Successfully reported this slideshow.

Secure browsers

0

Share

Loading in …3
×
1 of 20
1 of 20

More Related Content

Related Books

Free with a 14 day trial from Scribd

See all

Secure browsers

  1. 1. Secure Browsers SecureWorld St. Louis 9/14 David Strom, @dstrom
  2. 2. NSS Labs Secure Browser Report
  3. 3. Certainly you can turn up these security settings • Block pop-ups • Increase your privacy controls • Refuse tracking cookies • And so forth
  4. 4. Secure browsers type A: sandbox
  5. 5. Secure browsers type B: lockdown
  6. 6. My testbed • Qualys browsercheck • Ip-secrets.com for browser agent info • Html5test.com for specifics on that • Download sample PDF and Eicar test .EXE file • Malwaredomainlist.com for fun • Added a few phished emails to see what happens
  7. 7. http://www.networkworld.com/art icle/2175897/securityecure-browsers- offer-alternatives-to-chrom/ security/secure-browsers-offer- alternatives-to-chrome--ie-and- firefox.html

Editor's Notes

  • From NSS Labs 2013 report on browser security
    They found marked differences in each browser’s built-in security features, with Firefox the best and IE the worst. However, things change in the browsing world: Chrome is on v33 and Firefox is on v27 and IE is on v11
  • Is this legit or a phishing attack?
    it is worth a few minutes of your time to see how hard you, as an experienced IT person, will have distinguishing real from fake emails. Maybe you will have some sympathies for your end users as they are quickly scanning through their email inboxes. Or maybe this will motivate you to take a closer look at the secure browsing category
  • Here is what Gmail does now, they don’t even let you click on that nasty link with phished email. So there is some protection.
  • Most of these features are turned off by default, and finding them is often a treasure hunt as these settings are re-arranged almost at random with browser updates. But even with this effort, you probably require more security than a standard browser offers, and you will want a replacement or supplemental product to do the job
  • There are products that can be used to anonymize your browsing history and protect your identity when you surf online, such as TOR or ZipZap.
  • the better browser shouldn’t detract from the overall surfing experience: websites should look and perform the same as they do in the modern versions of Firefox or Chrome. There are alternative browsers that offer a subset of features and try to be more lightweight than the standard Firefox or Chrome browsers, such as Dillo, Lynx, Epiphany, Konqueror and others. Computerworld looked at these last year.
  • One way is they sandbox, virtualize or otherwise contain the browsing session via several different methods so that any Web pages or online content can’t reach the actual desktop that is being used to surf the Web. For this first approach, we looked at Spikes AirGap, Spoon’s BrowerStudio and Invincea’s FreeSpace.
  • A second approach is to replace the usual Firefox or Chrome browser software with a specialized browser that is locked down and has limited functionality. We looked at browsers from Comodo’s Dragon, Bitdefender’s Safepay, SRWare Iron and the open source Dooble that fit into this category. Authentic8 Silo actually uses elements of both the sandbox and specialized browser approaches
  • The good news is that you can use our same tests as part of your own battery to understand these browser’s behaviors, or add your own to the mix.
  • So I looked at 8 different browsers for my review. None of these browsers is going to stop everything, and some don’t stop much more than a well-configured standard browser. But AirGap stands out above the others. It was the only product that was always able to block downloads of executable files and still provide a solid level of HTML5 support. Its innovative use of virtualization technology was interesting. The downside is that there is some latency introduced into the browsing session as your bits travel to and fro across the Internet.
     
    A second browser worth a closer look is Invincea’s FreeSpace. Because it sandboxes your existing browsers, you may want to go this route if your users run a variety of browsers and don’t want to switch to a new browser with fewer features. Administrators can block downloads (or allow users to choose) by setting an optional switch.
  • Comodo’s Dragon sidebar app, PrivDog, allows you to set various blocking parameters for specific kinds of content.
  • Comod Dragon uses its own version of secure DNS for additional protection.
  • Dooble’s security settings sheet has some interesting privacy options.
  • Invincea’s security preferences can be set to automatically block downloaded content from a centrally managed console.
  • Silo has download content controls along with upload controls.
  • Silo also has the ability to add a second factor to authenticate yourself for the entire browsing session.
  • The first time you execute the Spoon browser, it does take some time to download the code to your desktop.
  • You can read my story in Network World earlier this spring for more details about my tests
  • ×