2.11 - Browser Security

Browser Security Overview

Importance of Using Legitimate Browsers

  • Ensure the browser is from a legitimate source.

  • Avoid downloading browsers from untrusted websites to prevent unauthorized access to systems.

  • This follows best practices similar to installing any software.

Best Practices for Downloading Browsers

  • Refrain from clicking links in emails to download browsers.

  • Always type the browser name directly into the search engine and access the developer's site.

  • Verify file integrity by checking the hash of the downloaded file:

    • Use an application or utility to create hashes from specific inputs.

    • Utilities available in Mac OS or Linux command line; Windows utilities in Microsoft Store.

    • Hashes typically provided on the Download page (e.g., Linux ISOs accompanied by SHA256SUM).

Hashing and File Integrity

  • The SHA256 hashing algorithm can be utilized for verifying file downloads.

  • Process:

    • Run the SHA256 hash on the downloaded file using a tool (e.g., Hash Checker).

    • Compare the generated hash with the one on the developer’s website.

  • If hashes match, the file is identical to the developer's version.

  • If not, reassess the downloaded file for potential issues.

Keeping the Browser Updated

  • Regularly update the browser for enhanced security.

  • Most browsers include an Update Manager that checks for updates daily.

  • Automatic updates may be enabled for seamless installation.

Browser Features: Extensions and Add-Ins

  • Extensions enhance browser capabilities but should be sourced from trusted locations (official app stores).

  • Risks associated with third-party extensions:

    • Can have the same level of control as the browser itself.

    • Examples of malicious extensions identified (March 2021), unknowingly installed and stealing user credentials.

Credential Management

  • Utilize a third-party password vault to securely manage credentials.

  • Benefits of a password vault:

    • Stores unique and strong passwords for every site, preventing password reuse across different platforms.

    • Often encrypts data, enhancing security for stored login information.

    • Synchronizes data across devices to ensure accessibility.

Password Vaults in Business Environments

  • Explore options for corporate-specific password management solutions.

Understanding Certificate Errors

  • Common messages: “This connection is not private” or “This certificate is not valid.”

  • Investigate certificate details to determine the cause of the error:

    • Expired certificate, incorrect domain, or untrusted certificate authority.

    • Ensure the computer has the correct date and time settings.

  • Example site for testing: badssl.com to observe various certificate error scenarios.

Pop-Up Windows and Security

  • Modern browsers include pop-up blockers to mitigate unwanted ads or malicious content.

  • Choose to disable the blocker for trusted sites rather than entirely disabling it.

Managing Browsing Data

  • Browsing data includes history, saved passwords, and downloaded files.

  • Control privacy settings by clearing browsing data when necessary:

    • Cached files, cookies, and unnecessary stored data.

    • Useful for troubleshooting application issues or enhancing privacy.

Private Browsing Mode

  • Enables browsing without saving cache or local data:

    • Ideal for using other’s or public computers without leaving a data trail.

    • Assists in troubleshooting by providing a clean session upon new visits.

Synchronization of Browser Data

  • Synchronize browsing history, bookmarks, and extensions across devices.

  • Requires logging into the browser for cloud storage of configurations.

  • Benefits include a consistent user experience on multiple devices.

Ad Blockers and Privacy Controls

  • Include ad blockers but often don't remove all advertising.

  • Browsers may offer privacy options to restrict third-party tracking.

  • Trade-offs exist between privacy and content access.

Organizational Use of Proxies

  • Proxies act as intermediaries between internal networks and internet websites.

  • Functions of proxies include:

    • Block unwanted website access.

    • Inspect responses for malicious content.

    • URL filtering, access control, and local caching.

Explicit and Transparent Proxies

  • Explicit proxy requires user configuration in browser settings for IP address and authentication details.

  • Transparent proxy operates without user configuration, automatically filtering requests.

Proxy Settings

  • Easy access to configure proxy settings in browsers, especially for Windows users.

Secure DNS

  • Implementing Secure DNS (e.g., DNS over HTTPS) to enhance security against packet interception.

  • Option to enable/disable within browser settings (e.g., Chrome).

Browser Extension Management

  • Manage extensions through the browser’s management features.

  • It is recommended to only install trusted extensions and regularly review their existence via the extension manager.