Safer Web Browsing Terry Labach Information Security Services

Safer Web Browsing Terry Labach Information Security Services

Safer Web Browsing Terry Labach Information Security Services IST "People are terrible about making security tradeoffs. If you give a naive user a choice, such as, 'If you want to see the dancing pigs, you could be compromising your machine,' most users will choose the dancing pigs over security every time." - Bruce Schneier, security author and consultant, on

how computer users manage risks while using the Internet. [http://www.theglobeandmail.com/servlet/story/ LAC.20060803.TWVISTA03/TPStory/Business] 2011 Outline

The risks Taking responsibility Browser configuration Browser tools Questions 2011 The risks

Embarrassment Identity theft Financial loss Loss of productivity 2011

Taking responsibility The basics Use good passwords Not in dictionary Reasonably long with mix of characters Dont reuse passwords Dont let browser save passwords Master password

Password vault 2011 "You know, I almost bore myself when I say to myself, 'It's time to get the groceries,' I certainly don't want to put it out there for people to read." - Eugene Levy, comedian, talking about Twitter in a Canadian Press interview. 2011

Taking responsibility Thoughtful browsing Dont give up personal information Date of birth Postal code or location Vacation schedule

Social Insurance Number! 2011 Taking responsibility Maintain safe environment Keep operating system, browser up to date Apply security patches Be cautious using public Wi-Fi Use secure communications (https)

2011 Taking responsibility Clicking on links can introduce attacks Poisoned search results Clickjacking Cross-site scripting 2011 Taking responsibility

Installing software Know what software needed for sites you browse Enter software web site address yourself, dont click link Dont install software for unknown file types or oddly named files 2011 Taking responsibility

Separate browsing environments Have one user login id for social networking, etc.; a different id for financial transactions Virtual machines (advanced) Use separate virtual computers on your PC for browsing with different security needs High security virtual machine has no unneeded software 2011

Browser configuration General principles Protect your information Protect your privacy Disallow access and execution Exceptions You will want to break these principles for good reasons at times Use principles as your default 2011

Browser configuration Firefox Disable Java and JavaScript Disable save passwords (or use master password) 2011 Browser configuration Internet Explorer

Apply high security setting to Internet zone Limit cookie permissions Do not allow third party extensions 2011 Browser configuration Safari Disable Java and JavaScript Block pop-up windows Disable opening of so-called safe files

2011 Browser configuration Chrome Limit cookie permissions Web content settings 2011 Humanshave unacceptable speed and accuracy.

(They are also large, expensive to maintain, difficult to manage, and they pollute the environment. It is astonishing that these devices continue to be manufactured and deployed. But they are sufficiently pervasive that we must design our protocols around their limitations.) - C. Kaufman, R. Perlman, & M. Speciner in Network Security: PRIVATE Communication in a PUBLIC World 2011

Tools NoScript http://noscript.net/ Blocks JavaScript and defends against other potentially malicious content Swiss Army Knife of protection 2011 Tools

Web of Trust (WOT) http://www.mywot.com/ Ranks websites based on feedback from WOT users Adds links to search engine results 2011 Tools Ghostery http://www.ghostery.com/

detect and block 3rd party tracking Shows the elements of web pages served from third parties 2011 Tools View Thru https://chrome.google.com/webstore/detail/jkn cfnbcgbclefkbknfdbngiegdppgdd Displays the target of shortened URLs

2011 Tools HTTPS Everywhere https://www.eff.org/https-everywhere Forces use of https protocol on web pages that support it 2011

Tools Adblock Plus http://adblockplus.org/en/ Blocks ads while browsing 2011 Resources - User safety

CERT - Securing Your Web Browser SANS - Browser Safety SANS - Secure Browsing Environment Canadian Cyber Incident Response Centr e U.S. Computer Emergency Readiness Tea m 2011

Resources - Browsers Firefox Privacy & Security Internet Explorer Improve the safety of your browsing and e-mail activities Safari Security & Privacy

Chrome Manage privacy and security settings 2011 Resources Tools discussed

NoScript Web of Trust Ghostery View Thru HTTPS Everywhere AdBlock Plus 2011

Resources Other Tools Facecloak Protect user privacy on Facebook Qualys BrowserCheck ensures browser and plugins are up to date Trashmail lets you use a disposable email address LastPass

Secure password vault 2011 Resources Waterloo IST Information Security Services Terry Labach Web application security

Consulting Testing applications Ethical hacking Programming best practices Web training and education 2011 Questions?

2011

Recently Viewed Presentations

  • Introducing AP Computer Science Principles Launching Fall 2016

    Introducing AP Computer Science Principles Launching Fall 2016

    Agenda. The value of AP Computer Science Principles (AP® CSP) Course and exam details. Support for AP Computer Science Principles. Q&A. In this presentation, I will reinforce the value of AP CSP, I'll walk you through what's changed in the...
  • Minimum Cost Flows: Network Simplex Algorithms

    Minimum Cost Flows: Network Simplex Algorithms

    Letus augment θ units of flow along the cycle in the direction of its orientation. Increases flow on forward arcs by θ units and decreases the flow on backward arcs by θ units. The per unit incremental cost for this...
  • Update on Flood Storage Fish Study Presented by

    Update on Flood Storage Fish Study Presented by

    Geomorphology (sediment transport) H&H - how water moves through the system and the amount of water flowing through the river at different times. ... such as the FEMA surveys from the early 1980s - dual purpose to help in the...
  • Metabolic Syndrome: Outline

    Metabolic Syndrome: Outline

    Dyslipidemia in the Metabolic Syndrome: Can 1 agent treat all? Brian Tulloch, M.D. Diagnostic Clinic Houston, Texas
  • Student/Faculty Research Day

    Student/Faculty Research Day

    Introduction. Purpose. Acknowledgments Environmental Public Health, University of Wisconsin-Eau Claire Hydraulic fracturing, or fracking, is a popular method for extracting natural gas from shale deposits below the earth's crust.
  • LAME COWS - Ms. Anderson's Classes!

    LAME COWS - Ms. Anderson's Classes!

    Which one will heat up quicker and will have a higher temperature? O = Ocean Currents Gulf Stream Warm water moves away from the equator Cold water moves away from the poles North Atlantic Drift W = Winds - pressure...
  • How do soils form?

    How do soils form?

    How do soils form? Processes. List the processes that occur in a soil? Give an example of each. Additions - rain adds water, dust adds minerals, as plants die and animals poop organic mater is added, humans also add fertilizer
  • A Real-time Non-intrusive FPGA-based Drowsiness Detection System

    A Real-time Non-intrusive FPGA-based Drowsiness Detection System

    A Real-time Non-intrusive FPGA-based Drowsiness Detection System. Salvatore Vitabile, Alessandra De Paola, Filippo Sorbello. Department of Biopathology and Medical Biotechnology andForensics, University of Palermo, Italy