DOCSLIB.ORG

Guideline for Securing Your Web Browser P a G E | 2

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Guideline for Securing Your Web Browser P a G E | 2 CMSGu2011-02 CERT-MU SECURITY GUIDELINE 2011 - 02 Mauritian Computer Emergency Response Team Enhancing Cyber Security in Mauritius Guideline For Securing Your Web Browser National Computer Board Mauritius JuJunene 2011 2011 Version 1.7 IssueIssue No. No. 4 2 National Computer Board © Table of Contents 1.0 Introduction .......................................................................................................................... 7 1.1 Purpose and Scope ........................................................................................................... 7 1.2 Audience........................................................................................................................... 7 1.3 Document Structure.......................................................................................................... 7 2.0 Background .......................................................................................................................... 8 3.0 Types of Web Browsers ....................................................................................................... 9 3.1 Microsoft Internet Explorer .............................................................................................. 9 3.2 Mozilla Firefox ................................................................................................................. 9 3.3 Safari ................................................................................................................................ 9 3.4 Chrome ........................................................................................................................... 10 3.5 Opera .............................................................................................................................. 10 3.6 Netscape Navigator ........................................................................................................ 10 4.0 Web Browser Features and Risks ...................................................................................... 11 4.1 ActiveX .......................................................................................................................... 11 4.2 Java ................................................................................................................................. 11 4.3 Plug-ins........................................................................................................................... 12 4.4 Cookies ........................................................................................................................... 12 4.5 JavaScript ....................................................................................................................... 12 4.6 VBScript ......................................................................................................................... 12 4.6.1 Cross-Site Scripting (XSS).......................................................................................... 13 4.6.2 Cross-Zone and Cross-Domain Vulnerabilities .......................................................... 13 4.6.3 Detection evasion ........................................................................................................ 13 5.0 How to Secure Your Web Browser ................................................................................... 14 5.1 Microsoft Internet Explorer ............................................................................................ 14 5.1.1 Security Zones ............................................................................................................. 15 5.1.2 Trusted Sites ................................................................................................................ 17 5.1.3 Managing Cookies....................................................................................................... 18 5.1.4 Advanced Privacy Settings.......................................................................................... 21 5.1.5 Setting Default Applications ....................................................................................... 22 5.2 Mozilla Firefox ............................................................................................................... 23 5.2.1 Browser History and Cookies ..................................................................................... 24 5.2.2 Add-on Options ........................................................................................................... 25 5.2.3 Download Settings ...................................................................................................... 27 5.2.4 Privacy Feature ............................................................................................................ 28 Guideline For Securing Your Web Browser P a g e | 2 National Computer Board © 5.2.5 NoScript Feature ......................................................................................................... 29 5.2.6 Plugins Feature ............................................................................................................ 30 5.3 Apple Safari.................................................................................................................... 31 5.3.1 Preferences Menu ........................................................................................................ 32 5.3.2 AutoFill Feature .......................................................................................................... 32 5.3.3 Security Options .......................................................................................................... 33 5.4 Google Chrome .............................................................................................................. 34 5.4.1 Privacy Settings ........................................................................................................... 35 5.4.2 Phishing and malware detection .................................................................................. 36 5.4.3 Images, JavaScript, and other Web Content Settings .................................................. 37 5.4.4 Managing Exceptions .................................................................................................. 38 5.5 Opera .............................................................................................................................. 38 5.5.1 The Address Field (1) .................................................................................................. 38 5.5.2. Opera's Security Badge (2) ......................................................................................... 39 5.5.3 Security Information ................................................................................................... 40 5.6 Netscape Navigator ........................................................................................................ 42 6.0 Conclusion ......................................................................................................................... 43 7.0 References ..................................................................................................................... 44 Appendix A .............................................................................................................................. 45 Security Terms Explained .................................................................................................... 45 Guideline For Securing Your Web Browser P a g e | 3 National Computer Board © Tables and Figures and Tables Tables Table 1 Phishing and Malware Alerts in Chrome .................................................................... 37 Table 2 Security Badges in Opera ........................................................................................... 39 Figures Figure 1 The “Tools” Tab in Internet Explorer 7 .................................................................... 15 Figure 2 The “Security” Tab in Internet Explorer 7 ................................................................ 16 Figure 3 The “Security” Settings in Internet Explorer 7.......................................................... 16 Figure 4 The “Trusted sites” zone in Internet Explorer 7 ........................................................ 17 Figure 5 Adding secure sites to the “Trusted sites” zone. ....................................................... 17 Figure 6 The “Privacy” Tab in Internet Explorer 7 ................................................................. 18 Figure 7 The “Advanced Privacy” Settings in Internet Explorer 7 ......................................... 19 Figure 8 The “Privacy” alert in Internet Explorer 7 ................................................................ 19 Figure 9 The “Per Site Privacy Actions” in Internet Explorer 7.............................................. 20 Figure 10 The “Internet” Options in Internet Explorer 7 ......................................................... 20 Figure 11 The “Enable third-party browser extensions” setting in Internet Explorer 7 .......... 21 Figure 12 “Encoded addresses” and “sounds” in Internet Explorer 7 ..................................... 22 Figure 13 The “Programs” Tab in Internet Explorer 7 ............................................................ 22 Figure 14 The “Tools” Tab in Mozilla Firefox ........................................................................ 23 Figure 15 The “Main” Tab in Mozilla Firefox .......................................................................
Load more

Recommended publications
  • A Usability Study of the Opera Web Browser and Its Contexts of Use
    User Attitudes and Environmental Factors: A Usability Study of the Opera Web Browser and its Contexts of Use Curtis Peterson Nick Bateman Luke Burnett Introduction Information from a usability study on a product can provide beneficial information for a specified group or individual with user problems, ideas for development, and recommendations for the product. Our usability test compares a new option for browsing the web called Opera with the more familiar browsers Internet Explorer (IE) and Netscape. Opera has recently become available in Michigan Technological University’s Center for Computer-Assisted Language Instruction (CCLI); our intentions were to invite CCLI users to take the test and record the data straight from the actual environment. We found seven participants. Dawn Hayden, the director of the CCLI, accepted our proposal to conduct this test; in turn, we promised to provide her with information for further recommendation of the product, in future considerations of CCLI software. The question we want to answer is this: Is Opera initially impressing users as an improvement over existing web browsers? To answer this question, Opera’s aspects of initial attraction for new users must be defined. There are three areas where a new browser must succeed in impressing intended users: · Adaptability of user features · Accessibility of user option preference · Navigability of user interface. Methodology Imagine you are asked to design your “ideal” web browser that will compete on the big market. True, it is not an easy task. So do you think you could just draw a picture of it? What would your options be? We asked a group of users to do just this exercise during this usability test.
    [Show full text]
  • Browser Security Information
    Browser Security Information Customer security is important to us. Our top priority is to protect the privacy of your personal account information and your financial transactions FirstLine Mortgages is leading the way in Internet banking services and uses several layers of robust security technology to help ensure the confidentiality of transactions across the Internet. The first security level begins with your Web browser. When you access FirstLine Mortgages Internet Site , your browser is checked to ensure that it meets our minimum requirements. Additionally, we only allow customers with browsers that use 128-bit encryption (one of the highest levels of browser security available today) to bank on our web site. But, even with this validation, there are other precautions you should follow to maximize your protection. You have a responsibility to ensure your own security. The browser validation will verify the browser type you are using, your browser encryption level, the version of Netscape or Microsoft browser, as well as Javascript and cookies being enabled. To access -FirstLine Mortgages Internet site , you need to use: • a Netscape browser version 4.06 or better with a minimum 128-bit encryption technology • a Microsoft browser version 4.01 SP2 or better with a minimum 128-bit encryption technology • Javascript (please see below for more information about how to check and enable Javascript support) • Cookies (see below) If your browser does not meet all of these requirements, you will need to upgrade your browser to access the FirstLine Internet Site . To upgrade your browser, select the Netscape or Microsoft button below and download the latest browser version.
    [Show full text]
  • Applying World Wide Web Standards to Embedded Systems
    NASA / TMm2002-211199 AIAA-2001-5107 Embedded Web Technology: Applying World Wide Web Standards to Embedded Systems Joseph G. Ponyik and David W. York Glenn Research Center, Cleveland, Ohio March 2002 The NASA STI Program Office... in Profile Since its founding, NASA has been dedicated to CONFERENCE PUBLICATION. Collected the advancement of aeronautics and space papers from scientific and technical science. The NASA Scientific and Technical conferences, symposia, seminars, or other Information (STI) Program Office plays a key part meetings sponsored or cosponsored by in helping NASA maintain this important role. NASA. The NASA STI Program Office is operated by SPECIAL PUBLICATION. Scientific, Langley Research Center, the Lead Center for technical, or historical information from NASA's scientific and technical information. The NASA programs, projects, and missions, NASA STI Program Office provides access to the often concerned with subjects having NASA STI Database, the largest collection of substantial public interest. aeronautical and space science STI in the world. The Program Office is also NASA's institutional TECHNICAL TRANSLATION. English- mechanism for disseminating the results of its language translations of foreign scientific research and development activities. These results and technical material pertinent to NASA's are published by NASA in the NASA STI Report mission. Series, which includes the following report types: Specialized services that complement the STI TECHNICAL PUBLICATION. Reports of Program Office's diverse offerings include completed research or a major significant creating custom thesauri, building customized phase of research that present the results of data bases, organizing and publishing research NASA programs and include extensive data results.., even providing videos.
    [Show full text]
  • Opera Mini Application for Android
    Opera Mini Application For Android Wat theologized his eternities goggling deathy, but quick-frozen Mohammed never hammer so unshakably. Fain and neverfringillid headline Tyrone sonever lambently. reapplied his proles! Tracie meows his bibulousness underdevelop someplace, but unrimed Ephrayim This application lies in early on this one knows of applications stored securely for example by that? Viber account to provide only be deactivated since then. Opera Mini is a super lightweight browser that loads web pages faster than what every other browser available. Opera Mini Browser Latest News Photos Videos on Opera. The Opera Mini for Android lets you do everything you any to online without wasting your fireplace plan It's stand fast safe mobile web browser that saves you tons of. Analysis of tomorrow with a few other. The mini application for opera android open multiple devices. Just with our site on a view flash drives against sim swap scammers? Thanks for better alternative software included in multitasking is passionate about how do you can browse, including sms charges may not part of mail and features. Other download option for opera mini Hospedajes Mirta. Activating it for you are you want. Opera mini 16 beta android app has a now released and before downloading the read or full review covering all the features here. It only you sign into your web page title is better your computer. The Opera Mini works the tender as tide original Opera for Android This app update features a similar appearance and functionality but thrive now displays Facebook. With google pixel exclusive skin smoothing makeover tool uses of your computer in total, control a light.
    [Show full text]
  • Release Notes (PDF)
    RELEASE NOTES April 2020 Elcomsoft Internet Password Breaker Version 3.10 Elcomsoft Internet Password Breaker instantly extracts passwords, stored forms and AutoComplete information from popular Web browsers and email clients. Obtain individual passwords or export all data in order to build a perfect custom dictionary for password recovery attacks performed with other tools. Summary In this release, Elcomsoft Internet Password Breaker receives an update to add compatibility with the newest addition to the Web browser family. This release introduces support for the latest Chromium-based Microsoft Edge browser for both 32-bit and 64-bit Windows editions. In addition, the tool was updated to support the latest builds of Google Chrome, Opera and Chromium. Essential updates The Chrome update The latest versions of Chrome no longer employ Microsoft DPAPI for protecting stored passwords. Instead, the passwords are protected with industry-standard AES 256 GCM encryption, while DPAPI is only used to protect the vault encryption key. The latest versions of Opera, Chromium, and new Microsoft Edge browsers are based on the same encryption scheme. Elcomsoft Internet Password Breaker 3.10 was updated to support the latest encryption scheme employed in the latest versions of Chromium-based Web browsers. Microsoft Edge (Chromium edition) With Microsoft planning to ship the new Chromium-based Edge browser with every Windows installation, Microsoft Edge can become Chrome’s major competitor. Thanks to using the same engine as Google Chrome, Microsoft is offering a straightforward migration path by importing data including stored passwords in a click of a button. New Elcomsoft Internet Password Breaker 3.10 retrieves user-saved and synchronized passwords from the new Microsoft Edge (Chromium) browser, both 32-bit and 64-bit.
    [Show full text]
  • HTML5 and the Open Web Platform
    HTML5 and the Open Web Platform Stuttgart 28 May 2013 Dave Raggett <[email protected]> The Open Web Platform What is the W3C? ● International community where Members, a full-time staff and the public collaborate to develop Web standards ● Led by Web inventor Tim Berners-Lee and CEO Jeff Jaffe ● Hosted by MIT, ERCIM, Keio and Beihang ● Community Groups open to all at no fee ● Business Groups get more staff support ● Technical Working Groups ● Develop specs into W3C Recommendations ● Participants from W3C Members and invited experts ● W3C Patent process for royalty free specifications 3 Who's involved ● W3C has 377 Members as of 11 May 2013 ● To name just a few ● ACCESS, Adobe, Akamai, Apple, Baidu, BBC, Blackberry (RIM), BT, Canon, Deutsche Telekom, eBay, Facebook, France Telecom, Fujitsu, Google, Hitachi, HP, Huawei, IBM, Intel, LG, Microsoft, Mozilla, NASA, NEC, NTT DoCoMo, Nuance, Opera Software, Oracle, Panasonic, Samsung, Siemens, Sony, Telefonica, Tencent, Vodafone, Yandex, … ● Full list at ● http://www.w3.org/Consortium/Member/List 4 The Open Web Platform 5 Open Web Platform ● Communicate with HTTP, Web Sockets, XML and JSON ● Markup with HTML5 ● Style sheets with CSS ● Rich graphics ● JPEG, PNG, GIF ● Canvas and SVG ● Audio and Video ● Scripting with JavaScript ● Expanding range of APIs ● Designed for the World's languages ● Accessibility with support for assistive technology 6 Hosted and Packaged Apps ● Hosted Web apps can be directly loaded from a website ● Packaged Web apps can be locally installed on a device and run without the need for access to a web server ● Zipped file containing all the necessary resources ● Manifest file with app meta-data – Old work on XML based manifests (Web Widgets) – New work on JSON based manifests ● http://w3c.github.io/manifest/ ● Pointer to app's cache manifest ● List of required features and permissions needed to run correctly ● Runtime and security model for web apps ● Privileged apps must be signed by installation origin's private key 7 HTML5 Markup ● Extensive range of features ● Structural, e.g.
    [Show full text]
  • But Were Afraid to Ask!)
    05_576593 ch01.qxd 10/12/04 9:55 PM Page 9 Chapter 1 All You Ever Wanted to Know about JavaScript (But Were Afraid to Ask!) In This Chapter ᮣ Understanding a working definition of JavaScript ᮣ Dispelling common JavaScript misconceptions ᮣ Getting started with JavaScript tools ᮣ Finding information online aybe you’ve surfed to a Web site that incorporates really cool features, Msuch as ߜ Images that change when you move your mouse over them ߜ Slideshow animations ߜ Input forms with pop-up messages that help you fill in fields correctly ߜ Customized messages that welcome repeat visitors By using JavaScript and the book you’re reading right now you can create all these effects and many more! The Web page in Figure 1-1 shows you an example COPYRIGHTEDof the kinds of things that you canMATERIAL look forward to creating for your own site. A lot has changed since the previous edition of JavaScript For Dummies came out. Perhaps the biggest change is the evolution of DHTML, or dynamic HTML. DHTML refers to JavaScript combined with HTML and cascading style sheets, and it’s a powerful combination you can use to create even more breathtak- ingly cool Web sites than ever before. 05_576593 ch01.qxd 10/12/04 9:55 PM Page 10 10 Part I: Building Killer Web Pages for Fun and Profit Figure 1-1: JavaScript lets you add interactive features to your Web site quickly and easily. Along with this increased power comes increased complexity, unfortunately — but that’s where this new, improved, better-tasting edition of JavaScript For Dummies comes in! Even if you’re not a crackerjack programmer, you can use the techniques and sample scripts in this book to create interactive Web pages bursting with animated effects.
    [Show full text]
  • Browser Requirements & Recommended
    Browser Requirements & Recommended System Settings Arena applications are designed to work with the latest standards-compliant browsers. Updated for Arena Fall 2021 Arena 1 Arena Arena Arena Browser 4 4 4 Supported Validated FileDrop PartsList Exchange Mozilla Firefox Latest2 l l l l Microsoft Edge Latest2 l l l l l Microsoft 11 l l l l l Internet Explorer Google Chrome Latest2 l l l l l Apple Safari3 l Apple Mobile Safari Opera For each of its applications, Arena certifies web browsers as either “supported,” “validated,” or “unsupported.” The meaning of each classification is as follows: Supported browsers are those that Arena believes comply with any and all web standards that are required for an application to work correctly, though Arena itself does not test the application with all supported browsers on a formal, ongoing basis. However, if we or our users identify a blocking functional or cosmetic problem that occurs when using the application with a supported browser, Arena makes efforts to correct the problem on a timely basis. If a problem with a supported browser cannot be corrected in a timely fashion, Arena reclassifies the browser as unsupported until the problem is resolved. Validated browsers are those upon which Arena has executed the validation protocol for the Arena application. The execution record is available to our customers through Arena Validate. Unsupported browsers are those with which an application may or may not work properly. If a functional or serious cosmetic problem occurs when using the application with an unsupported browser, Arena does not make any effort to correct the problem.
    [Show full text]
  • Firefox Quantum Remove Recommended by Pocket From
    Firefox Quantum Remove Recommended By Pocket From Lamellar Gary restitutes: he ligatured his recognisance bearishly and dully. Desireless Redford suburbanized very monotonously while Silvester remains dysteleological and unconfined. Skin-deep Algernon never dislodged so westerly or stanchion any floppiness war. Stack traces are now shown for exceptions inside your console. Press to restore system options as which process starts it'll remove by the jailbreak. It is enabled by default in development versions of Firefox, but average in release versions. We have always bear the result in scratchpad and by pocket. Earn an issue that ff is by firefox quantum. You for tweetdeck, or login to network failures due to open source ip address bar at your activity. Ask a question and give support. Who cares about the features? 2012 after Mozilla detected a security flaw and recommended downgrading to. Access the feature for android firefox remove by now called extensions available for recommended by ad blockers work unencumbered by ad is a set to. This will open large number of your browser extensions that pisses me of money if you can either automatically updated their next app integrated into detail of. Dec 01 2017 Firefox Quantum's interface is still extremely customizable thanks to. Where is the back latch on Firefox? Mozilla Firefox or simply Firefox is that free quote open-source web browser developed by the. It will not collect data in private browser windows, and when Mozilla shares the results of its research, it will do so in a way that minimizes the risk of users being identified, Boyd said.
    [Show full text]
  • Websockets, JSON, HTML, CSS) Webpods When Installed Motivation Create Web Pages to Display Control System Data
    Web pods Accessing Control Data Through Web Standards (WebSockets, JSON, HTML, CSS) WebPODS when installed Motivation Create web pages to display control system data WebPODS (Protocol Oriented Distribution Service) • The Web PODS aims to provide real-time publish/subscribe communication using • WebSockets • JSON • Pure HTML/CSS widgets • Main benefits: • Uses web standards (any web client in any language) • Widgets can be configured through standard CSS • Data access outside of control network (possibly WAN) • Web pages do not need to live on the same server where the gateway is Chrome extension: Simple Web Socket Client HTML Probe (Danielle Connolly, UMich) Test javascript client (Danielle Connolly, UMich) Text monitor examples LED examples WebPODS Specify server location Adding text-monitor Adding led Specify color for “LOW” enum value GWT client (Enrique Schuhmacher, BNL) Using CS-Studio off site through Web Pods WebPODS Architecture WebPODS clients WebPODS Server Web Pods server configuration [xxx@diirt ~]# more .diirt/pods/web/mappings.xml <?xml version='1.0' encoding='UTF-8'?> <mappings version="1"> <mapping channel="calibration/constants" substitution="file:///path/to/file/table.csv" permission="READ_ONLY"/> <mapping channel="public-.*" permission="READ_WRITE"/> <mapping channel="cf-tag-(.\w)" substitution="=cfQuery($1)" permission="READ_ONLY"/> <mapping channel="sim/(.*)" substitution="sim://$1" permission="READ_ONLY"/> </mappings> Access security planned, not yet implemented • Use wss (like https) for authentication • Use username/role/unix group/host for authorization Be careful not to expose too much Web Pods • Rebroadcast data using Web sockets and JSON • Play nice with firewalls, get WAN notifications, data available to web tools, server is one class (no logic, a pass-through to pvmanager), should scale (different sockets on different servers, not tested) • Not a substitute to CA/PVA.
    [Show full text]
  • HTTP Cookie - Wikipedia, the Free Encyclopedia 14/05/2014
    HTTP cookie - Wikipedia, the free encyclopedia 14/05/2014 Create account Log in Article Talk Read Edit View history Search HTTP cookie From Wikipedia, the free encyclopedia Navigation A cookie, also known as an HTTP cookie, web cookie, or browser HTTP Main page cookie, is a small piece of data sent from a website and stored in a Persistence · Compression · HTTPS · Contents user's web browser while the user is browsing that website. Every time Request methods Featured content the user loads the website, the browser sends the cookie back to the OPTIONS · GET · HEAD · POST · PUT · Current events server to notify the website of the user's previous activity.[1] Cookies DELETE · TRACE · CONNECT · PATCH · Random article Donate to Wikipedia were designed to be a reliable mechanism for websites to remember Header fields Wikimedia Shop stateful information (such as items in a shopping cart) or to record the Cookie · ETag · Location · HTTP referer · DNT user's browsing activity (including clicking particular buttons, logging in, · X-Forwarded-For · Interaction or recording which pages were visited by the user as far back as months Status codes or years ago). 301 Moved Permanently · 302 Found · Help 303 See Other · 403 Forbidden · About Wikipedia Although cookies cannot carry viruses, and cannot install malware on 404 Not Found · [2] Community portal the host computer, tracking cookies and especially third-party v · t · e · Recent changes tracking cookies are commonly used as ways to compile long-term Contact page records of individuals' browsing histories—a potential privacy concern that prompted European[3] and U.S.
    [Show full text]
  • Web Browser a C-Class Article from Wikipedia, the Free Encyclopedia
    Web browser A C-class article from Wikipedia, the free encyclopedia A web browser or Internet browser is a software application for retrieving, presenting, and traversing information resources on the World Wide Web. An information resource is identified by a Uniform Resource Identifier (URI) and may be a web page, image, video, or other piece of content.[1] Hyperlinks present in resources enable users to easily navigate their browsers to related resources. Although browsers are primarily intended to access the World Wide Web, they can also be used to access information provided by Web servers in private networks or files in file systems. Some browsers can also be used to save information resources to file systems. Contents 1 History 2 Function 3 Features 3.1 User interface 3.2 Privacy and security 3.3 Standards support 4 See also 5 References 6 External links History Main article: History of the web browser The history of the Web browser dates back in to the late 1980s, when a variety of technologies laid the foundation for the first Web browser, WorldWideWeb, by Tim Berners-Lee in 1991. That browser brought together a variety of existing and new software and hardware technologies. Ted Nelson and Douglas Engelbart developed the concept of hypertext long before Berners-Lee and CERN. It became the core of the World Wide Web. Berners-Lee does acknowledge Engelbart's contribution. The introduction of the NCSA Mosaic Web browser in 1993 – one of the first graphical Web browsers – led to an explosion in Web use. Marc Andreessen, the leader of the Mosaic team at NCSA, soon started his own company, named Netscape, and released the Mosaic-influenced Netscape Navigator in 1994, which quickly became the world's most popular browser, accounting for 90% of all Web use at its peak (see usage share of web browsers).
    [Show full text]