A web browser is a software that allows you to access the websites, acting as a portal to the internet. Examples of web browsers are Internet Explorer and Safari. With increased threats and attacks, it was observed that certain attacks could be halted at the web browser setting. Thus web browser security is an essential criterion to safeguard user’s data which could be easily accessible by attackers. An organization like LIFARS is providing Cyber Resiliency Program to immediately respond to cyber incidents and breaches.
Operating Mechanism of Browser-Based Cyber threats
Considering a scenario described by research,
“Windows user visits a seemingly benign but now malicious website, possibly one he or she has visited before, or as the result of an enticing email. As soon as a connection occurs, the user’s browser begins interacting with the site. Assuming the system is using JavaScript, which according to research firms like Web Technology Surveys, 94% of all websites do and over 90% of browsers have it enabled, the browser will immediately download and start executing JavaScript files from the malicious website.”
As defined in the above scenario, Javascript can manifest a code that will make the user data much vulnerable to the attacker. Thus if sensitive data is used in any scenario where cautious web browser security settings are not provided, the user data will be prone to any attack.
As described in the above report
“For instance, one method malware authors use to accomplish this is by embedding an obfuscated Adobe Flash file within the JavaScript. Flash is frequently used due to its seemingly never-ending set of vulnerabilities.”
Where can you find the settings?
Different web browsers have different security settings to be defined. To check the correct setting is the responsibility of a user. These customized settings are useful to ensure that the information from the user is not as vulnerable to the attacker. Each web browser is different, hence setting options are available at different locations.
For example, In Internet Explorer, these settings can be found by clicking Tools on your menu bar, -> Internet Options -> Security tab -> Custom Level button.
In Firefox, the navigation path is Tools (menu bar) -> Options -> Content, Privacy-> Security tabs to explore the basic security options.
How do we keep web security sanity?
Various points to consider while making our web browser settings secure are as below:
- Update your Web browser to the latest version: It is recommended to keep the browser updated in order to get any latest fix provided in the update.
- Select Automatic clear history option when you exit from the browser
- Configure browser Privacy and security settings: Review your browser’s privacy and security settings to make sure the settings make your browser access secure with what’s checked or unchecked. For example, look to see if your browser is blocking third-party cookies, which can enable advertisers to track your online activities.
- Do not make any private data entry on Public Computers: It is important to note that making any private entry on public computers or using public internet makes the data vulnerable. Being set up for multi-factor authentication can also help mitigate the threat of your password stolen by a public computer. When you finish using a public computer, always clear the browser data, completely close out of the browser, and restart the computer.
- Do not store passwords in your browser: To make the task easy, usually, users save their home banking, credit card or other confidential passwords on their browser. Though this makes it easier for the user to access their data but makes this data very much vulnerable for attack
- Using encrypted connections to access websites: Be cautious of using an encrypted connection to access the website you are browsing. In most web browsers, you will see this in the address bar as “http” (not encrypted) or “https” (encrypted). Some browsers have stopped showing “http” or “https” and instead use a green lock icon representing encrypted and a red, yellow, or gray warning symbol for not encrypted.
If your connection to a website you are browsing is not encrypted, the data you send to that website (including passwords and credit card numbers) may be viewable by others.
- Uninstall Plug-ins with poor security: Browser plug-ins such as Java and Flash have a poor security reputation and most web browsers have either blocked them out or are in the process of blocking them out.
Unfortunately, some applications built around these plug-ins have been slow to shift to more modern alternatives. If you don’t absolutely need a particular plug-in to get your job done, you should uninstall it completely.
- Scrutinize extensions: Browser extension is an important feature to be aware of when considering the security and privacy implications. Extensions are written by third-party developers and which when installed allow your web browser to share some or all of your browsing data with the extension. Attackers can create malicious extensions designed to steal your private data.
- Consider disabling JavaScript, Java, and ActiveX controls.
- Block pop-up windows: Some of these pop-ups may be malicious and hide attacks. This may block malicious software from being downloaded to your computer
For specific browser security and privacy settings, read the recommendations and steps outlined in the Department of Homeland Security’s “Securing Your Web Browser”. The guide also explains browser features and their associated risks, such as ActiveX, Java, certain plug-ins, cookies, and JavaScript.