10.7 Security zones

As mentioned above, Microsoft Internet Explorer (since version 4.0) implements and makes use of a highly granular code signing technology and system (i.e., Authenticode) to extend privileges to executable or active content (e.g., Java applets, ActiveX controls). We also mentioned previously that a highly granular code signing system has the disadvantage that the configuration and proper use of it is difficult in practice.

Against this background, Microsoft developed and implemented a model that allows a user to divide the Internet into security zones and to configure each security zone individually. In this model, the term security zone refers to a group of Web sites in which a user has the same level of trust. Some zones may be trustworthy (e.g., the intranet zone), whereas some other zones may not be trustworthy at all (e.g., the Internet zone). In either case, the trustworthiness of a zone directly influences its security configuration (i.e., the more trustworthy a zone is, the more things will typically be allowed). The aim of security zones is to simplify the configuration and proper use of a security- related system (e.g., a code signing system).

As illustrated in Figure 10.1, Microsoft Internet Explorer comes along with four security or Web content zones that can be configured individually:

The Internet zone contains all Web sites that are not assigned to any other security zone.
The local intranet zone contains all Web sites that are located on the intranet. As such, it is assumed that these sites are protected by a firewall and that they can be assigned far-going access privileges accordingly .
The trusted sites zone contains Web sites that are located on the Internet, but can still be considered to be trustworthy. The Web sites of partner companies and customers are good candidates for trusted sites. Similar to the sites from the local intranet zone, these sites can be assigned far-going access privileges.
Contrary to that, the restricted sites zone contains Web sites that are not considered trustworthy. In fact, this zone represents the ˜ ˜black list. Consequently, these sites must be severly restricted in terms of access privileges assigned to them.

Figure 10.1: Microsoft Internet Explorer s Security menu to configure security zones. ( 2002 Microsoft Corporation.)

As also illustrated in Figure 10.1, a security level must be assigned to each of these four zones individually. Either one of the four predefined levels can be chosen using the slider, or the detailed behavior for the level must be customized pressing the Custom Level. . . button. For example, Figure 10.2 illustrates the Security Settings menu that pops up if the user presses the Custom Level. . . button for the Internet zone. Again, there is a possibility to make use of some default values and to reset the custom settings to High, Medium, Medium-low, or Low. If the user wants to individually define his or her custom setting for the Internet zone, he or she can do so by clicking the corresponding checkboxes. Figure 10.2 illustrates some checkboxes to configure the use of signed and unsigned ActiveX controls. There are many other questions that must be answered if one wants to define a custom setting from scratch. This is not something that average Web users want to do.

Figure 10.2: Microsoft Internet Explorer s Security Settings menu to configure the Internet zone. ( 2002 Microsoft Corporation.)

In either case, the idea of defining and using security zones to simplify the configuration and proper use of a browsers security settings is something useful. It is possible and likely that future browsers (and other client software packages) will make use of it. It is, however, an open question, whether four security zones (as implemented, for example, in Microsoft Internet Explorer) is an optimal choice.