In the previous chapter, we
Internet Explorer 5 is the Web-browsing technology incorporated into Windows 2000. It's used to access Web data and FTP data, as well as Windows networking information. Most people think of Internet Explorer as the process called Iexplore.exe; however, you must consider that the Internet Explorer Web-browsing technology is deeply integrated with many aspects of the Windows 2000 graphical shell. This is because the technology is highly componentized. It's possible, for example, to include links to your favorite Web sites in Microsoft Management Console (MMC). One of the authors has a standard set of tools he uses all the time in an MMC console, one of which is a link to the Microsoft security pages at www.microsoft.com/security , as shown in Figure 4-1.
The following sections regarding Internet Explorer security include
Figure 4-1. A set of standard tools in MMC, including a link to the Microsoft security pages.
A major threat
Even though a Web site might require SSL/TLS only for handling sensitive information, such as passwords or credit card
numbers, you can opt to use SSL/TLS for all aspects of the Web server's operations simply by entering HTTPS rather than HTTP as the protocol. Note, however, that this will not work for Web servers that do not support SSL/TLS.
IP Data and Postcards
Think of Internet traffic, which is
composedof IP packets (that is, units of information transmitted from sender to destination network and station), as postcards. Postcards travel from a source to a destination, sometimes through multiple intermediaries, and they can be read by anyonealong the way .
You'll know if you're using SSL/TLS because Internet Explorer will display a bright yellow lock at the bottom of the screen. You can also check the strength of the encryption key by positioning the mouse pointer over the lock; a ToolTip will appear and display the information, as shown in Figure 4-2. Double-clicking on the lock displays the Web server's SSL/TLS certificate.
Figure 4-2. Looking at the SSL/TLS encryption strength in Internet Explorer.
SSL/TLS is explained in this chapter in "SSL/TLS and Certificates," in Chapter 5, "Internet Information Services Security Overview," and in Chapter 9, "Practical Privacy, Integrity, Auditing, and Nonrepudiation."
You might not see the lock icon if you are invoking Internet Explorer technology from something other than the Internet Explorer process. So be careful not to transfer confidential data over the Web unless you have no doubt that the channel is secured.
In addition, you might not see the lock in Internet Explorer when HTML
framesare used, because parts of the frameset might be using HTTP and other partsmight be using HTTPS. In this case, the padlock is not shown even though the data is protected by SSL/TLS. However, if you right-click a frame and choose Properties from the context menu, you'll see that the page is using SSL/TLS.