Tailored Cyber Security.

The Basics of Web Browser Security

As the title eludes to, we’ll be discussing web browsers. We’ll get into which to use and not to, plugins, settings, etc.

TL;DR
– Don’t use Internet Explorer; use Chrome or Firefox
– Adblock Plus, Disconnect, and HTTPS Everywhere are awesome plugins
– Extra security
  – Don’t go to sketchy sites
  – Don’t let Flash, Java, or similar applications run all willy nilly
  – Change your user agent string
  – Noscript if you’re crazy

Browsers:
Hard and fast rule: Don’t use Internet Explorer. In future postings I’ll show the powers of browser exploitation and break it down by the numbers to show why Internet Explorer is so vulnerable. Google Chrome and Mozilla Firefox are two of the most solid options. These are not immune to exploitation but they’re a healthy amount safer.

Plugins: 
Whatever browser you find yourself surfing the web on you should check into the plugins or addons available. My go-to plugins are Adblock Plus, Disconnect, and HTTPS Everywhere. Adblock Plus will block popups, sidebar ads, and every once in a while those ads you get at the beginning of videos. Disconnect is a sweet plugin that blocks just about every method of tracking that Google and so many other sites use to keep tabs on their customers. HTTPS Everywhere is essential. It forces the use of an SSL secured connection if it’s available. A lot of sites make HTTPS their default but you can take the power into your own hands, and automate it, by using this plugin. Shoutouts to Web of Trust (WoT), Ghostery, WorldIP, Firebug, and TamperData. A special shoutout to LastPass but I didn’t mention that because I’ll dedicate a whole posting to it.

Technical Rant:
So, you ask me to get a bit more technical yes? How do I make my browser more secure? There are a ton of things you can do actually. The most important thing to understand is that a lot of browser exploitation is done through applications they run, like Java or Flash, instead of on the browser itself. In this case it doesn’t matter what browser you have.

The first step, don’t go to sketchy sites. Web of Trust (mentioned in a shoutout above) will rate sites and warn you if a site you’re about to visit is questionable.

You can disable applications like Java and Flash from automatically running. This will give you one last chance to cover your ass from hackers about to break into your gadgetry.

You can do some really 1995 style of configuration change that will throw off the script kiddies by changing your user agent string. Browser_autopwn (google it if you have questions) actually uses this string to identify your browser (as do all legitimate sources as well) when decided which exploit to throw. If your user agent string says Opera but you have Firefox it will trick that attack. With that being said, not a huge fan of security through obscurity but it’s a step.

Finally, NoScript is another plugin that blocks pretty much everything and sends your browser to the stone age. Use it if you know how to customize it and if you’re paranoid about staying secure.

Leave a Reply