Most of us working from home use web browsers to access corporate systems and work environments. Whether it’s Google’s Chrome, Microsoft’s Edge, or one of the plethora of others available, the is intrinsically trusted — but it is fast becoming the next dangerous frontier in cybersecurity. Hackers are now compromising the browser, the very tool that we use to access our data and platforms. To work more securely (wherever that may be from), we should focus on ways to better secure, manage, and configure the browser. Let’s take a look at what can be done to improve browser security while remote working.
Decrease the attack surface area
The aim should be to decrease the attack surface area wherever possible — on desktops, servers, and laptop operating systems. Consideration for reducing the exposure through applications that are installed on machines and virtual workloads is necessary. If an attacker were to break in, they could use the tools already installed on the system against the system itself.
Avoid browsing from servers
In many cases, users and admins should not be browsing from servers, so removing the browser from the servers is good practice. By doing this, it discourages the admins from browsing and downloading anything onto the servers. Additionally, the tools are not available for attackers to use if they could breach the system. Putting a barrier in the way, however small, may assist the organization with detecting the intrusion.
A growing issue is the use of multiple browsers installed on laptops and desktops; there are several reasons for this. The vendors (Google, Mozilla, Microsoft, Apple) are all fighting for the traffic, so they can mine the data somehow and control the flow. Each browser works differently, and many users like the varied features in every different platform and have several varying preferences. The result is that several browsers are installed on machines. The majority of users tend to install two browsers, but even up to four is not uncommon. Ideally, one browser on a machine is preferred so that the attack surface area can be managed.
Updating the browser
A browser is similar to a cloud operating system. So, not only do admins need to patch the operating systems, applications, and firmware on laptops and desktops, they must also consider the browser. Some browsers have applets installed in the form of plugins that also need updating, and each plugin developer has update cycles and ways of updating these. These plugins can also introduce vulnerability into the ecosystem. Browsers are often a forgotten aspect in the patch cycle.
Some website admins and owners have begun to fund their initiatives by cryptomining — using the user’s computer’s processor and the processor’s power to do this. Although this may have the tiniest cost implication per user (not necessarily a concern), many users are mining. Therefore, the output accumulates, and cryptomining can be used to pay for the initiative.
Beware of Java, a major threat to browser security
Modern browsers defend against Java vulnerabilities; nevertheless, it’s still possible to exploit a browser environment through a Java vulnerability. The rule of least privilege still applies to assist with this — if it’s not needed, remove it. Several applications and platforms use Java, primarily as it has been around for a long time. However, there is a move to reduce dependency on the platform.
Browser plugins are used by many to improve functionality and tasks; plugins such as password managers, ad blockers, grammar checkers, automation tools, and conferencing are just a few plugins that are now commonplace. These plugins are little applications that can also be updated, and they can suffer from vulnerability. Knowing which ones need to be updated and tracking those still under development (if the vendors are still developing and updating the plugins) can be challenging. Hence, managing this area can be tricky, especially if a user has multiple browsers installed. The security issue can be up to four times the magnitude (for four browsers per user, for example).
Cookies are useful. They help us to easily fill forms and to keep track of where we are on sites. They assist in customizing experiences. However, on the flip side, they can be used for tracking purposes and cause other security-related challenges. So, cookies need to be managed to ensure user safety is maintained. Guidelines for managing cookies exist that organizations can adopt.
This scripting language allows programmers to write powerful tools that can automate tasks, among other things. It can run on users’ computers and must be carefully managed.
Cross-site scripting and browser security
Cross-site scripting, also known as XSS, is a vulnerability in a website that permits attackers to leverage the trust relationship that exists with that site. It is recommended that a proxy is used to limit the potential damage that XSS can cause. It has recently become a real issue, and as users are using cloud services more often, more of these attacks are occurring.
Detection and evasion
Antivirus, personal firewalls, intrusion detection systems (IDS), and intrusion prevention systems (IPS) typically function by looking for specific patterns in content. If a “known bad” pattern is found, the applicable protective measures can be actioned to secure the user. However, resultant of the dynamic nature of programming languages, scripting in web pages can evade such protective systems.
Browser keystroke and keylogging with user tracking
These could come in the form of an extension or as an input field. There are trackers now that can track a mouse cursor as well as site navigation. The issue is typically related to the site being visited unless it’s installed as a plugin. However, it may be installed through a site so that it has pertinence. The defense is to remove everything that is not required in the browser. It is vital to defend the user and the admins.
Proxies can be used to manage the sites that users can visit and scan the sites for malice before allowing the users to access the sites. However, proxies can also be inserted into the browser to redirect the traffic to an attacker. It’s recommended that the browser be locked down so that unauthorized entities cannot modify proxies.
Browser security: Keeping users safe
Browsers assist with web navigation. There are browsers for the clear web and other environments. Browsers interpret the code and render it to users for consumption, but behind the scenes, many moving parts are needed to keep it working. We need to understand the implications and consider what actions can be taken to keep users safe in a pragmatic and balanced way. Ensuring that fitting controls are applied to browser security is the challenge.
Featured image: Pixabay