1
00:00:00,380 --> 00:00:01,560
<v ->In this demonstration,</v>

2
00:00:01,560 --> 00:00:02,393
I'm going to show you

3
00:00:02,393 --> 00:00:05,460
how we can configure our web browser more securely.

4
00:00:05,460 --> 00:00:07,440
I'm going to show you this in two different ways.

5
00:00:07,440 --> 00:00:10,430
First, is how an end user or a home user might do it,

6
00:00:10,430 --> 00:00:12,920
and secondly, we'll do it through the group policy editor.

7
00:00:12,920 --> 00:00:14,080
And that's how you may do it

8
00:00:14,080 --> 00:00:16,560
if you're doing it in a large organization.

9
00:00:16,560 --> 00:00:17,610
First, I'm going to show you

10
00:00:17,610 --> 00:00:20,350
how an end user is going to secure their web browser.

11
00:00:20,350 --> 00:00:23,700
For this example, I'm going to use Internet Explorer version 11

12
00:00:23,700 --> 00:00:25,910
which comes on Windows 10, by default.

13
00:00:25,910 --> 00:00:27,720
You can use whichever browser you like,

14
00:00:27,720 --> 00:00:30,260
but the options will be a little bit different.

15
00:00:30,260 --> 00:00:32,130
Whichever browser you're using, you're going to find

16
00:00:32,130 --> 00:00:34,230
either three dots or a gear icon,

17
00:00:34,230 --> 00:00:36,100
that'll bring you up to the tools menu.

18
00:00:36,100 --> 00:00:38,100
You then want to go into your settings.

19
00:00:38,100 --> 00:00:41,113
For Internet Explorer, it's going to be the Internet options.

20
00:00:42,210 --> 00:00:45,960
Next, you want to go and verify what your homepage is set at.

21
00:00:45,960 --> 00:00:47,450
I like to keep mine at Google

22
00:00:47,450 --> 00:00:49,300
or it might be your corporate website.

23
00:00:49,300 --> 00:00:50,133
But you want to make sure

24
00:00:50,133 --> 00:00:52,780
it hasn't been changed to something nefarious

25
00:00:52,780 --> 00:00:54,210
Next, you want to also look

26
00:00:54,210 --> 00:00:56,600
at how your browser history is set up.

27
00:00:56,600 --> 00:00:59,040
Do you want it to delete your browser history on exit

28
00:00:59,040 --> 00:01:00,740
to keep your privacy secure?

29
00:01:00,740 --> 00:01:02,120
And, if you look at your settings,

30
00:01:02,120 --> 00:01:05,210
you can see how often those pages are cached

31
00:01:05,210 --> 00:01:07,600
and how much disk space is being used for that.

32
00:01:07,600 --> 00:01:09,890
We also can see what objects have been downloaded.

33
00:01:09,890 --> 00:01:11,140
In this case, there are none

34
00:01:11,140 --> 00:01:13,040
because it's a brand new installation.

35
00:01:14,970 --> 00:01:17,040
Next, we'll go ahead and close that

36
00:01:17,040 --> 00:01:19,960
and we will go through and tell it that, every time I leave,

37
00:01:19,960 --> 00:01:21,960
I want it to delete my browsing history.

38
00:01:23,670 --> 00:01:26,160
The next thing we want to look at is our security tab.

39
00:01:26,160 --> 00:01:28,540
And here is where we have our different security zones.

40
00:01:28,540 --> 00:01:30,460
Right now, I'm set to Internet,

41
00:01:30,460 --> 00:01:33,970
which means it has a medium to high level of trust.

42
00:01:33,970 --> 00:01:35,840
Now, if I go to my local intranet,

43
00:01:35,840 --> 00:01:37,870
this should have a very high level of trust

44
00:01:37,870 --> 00:01:39,470
because we control the intranet.

45
00:01:40,390 --> 00:01:41,930
Next, we have our trusted sites.

46
00:01:41,930 --> 00:01:43,350
These are sites that we trust

47
00:01:43,350 --> 00:01:45,170
and we may allow them to actually

48
00:01:45,170 --> 00:01:48,200
download active controls and other things like that.

49
00:01:48,200 --> 00:01:50,040
Then, we have our restricted sites,

50
00:01:50,040 --> 00:01:52,930
things that we want to have a high caution rate with

51
00:01:52,930 --> 00:01:54,740
and we don't trust them at all.

52
00:01:54,740 --> 00:01:56,360
You can actually add sites to these

53
00:01:56,360 --> 00:01:58,530
by going through sites program here

54
00:01:58,530 --> 00:02:00,373
and adding those sites to the list.

55
00:02:01,500 --> 00:02:03,640
Next, we will look at our privacy tab.

56
00:02:03,640 --> 00:02:04,930
This is where you're going to find information

57
00:02:04,930 --> 00:02:07,350
about sites and cookies and pop-ups.

58
00:02:07,350 --> 00:02:10,370
Notice the pop-up blocker is turned on right now,

59
00:02:10,370 --> 00:02:14,090
but if I needed to, I could allow through certain sites.

60
00:02:14,090 --> 00:02:15,330
For instance, I might say

61
00:02:15,330 --> 00:02:18,130
that my website is allowed to have pop-ups

62
00:02:18,130 --> 00:02:20,040
because that's how we do our payrolling

63
00:02:20,040 --> 00:02:21,670
or something of that nature.

64
00:02:21,670 --> 00:02:23,680
And we can go ahead and click close on that.

65
00:02:23,680 --> 00:02:26,683
And we also can allow private extensions to be run.

66
00:02:27,540 --> 00:02:29,020
If we look at our settings here,

67
00:02:29,020 --> 00:02:31,940
do we accept third-party cookies and first-party cookies?

68
00:02:31,940 --> 00:02:34,030
That's going to be a determination we want.

69
00:02:34,030 --> 00:02:36,810
Generally, we're going to block third-party cookies

70
00:02:36,810 --> 00:02:39,483
and we would prompt on our first-party cookies.

71
00:02:41,280 --> 00:02:42,890
Next, we'll look at our content.

72
00:02:42,890 --> 00:02:44,610
This would be what Digital Certificates

73
00:02:44,610 --> 00:02:46,840
we currently have established.

74
00:02:46,840 --> 00:02:48,360
And we also can make sure

75
00:02:48,360 --> 00:02:49,960
we have our autocomplete settings,

76
00:02:49,960 --> 00:02:51,430
based again on your privacy,

77
00:02:51,430 --> 00:02:54,430
you may want to turn off all of your autocomplete settings

78
00:02:54,430 --> 00:02:56,720
so nothing is stored from your information

79
00:02:58,180 --> 00:02:59,640
When we look at our connections,

80
00:02:59,640 --> 00:03:01,530
if you're going to have a proxy server set up,

81
00:03:01,530 --> 00:03:03,260
you're going to go to LAN settings

82
00:03:03,260 --> 00:03:05,870
and you're going to use your proxy server here,

83
00:03:05,870 --> 00:03:08,650
whatever that proxy address is for your corporation,

84
00:03:08,650 --> 00:03:11,470
for instance, it might be proxy 8080.

85
00:03:11,470 --> 00:03:13,520
Again, this depends on your organization.

86
00:03:14,550 --> 00:03:16,270
And then, you can see your programs

87
00:03:16,270 --> 00:03:19,360
and which associated programs you're going to have,

88
00:03:19,360 --> 00:03:20,890
as well as your advanced setting

89
00:03:20,890 --> 00:03:23,790
where there are a ton of different options.

90
00:03:23,790 --> 00:03:25,590
Some of the big ones you want to look at is that

91
00:03:25,590 --> 00:03:30,290
you want to turn off SSL Version 3 and TLS 1.0.

92
00:03:30,290 --> 00:03:31,960
Those are both older protocols

93
00:03:31,960 --> 00:03:36,470
that are not nearly as secure as the newer 1.1 or 1.2.

94
00:03:36,470 --> 00:03:38,400
So, we'll leave those enabled.

95
00:03:38,400 --> 00:03:40,920
You may also want to see what else needs to be taken away,

96
00:03:40,920 --> 00:03:42,330
what warnings do you want,

97
00:03:42,330 --> 00:03:43,800
what things do you want to block?

98
00:03:43,800 --> 00:03:46,150
Do you want to allow active content to be run?

99
00:03:46,150 --> 00:03:47,990
Generally, you don't.

100
00:03:47,990 --> 00:03:50,670
Do you want to have encrypted pages saved to the disk?

101
00:03:50,670 --> 00:03:52,130
Those type of questions.

102
00:03:52,130 --> 00:03:53,560
Again, this is going to depend on

103
00:03:53,560 --> 00:03:56,200
how you want to configure your system completely.

104
00:03:56,200 --> 00:03:57,940
But from the end user's perspective,

105
00:03:57,940 --> 00:03:59,840
this is generally where they're going to go

106
00:03:59,840 --> 00:04:02,780
to make all of the settings for their browser.

107
00:04:02,780 --> 00:04:04,750
Now, as a corporation, though,

108
00:04:04,750 --> 00:04:08,210
we're usually going to push this out through a group policy.

109
00:04:08,210 --> 00:04:10,540
To do that, we would use Gpedit,

110
00:04:10,540 --> 00:04:12,440
which is the group policy editor,

111
00:04:12,440 --> 00:04:14,930
and then, under the administrative templates,

112
00:04:14,930 --> 00:04:18,280
under Windows Components and then Internet Explorer

113
00:04:18,280 --> 00:04:20,520
or whichever browser you're using.

114
00:04:20,520 --> 00:04:22,480
Now, once I get here to Internet Explorer,

115
00:04:22,480 --> 00:04:24,660
you will see that we have a long list of things

116
00:04:24,660 --> 00:04:26,900
that we can turn on and turn off

117
00:04:26,900 --> 00:04:28,060
For example,

118
00:04:28,060 --> 00:04:31,540
Do we want to turn off ActiveX opt-in prompts?

119
00:04:31,540 --> 00:04:32,510
This would mean that it's going to

120
00:04:32,510 --> 00:04:34,460
right now, it's turned off,

121
00:04:34,460 --> 00:04:37,040
which means that that prompt will show up

122
00:04:37,040 --> 00:04:38,240
and give the user the ability

123
00:04:38,240 --> 00:04:41,170
to accept or reject ActiveX controls.

124
00:04:41,170 --> 00:04:42,770
That's a poor security practice.

125
00:04:42,770 --> 00:04:46,500
So instead, we would want to go ahead and turn that on,

126
00:04:46,500 --> 00:04:48,810
which means that it will block ActiveX

127
00:04:48,810 --> 00:04:51,200
from running and not ask the user.

128
00:04:51,200 --> 00:04:53,510
Again, as you go through the different settings,

129
00:04:53,510 --> 00:04:56,230
each one will tell you what it has to do with.

130
00:04:56,230 --> 00:04:57,230
We're not going to spend the time

131
00:04:57,230 --> 00:04:59,750
to go through each one individually here.

132
00:04:59,750 --> 00:05:00,583
But for example,

133
00:05:00,583 --> 00:05:03,410
if I want to know about turning on ActiveX filtering,

134
00:05:03,410 --> 00:05:04,270
if you double click it,

135
00:05:04,270 --> 00:05:06,630
it will tell you what the policy is used for

136
00:05:06,630 --> 00:05:08,620
and then you can make an intelligent decision

137
00:05:08,620 --> 00:05:10,930
on whether you're going to enable it or disable it,

138
00:05:10,930 --> 00:05:12,670
based on those things.

139
00:05:12,670 --> 00:05:15,440
Once you save this, you can save it as a policy

140
00:05:15,440 --> 00:05:17,670
and push it out across your domain

141
00:05:17,670 --> 00:05:19,470
using your active domain controller.