Browser Safety

14th June 2019

Uncategorised

Browser Safety
The security benefits of a good firewall have been universally accepted, the Red teams have focused attention on the next path of least resistance, which is the user. Gone are the days when we had a separate application for Mail, messaging etc. The Browser is the user’s 1 window into the internet.

Get a safer Browser
Chrome – Recommended, Fast, Secure, Doesn’t hog memory
Firefox – occasionally hogs memory, new version is better, Internet settings separate from OS; allows OS to be routed through a proxy but Firefox routed direct to internet.
Edge – M$ has officially given up, Edge will soon be based on Chrome engine.
NEVER Safari for Mac, it only supports CSP Level2 where above browsers support CSP Level 3
NEVER Internet Explorer!!! its only use is to download Chrome

Extensions for security/privacy
uBlock Origin – Recommended blocker for Ads, trackers, malware, phishing etc. Low Cpu,Mem
alts: Adblock+, Ghostery, QuickJava
Bitdefender Trafficlight – Recommended Classifies websites; Avoids Phishing and drive-by’s
alts: Wot, Avira Browser Safety
HTTPS Everywhere – automatically tests for a HTTPS site and lands you there
alts: KB SSL Enforcer, ForceHTTPS
TunnelBear VPN – convenient for use anywhere public. Install on laptops, not required on desktops.
alts: Hola Free VPN, Gom VPN

LastPass – Password Manger and secure password generator. Includes secure text storage for secret notes. You can share access to websites without telling someone your password! (if you both have LastPass)

Privacy; Optional
Change default search engine to DuckDuckGo. Most other search engines sell your browsing history to make money. This can be done globally via Group Policy.

Corporate Proxy;
A proxy is a good method to get consistent filtering, for thousands of workstations, that is relatively easy to maintain.
UTM firewalls may include a proxy.
Pros: can be Free Linux+Squid+DansGardian, centralized, flexible filtering, flexible migration via DHCP or DNS. Global Antivirus can be added. Caching speeds up frequently accessed web pages.
Cons: Only works onsite, laptops still need additional protection. Can be a single point of failure if not designed properly.
Possibilities: Group Policy could force your servers to use a proxy that allows only OS+AV updates. GP for laptops could force IE to use a restictive proxy but allow installing the more secure Firefox+Extensions

Check your browser CSP here https://content-security-policy.com/browser-test/

General Browser security test here https://browseraudit.com/