How to Secure Your Browser and Delete Cookies in Internet Explorer
Follow the steps below to change settings for Internet Explorer:
From the Internet Explorer browser window, select the Tools Menu, Internet Options.
Privacy Tab
The Privacy tab contains settings for cookies. CSU IT Security policy requires cookies and cached pages to be cleared at least weekly. Cookies are small files placed on your computer by web sites to store data specific to that site. Cookies are a privacy risk because they reveal browsing habits. They can also be a security risk since they can reveal sensitive personal information such as user names, account numbers, and passwords. There are 2 types -- session cookies that are cleared when the browser is closed, and persistent cookies that remain until they expire or are deleted. The rest of this document addresses removing persistent cookies.
From the Privacy tab, select the Advanced button.
From the Advanced Privacy Settings dialog box, select the check box for Override automatic cookie handling. Then select the check box for both first and third-party cookies. This will prompt you each time a site tries to place a cookie on your machine. If the number of cookie prompts is too excessive, the option to Always allow session cookies can be enabled. This will allow non-persistent cookies to be accepted without user interaction. Session cookies have less risk than persistent cookies.
Once your cookie settings are in place, you can then decide whether to accept or deny cookies from the website being viewed (allow or block, with the option to remember the decision for all future cookies from that website).
For example, if visiting a web site causes a cookie prompt from a web domain that is associated with advertising, you may wish to click Block Cookie to prevent that domain from being able to set cookies on your computer, for privacy reasons.
Select the Sites button from the Privacy tab to manage the cookie settings for specific sites.
You can add or remove sites, and you can change the current settings for existing sites. The bottom section of this window will specify the domain of the site and the action to take when that site wants to place a cookie on your machine. You can use the upper section of this window to change these settings.
Alternatively, if you do not wish to receive warning dialogs when a site attempts to set a cookie, you can use Internet Explorer's pre-set privacy rules. Click the Default button on the Privacy tab and then drag the slider up to High. Note that some web sites may fail to function properly with the High setting. In such cases, you may add the site to the list of sites for which cookies are allowed, as described above.
Remove Stored Cookies from Internet Explorer
Remove stored cookies from the Internet Explorer browser by selecting Tools, Internet Options, General tab.
Select the Delete button from the Browsing History section of the dialog box.
From the Delete Browsing History dialog box, click on the Remove Cookies button.
Internet Explorer will ask for a delete confirmation prior to deleting cookies. Select the Yes button.
Close the Delete Browsing History dialog box and Internet Options (click on the OK button) dialog box when finished.
Security Tab
Internet Explorer uses various security zones. More detailed information about Internet Explorer security zones is available in the Microsoft document Setting Up Security Zones.
Each zone can have a Custom Level of Protection. Select the Custom Level button for each zone to apply custom security settings.
For a selected zone, select the Custom Level button to Enable or Disable settings.
Setting security options through the Custom Level for each zone will allow for more control over what features are allowed. Default Values for the High security setting can be set my selecting High from the Reset to drop-down menu and clicking on the Reset button to apply the changes.
The Internet zone security options apply to all the web sites not listed in the other security zones. The High security setting is recommended for the Internet zone. A High security setting for the Internet zone will disable several features including ActiveX, Active scripting, and Java, making the browser more secure.
Select the Default Level button from the Security tab of the Internet Options dialog box and change the settings to High.
The Trusted Site zone is for sites that you consider "safe". To add or remove sites from the Trusted Site zone, select the Sites button.
From the Trusted Sites dialog box, Add or Remove websites to the Trusted Site zone.
Tip: You may also require that only verified sites (HTTPS) can be included in this zone. This gives you greater assurance that the site you are visiting is the site that it claims to be.
We recommend setting the security level for the Trusted sites zone to Medium-high (or Medium for Internet Explorer 6 and earlier). When the Internet Zone is set to High, you may encounter web sites that do not function properly due to one or more of the associated security settings. This is where the Trusted sites zone can help. If you trust that the site will not contain malicious content, you can add it to the list of sites in the Trusted sites zone. Once a site is added to this zone, features such as ActiveX and Active scripting will be enabled for the site. The benefit of this type of configuration is that IE will be more secure by default, and sites can be “safelisted” in the Trusted sites zone to gain extra functionality.
The Advanced Tab - Browsing Section
Settings for all security zones can be set using the Advanced Tab. It is recommended Third-party browser extension options be set to disable under the Browsing section of dialog box. Third-party browser extensions include tool bars and Browser Helper Objects (BHOs). These objects can can be useful, yet they may violate your privacy by monitoring your web browsing habits or attempting to capture personal information.
The Advanced Tab - International Section
Minimize phishing and spoofing attacks for Internationalized Domain Names (IDN) by setting the option to Enable for Always show encoded addresses option under the International section of the Advanced tab. More details about IDN spoofing can be found in Vulnerability Note VU#273262.
The Advanced Tab - MultiMedia Section
Disable the Play sounds in webpages option under the MultiMedia section of the Advanced tab. Sounds in web pages are rarely integral to web page content, and may also introduce security risks by having the browser process additional untrusted data. This option is for Internet Explorer's ability to natively handle sounds. It will not interfere with other software, such as Adobe Flash or Apple QuickTime.
