Securing Your Web Browser
A guide has been published on cert.org recently that helps you configure your web browser for safer Internet browsing. It starts with the question why you should secure your web browser and explains common web browser features like Java, ActiveX and Cookies. After that introduction the important part of the article begins in chapter 3: Vulnerabilities and Attack Vectors.
Common vulnerabilities like Cross-Site Scripting, Spoofing and Cross-Zone and Cross-Domain Vulnerabilities are explained in this part. The article does not explain everything in great detail but provides links to in-depth explanations.
The last part, How to Secure Your Web Browser, finally shows in detail and with screenshots how you can secure your web browser of choice (Internet Explorer, Mozilla Firefox and Safari are covered). This is a great guide for Internet users who want to be more proficient in regards to security, and who want to secure their web browser as much as possible.
Update: The guide is outdated when it comes to the operating systems and web browsers used in the guide. It is furthermore not including Google Chrome or Opera in the list, and not taking into account the most recent Microsoft operating systems.
It is still interesting to note that the theory behind it is still as valid as it was back in the year 2006 when the web browser security guide was published.
The risk for instance are all very much valid, even though some have been mitigated thanks to new technology like sandboxing. When it comes to technologies, ActiveX, Java, Plug-ins, Cookies, JavaScript and VBscript are explained and mentioned in the guide. A newer guide would have probably included browser extensions, as well as the Flash plugin in that analysis.
The second part of the guide, that explains how users can secure the browser they use, may still be useful in some regards. It is however almost inevitable to look around to find the preferences in the browser, as menu structures and interfaces have changed in all of them in recent time.
Advertisement