Secure Florida offers...
- Security Alerts
- C-Safe Classes
- News and Info
create an account
How To Secure Your Web Browser
These security settings are recommended by the California Institute of Technology, as well as recommendations from CERT at Carnegie Mellon University. SecureFlorida.org recognizes that disabling Java Scripting can cause some Internet-based utilities to run improperly. For answers to questions or concerns, visit the links provided below, or contact your network security professional.
Using Internet Explorer 5 or higher
These instructions apply to Internet Explorer versions 5 or higher; if you are using an earlier version, these instructions may not work correctly. (To determine your software version, from the Help menu, select About Internet Explorer. A dialog box appears with information about your browser, including the version number.) If you are using a version of Internet Explorer lower than version 5, Microsoft recommends that you upgrade to a newer version.
- Start the Internet Explorer web browser.
- From the Tools menu select Internet Options. The Internet Options dialog box appears.
- Select the Security tab. The Security Options panel appears.
- Click on the picture of the planet labeled "Internet" to select it (it should already be selected.)
- Click the Custom Level button. The Security Settings dialog box appears.
- Select the Medium option from the pull-down list if it not already selected.
- Click the Reset button. A dialog box appears asking if you are sure you want to change the security settings for this zone. Click Yes.
- You now need to scroll through the settings list and make the additional changes listed in the following steps.
- For the option "Scripting ActiveX controls marked safe for Scripting," check "Prompt."
- For the option "Java permissions," check "Disable Java." Note: If you have Microsoft Virtual Machine installed, this setting will be under the Microsoft VM section. If you do not have a Java permissions setting, Java is already disabled.
- For the option "Active scripting" under the Scripting section, check "Disable."
- Click OK to accept these changes. A dialog box appears asking if you are sure you want to make these changes.
- Click Yes.
- In the Internet Options dialog box, click the Advanced tab. The Advanced Options panel appears.
- Under the Security settings, check "Warn if changing between secure and not secure."
- Click Apply to save your changes.
- Click OK to close the Internet Options dialog box.
Microsoft maintains a site with security announcements and updates, geared mostly toward system administrators.
Using Firefox 1 and higher
- Start the Mozilla Firefox web browser.
- Select Tools, then Options.
- Under the Privacy category, select the Cookies tab. You can disable cookies or change your preferences for how the browser handles them. In general, we recommend enabling cookies for the original site only. Additionally, by enabling the option unless I have removed cookies set by the site, a web site can be "blacklisted" from setting cookies when its cookies are removed manually. You may also choose to only keep cookies until I close Firefox. This will delete all cookies when you close Firefox, if you're concerned about privacy. A downside is that web sites will not remember your preferences the next time you log in to them.
- Many web browsers will allow you to store login information. In general, we recommend against using such features. Should you decide to use the feature, ensure that you use the measures available to protect the password data on your computer. Under the Privacy category, the Passwords tab contains various options to manage stored passwords, and a Master Password feature to encrypt the data on your system. We encourage you to use this option if you decide to let Mozilla Firefox manage your passwords.
- The Content category has an option to Enable Java. Java is a programming language that permits web site designers to run applications on your computer. We recommend disabling this feature unless required by the site you wish to visit. If you determine the site is trustworthy, you would enable Java and then, when finished visiting the site, we recommend disabling Java until you need it again.
- The Warn me when web sites try to install extensions or themes option will display a warning bar at the top of the browser when a web site attempts to take such an action.
- The Downloads category has an option to modify actions taken when files are downloading. Any time a file type is configured to open automatically with an associated application, this can make the browser more dangerous to use. Click the View & Edit Actions button to view the current download settings and modify them if necessary. The Download Actions dialog box shows the fie types and the actions the browser will perform when it encounters a given file type. For any file type listed, click on either Remove Action or Change Action. If you click on Change Action, select Save them on my computer to save files of that type to the computer. This helps prevent automated exploitation of vulnerabilities that may exist in these applications.
- Firefox includes a feature to Clear Private Data. This option will remove potentially sensitive information from the web browser. Select Tools from the top menu of your Firefox browser, then select Clear Private Data to use this privacy feature.
For more information on Mozilla security alerts and announcements, you can see their site regarding the issue.
Safari supports many of the same features as Mozilla Firefox. This section describes steps to disable various features in Safari.
- Start the Safari browser.
- Mac users: Select Safari from the top menu and then select Preferences.
Windows users: Select Edit from the top menu and then select Preferences.
- Under the General category, we recommend that you save downloaded files to a temporary folder that you create for downloading files. For Mac users, we also recommend that you deselect the Open "safe" files after downloading option.
- Under the Autofill category, you can select what types of forms your browser will fill in automatically. In general, we recommend against using AutoFill features. If someone can gain access to your computer, or to the data files, then the AutoFill feature may permit them even easier access to other sites that they would not otherwise have the ability to access.
- The Security category provides several options. The Web Content section permits you to enable or disable various forms of scripting and active content. We recommend disabling the first two options in this section, and only enabling them when you require the functionality of these features. We recommend selecting the Block Pop-up Windows option. You can also limit cookies to the sites you navigate to by selecting the option Only from sites you navigate to. This will permit sites that you visit to set cookies, but not third-party sites. We also recommend selecting the Ask before sending a non-secure form to a secure website option. This will alert you when data is sent to a secure web site over an insecure channel.
For more information on Apple's security announcements and updates, you can see their site regarding the issue.