1 / 32

Practising Safer Web Browsing

Practising Safer Web Browsing. Terry Labach Information Security Services IST February 17, 2012.

kenyon-hendrix
Télécharger la présentation

Practising Safer Web Browsing

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Practising Safer Web Browsing Terry Labach Information Security Services IST February 17, 2012

  2. "People are terrible about making security tradeoffs. If you give a naive user a choice, such as, 'If you want to see the dancing pigs, you could be compromising your machine,' most users will choose the dancing pigs over security every time." - Bruce Schneier, security author and consultant, on how computer users manage risks while using the Internet. [http://www.theglobeandmail.com/servlet/story/LAC.20060803.TWVISTA03/TPStory/Business] Practising Safer Web Browsing

  3. Outline The risks The threats Taking responsibility Browser configuration Browser tools Questions Practising Safer Web Browsing

  4. The risks Embarrassment Identity theft Financial loss Loss of productivity Practising Safer Web Browsing

  5. The threats Businesses Government Criminals Practising Safer Web Browsing

  6. Taking responsibility • The basics • Use good passwords • Not in dictionary • Reasonably long with mix of characters • Don’t reuse passwords • Don’t let browser save passwords • Master password • Password vault Practising Safer Web Browsing

  7. "You know, I almost bore myself when I say to myself, 'It's time to get the groceries,' I certainly don't want to put it out there for people to read." - Eugene Levy, comedian, talking about Twitter in a Canadian Press interview. Practising Safer Web Browsing

  8. Taking responsibility • Thoughtful browsing • Don’t give up personal information • Date of birth • Postal code or location • Vacation schedule • Social Insurance Number! Practising Safer Web Browsing

  9. Taking responsibility • Secret questions • Use with caution • Might be easier to reset your password than you think • Fun With Secret Questions & Answers Practising Safer Web Browsing

  10. Taking responsibility • Maintain safe environment • Keep operating system, browser up to date • Apply security patches • Be cautious using public Wi-Fi • Use secure communications (https) Practising Safer Web Browsing

  11. Taking responsibility • Clicking on links can introduce attacks • Poisoned search results • Clickjacking • Cross-site scripting Practising Safer Web Browsing

  12. Taking responsibility • Installing software • Know what software needed for sites you browse • Enter software web site address yourself, don’t click link • Don’t install software for unknown file types or oddly named files Practising Safer Web Browsing

  13. Taking responsibility • Separate browsing environments • Have one user login id for social networking, etc.; a different id for financial transactions • Virtual machines (advanced) • Use separate virtual computers on your PC for browsing with different security needs • High security virtual machine has no unneeded software Practising Safer Web Browsing

  14. Browser configuration • General principles • Protect your information • Protect your privacy • Disallow access and execution • Exceptions • You will want to break these principles for good reasons at times • Use principles as your default Practising Safer Web Browsing

  15. Browser configuration • Firefox • Disable Java and JavaScript • Disable save passwords (or use master password) Practising Safer Web Browsing

  16. Browser configuration • Internet Explorer • Apply high security setting to Internet zone • Limit cookie permissions • Do not allow third party extensions Practising Safer Web Browsing

  17. Browser configuration • Safari • Disable Java and JavaScript • Block pop-up windows • Disable opening of so-called safe files Practising Safer Web Browsing

  18. Browser configuration • Chrome • Limit cookie permissions • Web content settings Practising Safer Web Browsing

  19. Humans…have unacceptable speed and accuracy…. (They are also large, expensive to maintain, difficult to manage, and they pollute the environment. It is astonishing that these devices continue to be manufactured and deployed. But they are sufficiently pervasive that we must design our protocols around their limitations.) - C. Kaufman, R. Perlman, & M. Speciner in Network Security: PRIVATE Communication in a PUBLIC World Practising Safer Web Browsing

  20. Tools • NoScript • http://noscript.net/ • Blocks JavaScript and defends against other potentially malicious content • Swiss Army Knife of protection Practising Safer Web Browsing

  21. Tools • Web of Trust (WOT) • http://www.mywot.com/ • Ranks websites based on feedback from WOT users • Adds links to search engine results Practising Safer Web Browsing

  22. Tools • Ghostery • http://www.ghostery.com/ • Detect and block 3rd party tracking • Shows the elements of web pages served from third parties Practising Safer Web Browsing

  23. Tools • Do Not Track Plus • http://www.donottrackplus.com/ • Detect and block 3rd party tracking • Shows you who is tracking you Practising Safer Web Browsing

  24. Tools • View Thru • https://chrome.google.com/webstore/detail/jkncfnbcgbclefkbknfdbngiegdppgdd • Displays the target of shortened URLs • Known to be flaky in use Practising Safer Web Browsing

  25. Tools • HTTPS Everywhere • https://www.eff.org/https-everywhere • Forces use of https protocol on web pages that support it Practising Safer Web Browsing

  26. Tools • Adblock Plus • http://adblockplus.org/en/ • Blocks ads while browsing Practising Safer Web Browsing

  27. Resources - User safety CERT - Securing Your Web Browser SANS - Browser Safety SANS - Secure Browsing Environment Canadian Cyber Incident Response Centre U.S. Computer Emergency Readiness Team Practising Safer Web Browsing

  28. Resources - Browsers • Firefox • Privacy & Security • Internet Explorer • Improve the safety of your browsing and e-mail activities • Safari • Security & Privacy • Chrome • Manage privacy and security settings Practising Safer Web Browsing

  29. Resources – Tools discussed NoScript Web of Trust Ghostery View Thru HTTPS Everywhere AdBlock Plus Do Not Track Plus Practising Safer Web Browsing

  30. Resources – Other Tools • Facecloak • Protect user privacy on Facebook • Qualys BrowserCheck • ensures browser and plugins are up to date • Trashmail • lets you use a disposable email address • LastPass • Secure password vault Practising Safer Web Browsing

  31. Resources – Waterloo • IST Information Security Services • Terry Labach • Web application security • Consulting • Testing applications • Ethical hacking • Programming best practices • Web training and education Practising Safer Web Browsing

  32. Questions? Practising Safer Web Browsing

More Related