It’s often said that security is inversely proportional to functionality. The more secure you make a solution, the more inconvenient it will be to work with it.
Probably nowhere is this principle more obvious than when working with Internet Explorer security. In the past we were used to going where we wanted to, when we wanted to, and nothing got in our way. Of course, we also got malware, viruses, trojans, bots, and drive-bys. But most of the time I we didn’t realize what hit us until later – so we never saw the browser as the source of our frustration.
Microsoft has gone a long way at improving the security of their flagship browser, Internet Explorer. With the release of Internet Explorer on Windows Vista and the upcoming Windows 7, you now have access to the most secure browser available today. That’s not just me blowing smoke, its strongly supported by the evidence, much of which has been covered in this blog in the past.
Nevertheless, in order to get the most of your browsing experience, and to help your users get the most out of their browsing experience, you need to understand how security is implemented in Internet Explorer 8 and how to configure it to get the best balance of security and usability. This is where this article Internet Explorer 8 Enhanced Security Configuration comes in. You can find it at:
http://technet.microsoft.com/en-us/library/dd883248(WS.10).aspx
Here you’ll find discussions about:
- Internet Explorer Enhanced Security Configuration and Terminal Services
- Effects of Internet Explorer Enhanced Security Configuration on the Internet Explorer user experience
- Add sites to the Trusted sites zone
- Add sites to the Local intranet zone
- Apply Internet Explorer Enhanced Security Configuration to specific users
- Strengthen Internet Explorer security settings manually on your server
- Upgrading from previous versions
If you have a few minutes, give it a look. I’m confident that you’ll find a tip or two in there that you’ll be able to use.
HTH,
Tom
Thomas W Shinder, M.D., MCSE
Sr. Consultant / Technical Writer
Prowess Consulting www.prowessconsulting.com
PROWESS CONSULTING | Microsoft Forefront Security Specialist
Email: [email protected]
MVP – Forefront Edge Security (ISA/TMG/IAG)