Modern browsers are more than programs used to peruse the web. Browsers are tools used to communicate, develop, conduct financial transactions, and interact with government agencies.
This week we will discuss browser security, and how it can impact website security. As a website is the portal to a company’s online presence and resources, a browser is the entryway into a user’s workstation computer and the data within.
The link between browser security and website security is not conflated. Here at SiteLock, we’ve seen many sites compromised through stolen FTP credentials, and entire company file stores lost to ransomware.
Browsers were the likely point of entry of these compromises. Every website owner and web developer is sure to use a browser, most likely multiple browsers, to access the website hosting or accessing site files and credentials. Again, the browser is the portal from the open web to the workstation. Below, we’ll cover the steps necessary to better secure this entry point.
The first step to better browser security is to have the latest browser. Updating your browser:
Like updating an operating system to plug security holes on your computer, updating your browser plugs the holes that malicious sites use to gain a foothold into the workstation. Both browsers listed above update automatically. To check for the latest version of both Firefox and Chrome manually, click the hamburger menu in the upper right corner, then select About Firefox or About Google Chrome from the help menu.
Next, disable or uninstall vulnerable plugins, and by that we mean Java. Java is little used and both Google Chrome and Mozilla Firefox now disable Java by default. Unless you have a specific application where Java is necessary, we recommend uninstalling it completely.
Talking updates and plugins, we have to talk about Adobe Flash. Until the HTML5 adoption is more complete, Flash is a fairly necessary plugin for a full, rich web experience. The huge downside is that Flash has been the target of numerous malware campaigns, including the sale of Flash exploits to government agencies.  Though browsers have done much to limit Flash’s negative impacts, it’s still imperative to keep Flash up to date in order to keep your browser secure. Chrome uses a built-in version of Flash which is updated with the browser. For Firefox, go to adobe.com/software/flash/about to make sure you have the latest version.
Next, we have two extensions to install to increase browser security, HTTPS Everywhere and uBlock Origin. HTTPS Everywhere from the EFF changes unencrypted requests to encrypted requests for sites that support it, encrypting requests when they’re not explicitly requested and protecting the data in transit from prying eyes.
uBlock Origin may be slightly controversial as many sites rely on ads for revenue. The cold truth of the internet is that ads have been used for attacks for years and won’t likely stop any time soon. To cite two specific examples, rogue advertisements have been slipped onto both the New York Times website and into Yahoo’s ad network. Installing uBlock Origin blocks ads outright, malicious or otherwise, reducing a large attack surface and probably some eye strain as well.
There are two more Firefox-only extensions that power users may be interested in to increase browser security, RequestPolicy Continued and NoScript. RequestPolicy blocks cross-site requests by default, which are requests a website you are visiting makes to other sites, and only allows them when specifically whitelisted by the user. This reduces the danger of cross-site request forgery (CSRF) and clickjacking attacks, which is where an action is carried out as the user on another site without the user’s knowledge.
The last and most important component of browser security is browsing habits. Secure browsing habits include
Being cognizant of browser usage habits helps to close the last hole of browser security, user clicks.
Improving browser security hardens the defenses of the doorway into your computer. A secure browser helps protect the sensitive data — your site data — on your computer just as the TrueShield web application firewall and the INFINITY website scanning solution protect your site. You can learn more by visiting sitelock.com.