Safe Browsing Practices

Using Free/Open Networks

Sometimes people connect to the Internet via an open or free network. This may be a commercial Wi-Fi network, operated by a cafe or made available in an airport or railway terminal, or wired Internet access available from a "web cafe." You might also find that your neighbor is operating an open Wi-Fi network or discover several open networks when you use your laptop in a park or other public space.

Using Free/Open Networks

When using a public workstation, you should always be alert to the possibility that it could be infected with malware. Clear the browser cache before shutting down or logging off, and make sure you do not allow passwords to be cached.If you operate a wireless network, it is important to secure it so that others do not make malicious use of it, for which you could be held responsible. Most ISPs make it a condition of service that you use your wireless router in a secure configuration

Malware Threats

The web browser is one of the most well-exploited vectors for infecting a system with malware or stealing information. Malware is malicious software threats and tools designed to vandalize or compromise computer systems. Malware can be categorized in a number of ways:

Malware Threats

• Viruses and worms—malware principally designed to spread to other PCs.

• Trojan Horse—an apparently legitimate application that conceals malicious functions, such as spyware or a bot allowing remote control of the PC.

• Adware—software or configuration files installed with your agreement that helps a company track what pages you visit and display personalized adverts to you.

• Spyware—malware installed covertly, possibly as a Trojan or as a result of a virus or worm infection, that tries to track everything you use the computer for. Spyware might record keystrokes, take screenshots of the desktop, or even hack the computer's camera and microphone.

Spyware and Adware Symptoms

Malware, such as adware and spyware, is designed with commercial or criminal intent rather than to vandalize the computer system. It can therefore be difficult to identify whether a computer is infected, because the malware may be designed to remain hidden.

Spyware and Adware Symptoms

Malware, such as adware and spyware, is designed with commercial or criminal intent rather than to vandalize the computer system. It can therefore be difficult to identify whether a computer is infected, because the malware may be designed to remain hidden.

Spyware and Adware Symptoms

Another symptom is redirection. This is where the user tries to open one page but gets sent to another. This may imitate the target page. Redirection attacks often target Internet search engines. In adware, redirection is just a blunt means of driving traffic through a site, but spyware may exploit it to capture authentication details.

Spyware and Adware Symptoms

You should also be wary of suspicious banner ads. A banner ad is an area of a website set aside for third-party advertising. The advert is inserted into a frame and can be hosted on a different server to that of the main site. Adverts for free anti-virus, or virus infection warnings, or system performance warnings are all likely to be bogus. In the worst cases, the ads could contain malicious code that will attempt to exploit any vulnerabilities in your OS or browser/plug-in software to infect your computer (a drive-by download).

Configuring Browsing Security

Malware may be able to infect your computer because OS or browser software is not up to date and is therefore vulnerable to some sort of exploit. You can only mitigate this type of threat by installing the latest software patches. There are other browser settings you can configure to ensure you are using the best safe browsing practices though.

Choosing a Compatible Browser

While the mainstream browsers are now much more standards-based, compatibility problems can still arise. It is often the case that you will need to have more than one browser installed on your computer. This is not ideal in security terms, as it is better to install as few applications as possible, but circumstances may demand it. Compatibility aside, your choice of browser is largely down to personal preference. Do make sure you choose a browser whose developer is active in monitoring security issues and providing software updates to fix them.

Active Content Types

HTTP is a limited protocol in terms of serving any content other than text and pictures. Many websites use active content to play video or add animated and interactive features. There are several ways of creating this type of content:

Active Content Types

• Scripting—scripts can run either on the server or on the client (browser) to perform quite sophisticated actions. Scripting is usually based on JavaScript. JavaScript can also be used to create browser add-ons.

• Add-ons—animated or interactive content often uses a browser add-on. These are mini applications that work within the browser. There are many different add-ons, each working with a different type of content. Add-ons can also be used to extend or change the functionality of the browser by adding a custom toolbar for instance.

Active Content Types

• Flash/Silverlight—these are two rival development environments, created by Adobe and Microsoft respectively, used to provide interactive web applications and video. The browser must have the Flash or Silverlight plug-in installed to view this type of content.

• Java—unlike JavaScript, this is a fully-featured programming language used to develop sophisticated web applications. Java applications require the Java Virtual Machine to be installed on Windows and for the Java plug-in to be enabled in the browser.

Active Content Types

• All of these technologies pose some degree of risk as they can be used for malicious purposes. When a web page needs to use active content and it is either not permitted to by current security settings or because the required plug-in is not installed, the browser displays a warning. Click the bar to install the component or change security settings.

  
  
  

Disabling Client Side Scripting

• Most sites will use server-side scripting, meaning that code runs on the server to display the page you are looking at. There is no way to disable this. Many sites also depend on client-side scripting. This means that code is placed in the page itself and runs within the browser to change the way it looks or provide some other functionality

  
  
  

Managing Add-Ons

• While scripting is usually left enabled, all browsers provide tools for managing add-ons. Add-ons come in several different types:

  
  
  

Managing Add-Ons

• Extensions—these can add functionality to the browser. They might install a toolbar or change menu options. They can run scripts to interact with the pages you are looking at.

• Plug-ins—these are designed to play some sort of content embedded in a web page, such as Flash, Silverlight, or other video/multimedia format. The plug-in can only interact with the multimedia object placed on the page, so it's more limited than an extension.

• Themes—these change the appearance of the browser using custom images and color schemes.
  
  

Managing Add-Ons

• The interface will also provide an option for browsing and installing add-ons, via the browser's store or portal, using the Get Add-ons link in the screenshot above. You can read reviews of the add-on and determine whether it will be useful and trustworthy. All extensions and plug-ins should be digitally signed by the developer to indicate that the code is as-published. You should be extremely wary of installing unsigned add-ons.
  
  

Managing Cookies & PII

• While protecting against risks from malware and malicious add-ons, you also need to consider how your browser stores data and interacts with websites. Additionally, you need to consider how that website protects, or doesn't protect, your personal information.
  
  

Cookies

• A cookie is a plain text file created by a website when you visit it. The purpose of cookies is to store session information so that the website can be personalized for you. For example, cookies may record information you type into forms, preferences you choose for the way the site works, and so on. They may also be used to display targeted advertising to you or collect information (metadata) about the browser you are using, your IP address, the links you click, how often you visit a site, and so on. An IP address can often be tied quite closely to a geographic location.
  
  

Cookies

• This sort of information is referred to as Personally Identifiable Information (PII). Anyone able to collect this information might be able to track the sites you visit and work out where you live. You can configure browser settings to try to limit the way sites can gather PII from your browser.
  
  

Cookies

• There are two classes of cookies:

  • First-party cookies—set by the domain you visit. For example, if you browse comptia.org and the server creates a cookie owned by comptia.org then this is a first-party cookie.

  • Third-party cookies—set by another domain. For example, if you browse comptia.org and a widget on the site tries to create a cookie for ad-track.com, this is a third-party cookie
    
    

Cookies

• Cookies have the following privacy and security issues:

  • The site may record more information about you than you are aware, and information in the cookies may be shared with other sites. Sites should generally publish a privacy policy describing what information is collected and how it is used.

  • Cookies cannot spread malware, but if your computer is infected with a virus or a Trojan, it may be able to steal the information contained within cookies.
    
    

Cookies

• Spyware and adware may make use of cookies to track what sites you visit and display targeted adverts.

• Cookies should normally expire (self-delete) after a given date, but some try to set a date in the very distant future.

• Confidential information, such as a password, should only be stored in a secure cookie (readable only under the SSL/TLS session it was created in).
  
  

Pop up Windows

• A pop-up is a "sub-window" that appears over the main window. Pop-ups can be implemented using scripts or add-ons. A pop-up can be opened automatically by a script running on the page or in response to clicking a link. A different kind of overlay pop-up can be implemented using Cascading Style Sheets (CSS), which is HTML's extended formatting language. These don't open a new window but place some content in a layer above the main content so that you cannot view it without waiting for a timer to end or clicking a close icon.
  
  

Pop up Windows

• Most of the time pop-ups are designed to be helpful to the user. For example, a form might use a pop-up window to explain what you are supposed to enter in a particular field without having to navigate away from the form and lose the information you have already entered.
  
  

Pop up Windows

• Pop-ups are also used for advertising however. For example, a site may have some content you want to read and pop an advertising window over the top of it, so that you cannot read the content without first looking at the advert and closing it, or as the advertiser hopes, perhaps reading it, buying the product, then returning to the article. They are also used by subscription-based sites to prompt you to sign in with your account before you can view the content.
  
  

Pop up Windows

• Aggressive use of pop-up windows is associated with spyware and adware. These spawn pop-ups when you open the browser, on every site you visit, and when you try to close the browser. They may even re-spawn when you try to close them. Malicious software can also use misleading pop-ups; for example, the Close button may try to execute a script that installs a virus or Trojan or the window may be designed to look like a Windows alert dialog ("Viruses have been detected on your computer—click OK to remove them").
  
  

Controlling Cookies/Pop-ups

• You can control the use of cookies by the websites you visit using browser settings. There will be options to set what type of cookies to accept and how long to keep them. You can also configure exceptions so that certain domains are always or never allowed to create cookies. Finally, you can view which sites have created cookies and clear any data that you do not want to keep
  
  

Controlling Cookies/Pop-ups

• As with scripting, disabling first-party cookies is likely to leave a website, and certainly a web application, unusable. Sites that depend on advertising can detect when you are blocking third-party cookies, pop-ups, and other advertising features and refuse to show the page content.
  
  

Controlling Cookies/Pop-ups

• You can also choose to prevent sites from creating pop-up windows and configure exceptions for this rule. Note that this will not block all types of overlay pop-ups or advertising. If you want to have closer control over advertising on a site you need to install a suitable browser extension.
  
  

Disabling Autofill/Clearing Cache

• Another privacy issue is that the browser can be set to store information typed into forms, including passwords, and retains a history of browsed pages. Any user using a publicly accessible computer should be trained to check these settings and to clear the browser cache before logging off. This is done from the browser's settings dialog or configuration page..
  
  

Private Browsing Mode

• As these settings are relatively tricky to turn on and off, most browsers provide a private browsing mode. In private (or incognito) mode, the browser doesn't store cookies or temporary files and doesn't add pages to the history list. You can usually open a private browser tab by pressing CTRL+SHIFT+P (in Firefox) or CTRL+SHIFT+N (in Chrome). Private mode is indicated by a different icon and darker theme colors
  
  

Digital Certificates/Anti-phishing

• When a web browser communicates with a secure (HTTPS) server, it accepts the server's digital certificate to use its public key to encrypt communications. Because of the special way that the keys are linked, the public key cannot be used to decrypt the message once encrypted. Only the linked private key can be used to do that. The private key must be kept secret. This is referred to as asymmetric encryption.
  
  

Digital Certificates/Anti-phishing

• Having a certificate is not in itself any proof of identity. The browser and server rely upon a third-party—the Certificate Authority (CA)—to vouch for the server's identity. This framework is called Public Key Infrastructure (PKI).A browser is pre-installed with a number of root certificates that are automatically trusted. These represent the commercial CAs that grant certificates to most of the companies that do business on the web.
  
  

Valid/Invalid Certificates

• When you browse a site using a certificate, the browser displays the information about the certificate in the address bar:

  • If the certificate is valid and trusted, a padlock icon is shown. Click the icon to view information about the certificate and the Certificate Authority guaranteeing it.

  • If the certificate is highly trusted, the address bar is colored green. High assurance certificates make the website owner go through a (even) more rigorous identity validation procedure.

  • If the certificate is untrusted or otherwise invalid, the address bar is colored maroon and the site is blocked by a warning message. If you want to trust the site anyway, click through the warning.
    
    

Suspicious Links/URL's

• Another important step in validating the identity of a site is to confirm its domain name. Techniques to direct users to fake or manipulated websites are called phishing and pharming. These depend on making a fake site look like the real one. One trick is to use well-known subdomains as part of the address. For example, "comptia.phishing.org" has nothing to do with "comptia.org" but may fool the unwary into thinking it does. The browser highlights the registered domain part of the address so that you can verify it..
  
  

Enabling a Firewall

• A firewall restricts access to a computer or network to a defined list of hosts and applications. Basic packet filtering firewalls work on the basis of filtering network data packets as they try to pass into or out of the machine.
  
  

Types of Firewalls

• On a TCP/IP network, each host is identified by an IP address, while each application protocol (HTTP, FTP, SMTP, and so on) is identified by a port number. Packet filters on a firewall can be applied to IP addresses and port numbers. A more advanced firewall (stateful inspection) can analyze the contents of network data packets, so long as they are not encrypted, and block them if any suspicious signatures are detected and identify suspicious patterns of activity.
  
  

Types of Firewalls

• A hardware firewall is a dedicated appliance with the firewall installed as firmware. A software firewall is installed as an application on a workstation or server. Most Internet routers also feature a built-in firewall, configured via the web management interface.A simple host firewall (or personal firewall) may be installed on a client PC to protect it. Windows features such a firewall. There are also numerous third-party host firewalls.
  
  

Configuring Windows Defender

• Windows Defender Firewall is enabled on all network connections by default unless it has been replaced by a third-party firewall. It is not a good idea to run two host firewalls at the same time because they can conflict with each other, would be unnecessarily complex to configure, and more difficult to troubleshoot.
  
  

Configuring Windows Defender

• To configure the firewall, open Windows Defender Security Center and then click the Firewall & network protection node. Use the links to configure the settings. For example, to allow an app through the firewall, click Allow an app through the firewall..You can also access Windows Defender Firewall settings by using the Control Panel Windows Defender Firewall applet
  
  

Configuring Windows Defender

• To turn off the firewall, which is only advisable if you are using an alternative host firewall software product, in Settings, click the active network and then click the On button to turn off the firewall. In Control Panel, click the Turn Windows Defender Firewall on or off link. You can then configure the required settings, as shown below
  
  

Configuring Proxy Settings

• On an enterprise network, a network firewall is likely to be deployed to monitor and control all traffic passing between the local network and the Internet. On networks like this, clients might not be allowed to connect to the Internet directly but forced to use a proxy server instead. The proxy server can be configured as a firewall and apply other types of content filtering rules.
  
  

Configuring Proxy Settings

• Some proxy servers work transparently so that clients use them without any extra configuration of the client application. Other proxies require that client software, such as the browser, be configured with the IP address and port of the proxy server. This information would be provided by the network administrator.