Practising Safer Web Browsing
-
Upload
kenyon-hendrix -
Category
Documents
-
view
49 -
download
6
description
Transcript of Practising Safer Web Browsing
![Page 1: Practising Safer Web Browsing](https://reader033.fdocuments.net/reader033/viewer/2022050809/56813366550346895d9a7e0c/html5/thumbnails/1.jpg)
Practising Safer Web Browsing
Terry Labach
Information Security Services
IST
February 17, 2012
![Page 2: Practising Safer Web Browsing](https://reader033.fdocuments.net/reader033/viewer/2022050809/56813366550346895d9a7e0c/html5/thumbnails/2.jpg)
2
"People are terrible about making security tradeoffs. If you give a naive user a choice, such as, 'If you want to see the dancing pigs, you could be compromising your machine,' most users will choose the dancing pigs over security every time."
- Bruce Schneier, security author and consultant, on how computer users manage risks while using the Internet.
[http://www.theglobeandmail.com/servlet/story/LAC.20060803.TWVISTA03/TPStory/Business]
Practising Safer Web Browsing
![Page 3: Practising Safer Web Browsing](https://reader033.fdocuments.net/reader033/viewer/2022050809/56813366550346895d9a7e0c/html5/thumbnails/3.jpg)
3
Outline
• The risks• The threats• Taking responsibility• Browser configuration• Browser tools• Questions
Practising Safer Web Browsing
![Page 4: Practising Safer Web Browsing](https://reader033.fdocuments.net/reader033/viewer/2022050809/56813366550346895d9a7e0c/html5/thumbnails/4.jpg)
4
The risks
• Embarrassment• Identity theft• Financial loss• Loss of productivity
Practising Safer Web Browsing
![Page 5: Practising Safer Web Browsing](https://reader033.fdocuments.net/reader033/viewer/2022050809/56813366550346895d9a7e0c/html5/thumbnails/5.jpg)
5
CriminalsBusinesses
The threats
Government
Practising Safer Web Browsing
![Page 6: Practising Safer Web Browsing](https://reader033.fdocuments.net/reader033/viewer/2022050809/56813366550346895d9a7e0c/html5/thumbnails/6.jpg)
6
Taking responsibility
• The basics– Use good passwords
• Not in dictionary• Reasonably long with mix of characters
– Don’t reuse passwords
• Don’t let browser save passwords– Master password– Password vault
Practising Safer Web Browsing
![Page 7: Practising Safer Web Browsing](https://reader033.fdocuments.net/reader033/viewer/2022050809/56813366550346895d9a7e0c/html5/thumbnails/7.jpg)
7
"You know, I almost bore myself when I say to myself, 'It's time to get the groceries,' I certainly don't want to put it out there for people to read."
- Eugene Levy, comedian, talking about Twitter in a Canadian Press interview.
Practising Safer Web Browsing
![Page 8: Practising Safer Web Browsing](https://reader033.fdocuments.net/reader033/viewer/2022050809/56813366550346895d9a7e0c/html5/thumbnails/8.jpg)
8
Taking responsibility• Thoughtful browsing
– Don’t give up personal information• Date of birth• Postal code or location• Vacation schedule• Social Insurance Number!
Practising Safer Web Browsing
![Page 9: Practising Safer Web Browsing](https://reader033.fdocuments.net/reader033/viewer/2022050809/56813366550346895d9a7e0c/html5/thumbnails/9.jpg)
9
Taking responsibility• Secret questions
– Use with caution– Might be easier to reset your password than
you think
• Fun With Secret Questions & Answers
Practising Safer Web Browsing
![Page 10: Practising Safer Web Browsing](https://reader033.fdocuments.net/reader033/viewer/2022050809/56813366550346895d9a7e0c/html5/thumbnails/10.jpg)
10
Taking responsibility
• Maintain safe environment– Keep operating system, browser up to date– Apply security patches– Be cautious using public Wi-Fi– Use secure communications (https)
Practising Safer Web Browsing
![Page 11: Practising Safer Web Browsing](https://reader033.fdocuments.net/reader033/viewer/2022050809/56813366550346895d9a7e0c/html5/thumbnails/11.jpg)
11
Taking responsibility
• Clicking on links can introduce attacks– Poisoned search results– Clickjacking– Cross-site scripting
Practising Safer Web Browsing
![Page 12: Practising Safer Web Browsing](https://reader033.fdocuments.net/reader033/viewer/2022050809/56813366550346895d9a7e0c/html5/thumbnails/12.jpg)
12
Taking responsibility
• Installing software– Know what software needed for sites you
browse– Enter software web site address yourself,
don’t click link– Don’t install software for unknown file types or
oddly named files
Practising Safer Web Browsing
![Page 13: Practising Safer Web Browsing](https://reader033.fdocuments.net/reader033/viewer/2022050809/56813366550346895d9a7e0c/html5/thumbnails/13.jpg)
13
Taking responsibility
• Separate browsing environments– Have one user login id for social networking,
etc.; a different id for financial transactions
• Virtual machines (advanced)– Use separate virtual computers on your PC
for browsing with different security needs– High security virtual machine has no
unneeded software
Practising Safer Web Browsing
![Page 14: Practising Safer Web Browsing](https://reader033.fdocuments.net/reader033/viewer/2022050809/56813366550346895d9a7e0c/html5/thumbnails/14.jpg)
14
Browser configuration• General principles
– Protect your information– Protect your privacy– Disallow access and execution
• Exceptions– You will want to break these principles for
good reasons at times– Use principles as your default
Practising Safer Web Browsing
![Page 15: Practising Safer Web Browsing](https://reader033.fdocuments.net/reader033/viewer/2022050809/56813366550346895d9a7e0c/html5/thumbnails/15.jpg)
15
Browser configuration
• Firefox– Disable Java and JavaScript– Disable save passwords (or use master
password)
Practising Safer Web Browsing
![Page 16: Practising Safer Web Browsing](https://reader033.fdocuments.net/reader033/viewer/2022050809/56813366550346895d9a7e0c/html5/thumbnails/16.jpg)
16
Browser configuration
• Internet Explorer– Apply high security setting to Internet zone– Limit cookie permissions– Do not allow third party extensions
Practising Safer Web Browsing
![Page 17: Practising Safer Web Browsing](https://reader033.fdocuments.net/reader033/viewer/2022050809/56813366550346895d9a7e0c/html5/thumbnails/17.jpg)
17
Browser configuration
• Safari– Disable Java and JavaScript– Block pop-up windows– Disable opening of so-called safe files
Practising Safer Web Browsing
![Page 18: Practising Safer Web Browsing](https://reader033.fdocuments.net/reader033/viewer/2022050809/56813366550346895d9a7e0c/html5/thumbnails/18.jpg)
18
Browser configuration
• Chrome– Limit cookie permissions– Web content settings
Practising Safer Web Browsing
![Page 19: Practising Safer Web Browsing](https://reader033.fdocuments.net/reader033/viewer/2022050809/56813366550346895d9a7e0c/html5/thumbnails/19.jpg)
19
Humans…have unacceptable speed and accuracy…. (They are also large, expensive to maintain, difficult to manage, and they pollute the environment. It is astonishing that these devices continue to be manufactured and deployed. But they are sufficiently pervasive that we must design our protocols around their limitations.)
- C. Kaufman, R. Perlman, & M. Speciner in Network Security: PRIVATE Communication in a PUBLIC World
Practising Safer Web Browsing
![Page 20: Practising Safer Web Browsing](https://reader033.fdocuments.net/reader033/viewer/2022050809/56813366550346895d9a7e0c/html5/thumbnails/20.jpg)
20
Tools
• NoScript– http://noscript.net/– Blocks JavaScript and defends against other
potentially malicious content– Swiss Army Knife of protection
Practising Safer Web Browsing
![Page 21: Practising Safer Web Browsing](https://reader033.fdocuments.net/reader033/viewer/2022050809/56813366550346895d9a7e0c/html5/thumbnails/21.jpg)
21
Tools
• Web of Trust (WOT)– http://www.mywot.com/– Ranks websites based on feedback from
WOT users– Adds links to search engine results
Practising Safer Web Browsing
![Page 22: Practising Safer Web Browsing](https://reader033.fdocuments.net/reader033/viewer/2022050809/56813366550346895d9a7e0c/html5/thumbnails/22.jpg)
22
Tools
• Ghostery– http://www.ghostery.com/– Detect and block 3rd party tracking– Shows the elements of web pages served
from third parties
Practising Safer Web Browsing
![Page 23: Practising Safer Web Browsing](https://reader033.fdocuments.net/reader033/viewer/2022050809/56813366550346895d9a7e0c/html5/thumbnails/23.jpg)
23
Tools
• Do Not Track Plus– http://www.donottrackplus.com/– Detect and block 3rd party tracking– Shows you who is tracking you
Practising Safer Web Browsing
![Page 24: Practising Safer Web Browsing](https://reader033.fdocuments.net/reader033/viewer/2022050809/56813366550346895d9a7e0c/html5/thumbnails/24.jpg)
24
Tools
• View Thru– https://chrome.google.com/webstore/detail/jkn
cfnbcgbclefkbknfdbngiegdppgdd– Displays the target of shortened URLs– Known to be flaky in use
Practising Safer Web Browsing
![Page 25: Practising Safer Web Browsing](https://reader033.fdocuments.net/reader033/viewer/2022050809/56813366550346895d9a7e0c/html5/thumbnails/25.jpg)
25
Tools
• HTTPS Everywhere– https://www.eff.org/https-everywhere– Forces use of https protocol on web pages
that support it
Practising Safer Web Browsing
![Page 26: Practising Safer Web Browsing](https://reader033.fdocuments.net/reader033/viewer/2022050809/56813366550346895d9a7e0c/html5/thumbnails/26.jpg)
26
Tools
• Adblock Plus– http://adblockplus.org/en/– Blocks ads while browsing
Practising Safer Web Browsing
![Page 27: Practising Safer Web Browsing](https://reader033.fdocuments.net/reader033/viewer/2022050809/56813366550346895d9a7e0c/html5/thumbnails/27.jpg)
27
Resources - User safety
• CERT - Securing Your Web Browser• SANS - Browser Safety• SANS - Secure Browsing Environment• Canadian Cyber Incident Response Centr
e• U.S. Computer Emergency Readiness Tea
m
Practising Safer Web Browsing
![Page 28: Practising Safer Web Browsing](https://reader033.fdocuments.net/reader033/viewer/2022050809/56813366550346895d9a7e0c/html5/thumbnails/28.jpg)
28
Resources - Browsers• Firefox
– Privacy & Security
• Internet Explorer– Improve the safety of your browsing and e-mail activities
• Safari– Security & Privacy
• Chrome– Manage privacy and security settings
Practising Safer Web Browsing
![Page 29: Practising Safer Web Browsing](https://reader033.fdocuments.net/reader033/viewer/2022050809/56813366550346895d9a7e0c/html5/thumbnails/29.jpg)
29
Resources – Tools discussed
• NoScript• Web of Trust• Ghostery• View Thru• HTTPS Everywhere• AdBlock Plus• Do Not Track Plus
Practising Safer Web Browsing
![Page 30: Practising Safer Web Browsing](https://reader033.fdocuments.net/reader033/viewer/2022050809/56813366550346895d9a7e0c/html5/thumbnails/30.jpg)
30
Resources – Other Tools• Facecloak
– Protect user privacy on Facebook
• Qualys BrowserCheck– ensures browser and plugins are up to date
• Trashmail– lets you use a disposable email address
• LastPass– Secure password vault
Practising Safer Web Browsing
![Page 31: Practising Safer Web Browsing](https://reader033.fdocuments.net/reader033/viewer/2022050809/56813366550346895d9a7e0c/html5/thumbnails/31.jpg)
31
Resources – Waterloo
• IST Information Security Services• Terry Labach
– Web application security• Consulting• Testing applications• Ethical hacking• Programming best practices
– Web training and education
Practising Safer Web Browsing
![Page 32: Practising Safer Web Browsing](https://reader033.fdocuments.net/reader033/viewer/2022050809/56813366550346895d9a7e0c/html5/thumbnails/32.jpg)
32
Questions?
Practising Safer Web Browsing