Security Solutions
2-35
Customer Needs Assessment
Determine Your Endpoint Integrity Requirements
Other tests relate to security settings in Internet Explorer, which allows you
to define zones:
■ Intranet zone—allows you to define intranet sites that are inside the
company’s firewall
■ Trusted zone—allows you to identify safe Web sites that you or your
company trusts
■ Restricted zone—allows you to identify the sites that are not trusted or
are known to host adware or other malware
■ Internet zone—includes all Internet sites that are not defined as part of
other zones
You can define these zones as part of your Microsoft domain settings, or you
can allow users to define their own zones. For tighter security, you should
define the zones as part of your domain settings. Otherwise, you are leaving
security in the hands of your users; they can (and will) add any Web site to
their trusted zone.
Using endpoint integrity checking, you can enforce a security setting for each
of these zones:
■ High—Disables all ActiveX controls and plug-ins. Disables file downloads
and prompts users to approve font downloads. Disables or prompts for
other miscellaneous options. Disables scripting languages, and does not
allow automatic logins.
■ Medium—Enables some ActiveX controls, while disabling others and
prompting users to authorize some controls. Enables downloads, script-
ing languages, and automatic logins to the company’s intranet. Enables
some miscellaneous options, but disables or prompts users to authorize
others.
■ Medium-low—Provides slightly less stringent controls than the medium
setting. Enables some ActiveX controls, while disabling others and
prompting users to authorize some controls. Enables downloads, script-
ing languages, and automatic logins to the company’s intranet. Enables
some miscellaneous options, but disables or prompts users to authorize
others.
■ Low—Enables ActiveX or prompts users to authorize the ActiveX con-
trols. Enables downloads, scripting languages, and automatic logins.
Enables miscellaneous options or prompts users to authorize these
options.