PDA

View Full Version : browser security, extra measures


davidh
March 25th, 2008, 05:34 PM
Some Web browsing recommendations (some of them previously mentioned at the ISC) are:

* Run the latest Web browser version and apply all available security patches and updates.
* Secure your Web browser (US-CERT) and tweak the browser security settings.
* Increase the security stance of the browser using IE Zones (for Internet Explorer) or add-ons on Firefox, such as NoScript. Additionally, there are multiple ways of stopping Web scripts at the infrastructure (from a previous ISC post).
* Run the Web browser with a non-privileged user different from the one you run your OS session with, trusting OS filesystem ACLs. I'm assuming you are not running as Administrator / root, are you? :)
* Use two Web browsers: one just for critical access, and a different one for casual Web browsing.
* Run the Web browser inside an "isolated" environment (sandbox), such as SandboxIE, or with minimum privileges, using DropMyRights.
* Run the Web browser in a virtual machine, custom-made or a public one, such as the VMware Browser Appliance (Ubuntu + Firefox).
* Use more advanced add-ons, such as Firekeeper (still alpha), FlashBlock or Adblock (there are hundreds).
* Or a combination of some of the above...

Unfortunately, some of these recommendations only apply to the security or IT professional and cannot be applied yet to end users.

http://isc.sans.org/diary.html?storyid=4190&rss

David H.