Security zones: Difference between revisions
Line 16: | Line 16: | ||
=Turvaseaded= | =Turvaseaded= | ||
{| {{table}} | |||
| align="center" style="background:#f0f0f0;"|'''Security Setting''' | |||
| align="center" style="background:#f0f0f0;"|'''''' | |||
| align="center" style="background:#f0f0f0;"|'''''' | |||
| align="center" style="background:#f0f0f0;"|'''''' | |||
| align="center" style="background:#f0f0f0;"|'''''' | |||
| align="center" style="background:#f0f0f0;"|'''''' | |||
|- | |||
| .NET Framework||Low||Medium-Low||Medium||Medium-high||High | |||
|- | |||
| Loose XAML||En||En||En||En||Dis | |||
|- | |||
| XAML browser applications||En||En||En||En||Dis | |||
|- | |||
| XPS documents||En||En||En||En||Dis | |||
|- | |||
| .NET Framework-Reliant Components||Low||Medium-Low||Medium||Medium-high||High | |||
|- | |||
| Permissions for components with manifests||Hi||Hi||Hi||Hi||Dis | |||
|- | |||
| Run components not signed with Authenticode||En||En||En||En||Dis | |||
|- | |||
| Run components signed with Authenticode||En||En||En||En||Dis | |||
|- | |||
| ActiveX Controls and Plug-Ins||Low||Medium-Low||Medium||Medium-high||High | |||
|- | |||
| Allow previously unused ActiveX controls to run without prompt||En||En||En||Dis||Dis | |||
|- | |||
| Allow Scriptlets||En||En||Dis||Dis||Dis | |||
|- | |||
| Automatic prompting for ActiveX controls||En||En||Dis||Dis||Dis | |||
|- | |||
| Binary and script behaviors||En||En||En||En||Dis | |||
|- | |||
| Display video and animation on a webpage that does not use external media player||Dis||Dis||Dis||Dis||Dis | |||
|- | |||
| Download signed ActiveX controls||En||Pro||Pro||Pro||Dis | |||
|- | |||
| Download unsigned ActiveX controls||Pro||Dis||Dis||Dis||Dis | |||
|- | |||
| Initialize and script ActiveX controls not marked as safe for scripting||Pro||Dis||Dis||Dis||Dis | |||
|- | |||
| Run ActiveX controls and plug-Ins||En||En||En||En||Dis | |||
|- | |||
| Script ActiveX controls marked safe for scripting||En||En||En||En||Dis | |||
|- | |||
| Downloads||Low||Medium-Low||Medium||Medium-high||High | |||
|- | |||
| Automatic prompting for file downloads||En||En||Dis||Dis||Dis | |||
|- | |||
| File download||En||En||En||En||Dis | |||
|- | |||
| Font download||En||En||En||En||Dis | |||
|- | |||
| Enable .NET Framework setup||En||En||En||En||Dis | |||
|- | |||
| Miscellaneous||Low||Medium-Low||Medium||Medium-high||High | |||
|- | |||
| Access data sources across domains||En||Pro||Dis||Dis||Dis | |||
|- | |||
| Allow META REFRESH||En||En||En||En||Dis | |||
|- | |||
| Allow scripting of Internet Explorer web browser control||En||En||Dis||Dis||Dis | |||
|- | |||
| Allow script-initiated windows without size or position constraints||En||En||Dis||Dis||Dis | |||
|- | |||
| Allow Web pages to use restricted protocols for active content||Pro||Pro||Pro||Pro||Dis | |||
|- | |||
| Allow websites to open windows without address or status bars||En||En||En||Dis||Dis | |||
|- | |||
| Display mixed content||Pro||Pro||Pro||Pro||Pro | |||
|- | |||
| Don\'t prompt for client certificate selection when no certificates or only one certificate exists||En||En||Dis||Dis||Dis | |||
|- | |||
| Drag and drop or copy and paste files||En||En||En||En||Pro | |||
|- | |||
| Include local directory path when uploading files to a server||En||En||En||En||Dis | |||
|- | |||
| Installation of desktop items||En||Pro||Pro||Pro||Dis | |||
|- | |||
| Launching applications and unsafe files||En||En||Pro||Pro||Dis | |||
|- | |||
| Launching programs and files in an IFRAME||En||Pro||Pro||Pro||Dis | |||
|- | |||
| Navigate sub-frames across different domains||En||En||Dis||Dis||Dis | |||
|- | |||
| Open files based on content, not file extension||En||En||En||En||Dis | |||
|- | |||
| Software channel permissions||Lo||Med||Med||Med||Hi | |||
|- | |||
| Submit nonencrypted form data||En||En||En||En||Pro | |||
|- | |||
| Use Phishing Filter||Dis||Dis||En||En||En | |||
|- | |||
| Use Pop-up Blocker||Dis||Dis||En||En||En | |||
|- | |||
| Userdata persistence||En||En||En||En||Dis | |||
|- | |||
| Web sites in less privileged web content zone can navigate into this zone||Pro||En||En||En||Dis | |||
|- | |||
| Scripting||Low||Medium-Low||Medium||Medium-high||High | |||
|- | |||
| Active scripting||En||En||En||En||Dis | |||
|- | |||
| Allow Programmatic clipboard access||En||En||Pro||Pro||Dis | |||
|- | |||
| Allow status bar updates via script||En||En||En||Dis||Dis | |||
|- | |||
| Allow websites to prompt for information using scripted windows||En||En||En||Dis||Dis | |||
|- | |||
| Scripting of Java applets||En||En||En||En||Dis | |||
|- | |||
| User Authentication - Logon||Automatic logon with current user name and password||Automatic logon only in Intranet Zone||Automatic logon only in Intranet Zone||Automatic logon only in Intranet Zone||Prompt for user name and password | |||
|- | |||
| | |||
|} | |||
=Kokkuvõte= | =Kokkuvõte= | ||
=Kasutatud kirjandus= | =Kasutatud kirjandus= | ||
=Autor= | =Autor= |
Revision as of 14:50, 10 October 2011
Sissejuhatus
Security zones on osa Internet Exploreri turbemeetoditest, mis annab kasutajatele võimalusele mugavalt ja efektiivselt hallata veebikeskkonna turvalisust. Security zones-i tüübid jaguned viieks: internet, local intranet, trusted sites, restricted sites ning my computer. Iga piirkonda saab seadistada vastavalt vajadusele, kasutades olemasolevaid seadistusi vastavalt turvatasemele või kohandades endale sobivate spetsifikatsioonidega turvataseme.
Turvapiirkondade tüübid
Internet
Antud piirkonda paigutatakse kõik need veebilehed, mis kuhugi mujale pole liigitatud(seetõttu ei saa ka lisada veebilehti antud piirkonda). Vaikimisi on antud piirkonna turvatase Medium-High.
Local Intranet
Sisaldab kõiki veebilehti, mis asuvad seespool organisatsiooni tulemüüri. Vaikimisi on antud piirkonna turvatase Medium-Low.
Trusted Sites
Piirkonda lisatakse tavaliselt kõige turvalisemad ja usaldusväärsemad lehed, mis soovitatavalt kasutavad https protokolli. Vaikimis on turvatasemeks Medium.
Restrcted Sites
Kõik veebilehed, mis kujutavad endas ohtu, tasub liigitada Restricted Sitesi turvapiirkonda, millel on vaikimisi turvatase seadistatud High peale.
Turvaseaded
Security Setting | ' | ' | ' | ' | ' |
.NET Framework | Low | Medium-Low | Medium | Medium-high | High |
Loose XAML | En | En | En | En | Dis |
XAML browser applications | En | En | En | En | Dis |
XPS documents | En | En | En | En | Dis |
.NET Framework-Reliant Components | Low | Medium-Low | Medium | Medium-high | High |
Permissions for components with manifests | Hi | Hi | Hi | Hi | Dis |
Run components not signed with Authenticode | En | En | En | En | Dis |
Run components signed with Authenticode | En | En | En | En | Dis |
ActiveX Controls and Plug-Ins | Low | Medium-Low | Medium | Medium-high | High |
Allow previously unused ActiveX controls to run without prompt | En | En | En | Dis | Dis |
Allow Scriptlets | En | En | Dis | Dis | Dis |
Automatic prompting for ActiveX controls | En | En | Dis | Dis | Dis |
Binary and script behaviors | En | En | En | En | Dis |
Display video and animation on a webpage that does not use external media player | Dis | Dis | Dis | Dis | Dis |
Download signed ActiveX controls | En | Pro | Pro | Pro | Dis |
Download unsigned ActiveX controls | Pro | Dis | Dis | Dis | Dis |
Initialize and script ActiveX controls not marked as safe for scripting | Pro | Dis | Dis | Dis | Dis |
Run ActiveX controls and plug-Ins | En | En | En | En | Dis |
Script ActiveX controls marked safe for scripting | En | En | En | En | Dis |
Downloads | Low | Medium-Low | Medium | Medium-high | High |
Automatic prompting for file downloads | En | En | Dis | Dis | Dis |
File download | En | En | En | En | Dis |
Font download | En | En | En | En | Dis |
Enable .NET Framework setup | En | En | En | En | Dis |
Miscellaneous | Low | Medium-Low | Medium | Medium-high | High |
Access data sources across domains | En | Pro | Dis | Dis | Dis |
Allow META REFRESH | En | En | En | En | Dis |
Allow scripting of Internet Explorer web browser control | En | En | Dis | Dis | Dis |
Allow script-initiated windows without size or position constraints | En | En | Dis | Dis | Dis |
Allow Web pages to use restricted protocols for active content | Pro | Pro | Pro | Pro | Dis |
Allow websites to open windows without address or status bars | En | En | En | Dis | Dis |
Display mixed content | Pro | Pro | Pro | Pro | Pro |
Don\'t prompt for client certificate selection when no certificates or only one certificate exists | En | En | Dis | Dis | Dis |
Drag and drop or copy and paste files | En | En | En | En | Pro |
Include local directory path when uploading files to a server | En | En | En | En | Dis |
Installation of desktop items | En | Pro | Pro | Pro | Dis |
Launching applications and unsafe files | En | En | Pro | Pro | Dis |
Launching programs and files in an IFRAME | En | Pro | Pro | Pro | Dis |
Navigate sub-frames across different domains | En | En | Dis | Dis | Dis |
Open files based on content, not file extension | En | En | En | En | Dis |
Software channel permissions | Lo | Med | Med | Med | Hi |
Submit nonencrypted form data | En | En | En | En | Pro |
Use Phishing Filter | Dis | Dis | En | En | En |
Use Pop-up Blocker | Dis | Dis | En | En | En |
Userdata persistence | En | En | En | En | Dis |
Web sites in less privileged web content zone can navigate into this zone | Pro | En | En | En | Dis |
Scripting | Low | Medium-Low | Medium | Medium-high | High |
Active scripting | En | En | En | En | Dis |
Allow Programmatic clipboard access | En | En | Pro | Pro | Dis |
Allow status bar updates via script | En | En | En | Dis | Dis |
Allow websites to prompt for information using scripted windows | En | En | En | Dis | Dis |
Scripting of Java applets | En | En | En | En | Dis |
User Authentication - Logon | Automatic logon with current user name and password | Automatic logon only in Intranet Zone | Automatic logon only in Intranet Zone | Automatic logon only in Intranet Zone | Prompt for user name and password |