InPrivate Mode is the Internet Explorer equivalent of Chrome’s Incognito mode. For those who have never used either before, it’s simply a way to privately browse the web without leaving a trace on your PC. It does this by only keeping browsing data within your session. When you close an InPrivate session its deletes:
- All cookies from that session
- Your browsing history
- Any objects that may have been in your browser cache
To open InPrivate browsing session, click on Safety and then choose InPrivate browsing.
You can tell when you are in InPrivate mode by looking at the URL bar.
Internet Explorer has a few other security features that you need to know about for the exam. However, you just need to know what they are and that they are built-in features, so let’s take a look.
Internet Explorer comes with its own Popup blocker to stop those pesky adverts from opening. The popup blocker works on a whitelist system where by default all popups are blocked and you can allow popups on certain websites by whitelisting the URL. To whitelist a URL, click on Tools, select Pop-up Blocker and then Pop-up Blocker Settings.
Then type in the URL of the site and click add.
Many websites generate income from adverts that originate from a third party advertising company, that means that the content you see on a webpage doesn’t originate from the website that you think you are on. While that isn’t uncommon in practice, over the years advertising companies have caught on and started using these adverts to build a profile of the websites you visit so that they can show you targeted adverts. InPrivate Filtering sets out to stop this and does so by blocking any content that originates from any site other than the one you are on.
Protected Mode takes advantage of three Windows components, UAC (User Account Control), MIC (Mandatory Integrity Control) and UIPI (User Interface Privilege Isolation). Together they allow you to run Internet Explorer with a low integrity level, even if you are logged in as an administrator. The idea is that even if an attacker somehow gets access to the IE process they will be very limited in what they can do.
The SmartScreen filter consists of three components. Firstly, its has a heuristics engine that analyses webpages for suspicious behavior as you browse the web and will warn you to proceed with caution. Secondly, it helps against phishing attacks by checking the URL of websites you visit against a list of known phishing websites and blocks them if necessary. Finally, it checks any files you download against a list of programs that are known to be unsafe.
Imagine you own a bank and open an online banking portal, but the problem is your customers are hesitant to use it because they don’t know if they are in fact connecting to your bank. This is an issue of identity verification and is what certificates were designed for.
It all starts with a few select companies called Public Certification Authorities, who we automatically trust. The reason we trust them is because we have a small file for each company, called a certificate, which lives in our Trusted Root Certification Store. When you want to verify your identity you can go to one of these companies, for example Thawte or VeriSign, who will in turn do background checks and then issue you a certificate which you can put on your web server.
Now, when your users connect to your bank’s online portal, their browser will see that the certificate for your bank was created by a company that we already trust. Therefore we can be certain that your bank owns this website. In addition to being able to verify that they are connected to your web servers, the certificates will also be used to encrypt their browsing traffic.
You can see who verified a website by clicking on the lock in the URL bar.
Today we went through nearly every feature the browser has to offer, so feel free to take the day off.
If you have any questions you can tweet me @taybgibb, or just leave a comment.