level to Low to enable a wider range of powerful operations to be performed. It is also possible to adjust individual security settings in the Custom Settings dialog box.
If there are parts of the intranet that are less secure or otherwise not trustworthy, they can be excluded from this zone by assigning them to the Restricted Sites zone.
The Local Intranet zone is intended to be set up via the IEAK, although the options on the Security tab in the Internet Properties dialog box can also be used.
It is important to understand that a user could copy content from one zone to another, potentially increasing or decreasing the level of security intended for the content.