376 Chapter 7 • Configuring Internet Technologies apply a change, the security level for that zone is labeled Custom, and the slider disappears. You can also further customize the settings for Java Permissions.The Microsoft Virtual Machine was an integral part of previous versions of Windows and Internet Explorer. In Windows XP and Internet Explorer 6, it is no longer installed by default; however, you can download it as required. Under the Microsoft VM subcategory, click Custom under Java Permissions.This brings up a button for customizing these permissions at a more granular level. www.syngress.com Figure 7.8 Setting Custom Security Properties A Secure Internet Client Environment Most Internet users think only about securing the browser when they contemplate Internet security. In fact, you should secure everything that is used to access the Internet. The browser, operating system, network connection, and mail client, even the office productivity suite, all con- tribute to a secure environment from where you can start to work securely with the Web. The first task is to apply all service packs and updates. Windows Update is a great place to start for downloading and installing updates for the browser and the operating system. Also, Microsoft’s TechNet site that concentrates on security issues (www.microsoft.com/technet/ security/) has security white papers, bulletins, and hotfixes available for Designing & Planning… Continued 189_XP_07.qxd 11/12/01 9:56 AM Page 376 Configuring Internet Technologies • Chapter 7 377 The Privacy Tab The Privacy tab, shown in Figure 7.9, represents one of the new features discussed at the beginning of the chapter. Its purpose in life is to manage the cookies that Web sites place, or try to place, on the local hard drive.A cookie is a file created by a Web site that stores information on the workstation, such as viewing prefer- ences for that particular Web site, usernames, passwords, and personal data.A session cookie is a temporary cookie that is stored in memory and gets deleted when the browser is closed.A persistent cookie is one where the lifetime of the cookie is longer than the time spent at the site; it is saved from memory to disk upon exiting the browser and discarded when it reaches its defined expiration time. Setting the privacy level is much the same as setting the security level for an Internet zone, except that the slider has more graduations, making the selection more specific.The privacy setting ranges from Accept All Cookies at the bottom of the scale to Block All Cookies at the top of the scale. www.syngress.com download often before they are packaged and made available through Windows Update. Updates for all other software should be available from the vendors’ Web sites. The second important step to take is to install and maintain up-to- date antivirus software. There is little point in having antivirus software if it has not been updated since 1998. Barely a week passes between vir- ulent outbreaks of new e-mail–based worms and other viruses. Antivirus vendors typically update their files frequently in response to new virus threats. Monitor these sites regularly and download and apply the updated files as soon as they become available. Encryption is good protection against someone attempting to “sniff” your connection for a username and password. Use the highest encryption available to guarantee the security of your data in transmission. Finally, a new tool—Microsoft Personal Security Advisor—will scan your environment, identify security deficiencies, and provide solutions. You can find it at www.microsoft.com/technet/mpsa/start.asp. If it finds a few deficiencies, you may need to reboot a few times to get them all cleared up. Because Windows XP is an Internet platform, the whole platform has to be maintained from a security perspective. All software, including the operating system, must be kept current with all new software updates, especially antivirus software. Finally, you should guard the net- work connection with the highest available level of encryption when transmitting sensitive or personal data. 189_XP_07.qxd 11/12/01 9:56 AM Page 377 378 Chapter 7 • Configuring Internet Technologies The Advanced… button overrides automatic cookie handling. If enabled, it specifies what action to take—Accept, Block, or Prompt—for first- and third- party cookies.You can also enable or disable session cookies by checking or clearing the Always allow session cookies check box, respectively.The Edit… button permits you to override the current privacy setting for how cookies from specified sites are handled by the system. By entering the URL in the appropri- ately named field and clicking either Block or Allow, you can manage cookies from individual Web sites.This is particularly helpful when you want to stick with a particular setting, but have an individual requirement for a few sites. NOTE For more information, please refer to www.w3.org/P3P/. Internet Explorer 6 takes individual privacy a step further by protecting the user against information collection by third parties.This will have a huge impact on advertisers.A lot of Web sites include ad banners that are served from a third-party advertiser, such as Doubleclick.These banners often include cookies so that adver- tisers can collect statistics on how many views and clickthroughs they receive. Using Doubleclick as an example, when IE6 detects a cookie from ad.doubleclick.net while you are viewing a page on a different Web site, it will block that cookie entirely unless Doubleclick provides a P3P-compliant compact policy.A compact www.syngress.com Figure 7.9 Managing Cookies with the New Privacy Tab 189_XP_07.qxd 11/12/01 9:56 AM Page 378 Configuring Internet Technologies • Chapter 7 379 policy is a machine-readable summary of a privacy policy that is stored on the Web server. P3P is a policy that is created by a Web site developer responding to a stan- dardized set of multiple-choice questions and covers all the major aspects of the site’s privacy policies.The responses define how the site will handle personal infor- mation about its visitors. P3P-enabled Web sites make this information available in a standard, machine-readable format, and compliant browsers can import this snap- shot automatically to compare it to the consumer’s own set of privacy preferences. The Privacy tab is a friendly interface for working with the privacy settings on Web sites that have implemented P3P-compliant compact policies. www.syngress.com Anyone for Cookies? If you browse through your temporary Internet files, also known as the browser cache, you will notice that a number of files whose names begin with cookie will accumulate over time. You may also be prompted to approve the creation of a cookie to your local hard disk. Simply put, a cookie is a file that contains information about the user, such as per- sonal information, preferences, or even system information that is stored in memory or on the local hard drive for use by a visited Web site. There are many reasons for using cookies, including personalizing infor- mation, assisting with e-commerce, and tracking popular links and demographics, among others. A cookie is a useful tool for developers to keep site content current and to tailor content to visitors’ preferences. Technically, a cookie is an HTTP header that consists of a text-only string that gets entered into the memory of a browser. This string contains the domain, path, lifetime, and value of a variable that a Web site sets. If the lifetime of this variable is longer than the time the user spends at that site, this string is saved to file for future reference. Because HTTP is a state- less (nonpersistent) protocol, it is impossible to differentiate between visits to a Web site, unless a Web server can somehow “mark” a visitor. A cookie maintains the state variables required by Web sites by storing infor- mation on the visitor’s system in a cookie file. Cookies can store database information, Web page preferences, or any other required information, including authentication information. After the cookie is transmitted through an HTTP header, it is stored in the memory of your browser. This way the information is quickly and Designing & Planning… Continued 189_XP_07.qxd 11/12/01 9:56 AM Page 379 380 Chapter 7 • Configuring Internet Technologies The Content Tab As mentioned earlier, the Content tab (Figure 7.10) is for configuring the way in which you interact with Web sites.The Content Advisor works with RSACi- rated sites to block or allow sites that fail or comply with the configured sensi- tivity level.Although this appears to be an effective method of blocking offensive material, not many sites that have offensive material will be registered with RSAC (Recreational Software Advisory Council, now known as the ICRA [Internet Content Rating Association]).That being said, the administrator of the workstation can specify sites that are safe to view, and he can use passwords to restrict travel to other material. For this feature to work correctly,Web developers must submit the pages that constitute their Web sites to RSAC for a rating.A metatag that contains the rating must be included in the pages for their Web sites. www.syngress.com readily available without retransmission. The lifetime of a cookie can be configured to exceed the amount of time that the browser could rea- sonably expect to be open. Consequently, the browser saves the cookie from memory to the hard drive. When the browser is launched again, all of the cookies that have not expired are still available for use. A browser constantly performs maintenance on its cookies. Every time the browser is opened, cookies are read into memory from disk, and when the browser is closed, nonexpired cookies are resaved to disk. When a cookie expires, it is discarded and is no longer kept on the system. Many people are suspicious of cookies, especially where it concerns privacy and the collection of personal data. Although a cookie, by itself, is not capable of collecting personal information about the user, it can be used as a tracking device to help individuals and organizations whose job it is to gather this kind of information. As information is gathered about the visitor, it is associated with a value kept in the cookie file. The only way that personal information can find its way into a cookie is if that information is provided to a site that saves the information to the site’s cookie file on the local system. Some organizations form visitor profiles by aggregating the personal and preference information stored in cookie files to tailor Web site content and advertising; Doubleclick is a prime example. To maintain control of privacy, you should carefully evaluate what personal information you want to knowingly and unknowingly disseminate over the Web and set your browser security and privacy settings accordingly. A good reference site is www.cookiecentral.com, especially www.cookiecentral.com/faq. 189_XP_07.qxd 11/12/01 9:56 AM Page 380 Configuring Internet Technologies • Chapter 7 381 When enabled, the default setting is to disallow viewing any site that does not have a rating. The Certificates and Personal information sections assist with identity man- agement on the Internet. Digital certificates are used to positively identify people, certification authorities, and certificate publishers.The buttons in the section manage the certificates that belong to the user.The Personal information section assists with filling out forms and entering other data. AutoComplete helps in filling out Web addresses and forms by completing fields as you type, and col- lecting information in a history file.AutoComplete knows what to enter because it is using data from your Microsoft Personal Assistant and a history file. If you are a frequent AutoComplete user, have a look at what is contained in My Profile; the completeness of information in your profile might surprise you. NOTE For more information on the ICRA and Web site rating, navigate to www.rsac.org. A notable absence from Windows XP is Microsoft Wallet. Its disappearance in Internet Explorer 6 from this tab in previous versions can be attributed to Microsoft’s increasing reliance on Passport, Microsoft’s identity management service.Anyone who has subscribed to any Microsoft service, such as Hotmail, www.syngress.com Figure 7.10 Safeguarding Browsing Activities and Identities on the Web 189_XP_07.qxd 11/12/01 9:56 AM Page 381 382 Chapter 7 • Configuring Internet Technologies MSN, or TechNet, has an account in Passport.This Passport account can be included in the User Profile for use when browsing the Web. The Connections Tab The purpose of the Connections tab, displayed in Figure 7.11, is to configure the many ways that you can connect to the Internet.The Setup… button at the top of the tab launches the Internet Connection Wizard.This wizard configures mail and news accounts, dial-up networking, and default Internet connections. For the Dial-up and Virtual Private Network settings, the Add… button launches the Network Connection Wizard; the Remove… button deletes a highlighted con- nection from the list; and the Settings… button configures the highlighted con- nection with settings for automatic configuration, proxy server, username, password, and domain.The Local Area Network (LAN) Settings… button is for configuring the workstation to connect to the Internet over a perpetual net- work connection. You can use the Local Area Network (LAN) Settings window in Figure 7.12 to establish automatic configuration and proxy server settings. For most corporate environments, a proxy server address and port number will not be required because the default setting of Automatically detect settings should pick up the proxy server as a gateway to the Internet. If your gateway does not support automatically detecting the LAN settings, you must specify a proxy server.You should check the box in the Proxy server section and enter an IP address and port number in the appropriate fields. www.syngress.com Figure 7.11 Configuring the System’s Internet Connection 189_XP_07.qxd 11/12/01 9:56 AM Page 382 Configuring Internet Technologies • Chapter 7 383 For automatic detection and configuration scripts to work, the network has to be set up properly.You can configure DHCP, for example, with a custom option that provides information to the browser regarding the location and port used for the Web proxy service. Automatic configuration specifies to automat- ically detect proxy server settings or automatic configuration settings, which are used to connect to the Internet and customize Internet Explorer. Use automatic configuration script specifies the file that contains the automatic configuration settings that are executed when the browser is launched.The Proxy server section is for configuring the browser to use a specific proxy server to access the Internet.A proxy server acts as an intermediary between your internal network, or intranet, and the Internet by retrieving files from remote Web servers. Bypass proxy server for local addresses configures the browser so that a request will not be redirected to the proxy server if the name in the address field of the browser is not in the form of a Fully Qualified Domain Name (FQDN), such as www.syngress.com. If a FQDN is used to access a Web server that is on the internal network, the browser will attempt to access the site on that server through the proxy server and will not be able to reach it, unless the server is included in a list in the Exceptions field behind the Advanced button.This button leads to a window to manage entries in the list of Exceptions and to con- figure what specific proxy servers, and their specific port addresses, will be used for different tasks. For example, you can configure the browser to access one proxy server for HTTP requests and another for FTP requests. The Programs Tab The Programs tab demystifies the process of associating Internet services with the appropriate applications. Up to a certain point in Internet Explorer’s history, this www.syngress.com Figure 7.12 Configuring the Browser to Work Properly over a Local Network 189_XP_07.qxd 11/12/01 9:56 AM Page 383 384 Chapter 7 • Configuring Internet Technologies tab did not exist, and applications fought amongst themselves for which one was going to be the default application to facilitate a particular service.With this tab, you can choose, not only which application is the default, but also which applica- tion will be used. For example, in Figure 7.13, Notepad is the default HTML editor, but Microsoft FrontPage is also in the list.When you choose to edit a page from the icon on the Standard Buttons bar in Internet Explorer 6, both applica- tions are available.The default application is the one that comes up automatically. The Advanced Tab The Advanced tab appears to list every conceivable Internet Explorer 6 setting, as shown in Figure 7.14.Actually, these advanced settings are options that are not covered under any of the other tabs, buttons, sliders, or drop-down boxes.There are really too many settings listed to go into detail about each one.They are grouped into the following categories: ■ Accessibility ■ Browsing ■ HTTP 1.1 settings ■ Microsoft VM ■ Multimedia ■ Printing www.syngress.com Figure 7.13 Establishing the Default Application for Different Types of Network Activities 189_XP_07.qxd 11/12/01 9:56 AM Page 384 Configuring Internet Technologies • Chapter 7 385 ■ Search from the Address bar ■ Security NOTE The options for configuring the new image and media features in Internet Explorer 6 are in the Multimedia section. The options in each of the subcategories are for tweaking Internet Explorer 6 when it does not behave the way you think it should, or if you just want it to behave differently. Perhaps pages are not appearing correctly, secure browsing cannot be enabled, or multimedia is showing up in the last place you want it to. If these or similar scenarios are having an impact on working with Internet Explorer 6, changing one or two options at a time may help. Internet Explorer 6 indicates where enabling or disabling an option requires that the system be restarted. Using Internet Explorer 6 The capability to view Web pages offline and to move among browsers with a familiar collection of Favorites and cookies definitely enhances the usability of the browser.You can import favorite intranet and Internet destinations from other www.syngress.com Figure 7.14 Configuring Advanced Browser Settings 189_XP_07.qxd 11/12/01 9:56 AM Page 385 [...]... is electronic messaging Outlook Express 6 is the latest version of the messaging client; it ships with Windows XP and with Internet Explorer 6 for other platforms Outlook Express 6 is communications central for Windows, handling mail messages, newsgroup access, and instant messaging, and it is compliant with most messaging protocols, including POP3, IMAP, NNTP, SMTP, and HTTP Although it is not the... www.syngress.com 189 _XP_ 07.qxd 11/12/01 9: 56 AM Page 411 Configuring Internet Technologies • Chapter 7 Summary Because the two most common activities for which people use the Web are reading and sending e-mail and viewing Web pages, Microsoft appropriately included Internet Explorer 6 and Outlook Express 6 as the default browser and mail client Instant messaging in Windows XP, using the Windows Messenger... require a Passport account In Windows XP, if a user has a Passport account, it can be integrated into the local user profile for use by Windows Messenger, Internet Explorer, and Outlook Express NOTE Windows Messenger is not an optional Windows component It, along with Windows Media Player, is a part of the operating system, akin to previous versions of Internet Explorer Windows Messenger is a key component... Downloaded The Import/Export Wizard automates the process of importing and exporting Favorites and cookies All importing and exporting activities follow a similar process For example, importing cookies requires a source folder or application but offers no choice of destination.You can launch the wizard from an item in the File menu of Internet Explorer 6 (File | Import and Export…) The window in Figure... Deploy Internet Explorer 6 The IEAK includes the Internet Explorer Customization Wizard and the IEAK Profile Manager, which enable the development and maintenance of custom browser packages that are tailored to meet the needs of the organization It can save network administrators a considerable amount of time and money in deploying and managing Internet Explorer You can establish policies and restrictions... Connection, and Maintenance tabs Figure 7. 26 The Opening View of the General Tab in the Options Applet www.syngress.com 189 _XP_ 07.qxd 11/12/01 9: 56 AM Page 397 Configuring Internet Technologies • Chapter 7 As mentioned earlier, Outlook Express 6 leverages many configuration options from Internet Explorer 6. The first section of the Security tab in Figure 7.27 is an example of this Outlook Express can be... to begin using Internet Explorer 6, Outlook Express 6, and Windows Messenger, a vast array of configuration options makes it possible to customize and personalize each tool to suit individual tastes and business requirements.The goal for configuring these tools is to create a secure environment that performs well You should configure security options to protect both the identity and assets of the individual... Technologies Using Outlook Express 6 You can use Outlook Express for electronic mail, instant messaging, newsgroup browsing, and people finding.The opening view when you launch the application is shown in Figure 7.30 From left to right, the displayed panes on the Outlook Express 6 window are the Outlook bar, the Folder List (top), the Contacts bar (bottom), and the Outlook Express Welcome screen.The layout... add and remove bars and lists.You can also change colors and styles to suit your preferences Figure 7.30 Working on the “Business End” of Outlook Express All accounts appear in the folder list.When using Outlook Express 6 to manage multiple accounts, this is in the your favor.The Tools menu has all of the options for working with accounts, message sending and retrieval, newsgroup subscription, and. .. of calendaring, especially shared calendaring, rules out Outlook Express 6 as a complete collaboration tool As hosted Exchange servers become more popular, organizations may turn to Outlook Express because it is installed with Windows XP by default and because of its attractive price (free) Another area is security Outlook and Outlook express are the prime targets for virus writers because they are the . Permissions.The Microsoft Virtual Machine was an integral part of previous versions of Windows and Internet Explorer. In Windows XP and Internet Explorer 6, it is no longer installed by default; however, you can download. and with Internet Explorer 6 for other platforms. Outlook Express 6 is communications central for Windows, handling mail messages, news- group access, and instant messaging, and it is compliant. Outlook Express 6 The most common Internet-related activity, by a vast margin, is electronic mes- saging. Outlook Express 6 is the latest version of the messaging client; it ships with Windows XP and