How to Enhance Security Measures on Your Web Browsers
Increase browser security in a few, simple steps.
Join the DZone community and get the full member experience.Join For Free
Browsers are the primary point of access to the World Wide Web. Every time you access the Internet, your browsers are exposed to potential online attacks. Browsers often provide an easy way for unauthorized users or hackers to access your private data, trace your daily activities or access your system directly.
You may also like: Endpoint Security With Browser Security Plus.
Overview of Browser Security
Your browser is an entry point for all malware or suspicious activities. It also means that your browser is vulnerable to attacks. Hackers or malware producers identify various loopholes to exploit browser functionalities and sneak malware onto your system.
Browser producers take these security threats very seriously. The vulnerabilities in security are thoroughly researched and fixed by rolling out security updates at regular intervals. It is highly recommended that you enable the auto-update feature for your browser. This will ensure that your browser is more secure against hackers whenever you surf the web.
Browser security is mainly categorized into two types:
Protection against browser vulnerabilities or loopholes.
Protection against unauthorized users like hackers who can trace your online activities.
To resolve browser vulnerabilities from an end-user perspective, you should ensure that all entry points from the browser are shut by configuring specific settings.
Major Security Vulnerabilities in Browsers
The following are some basic issues that one can easily fix by defining specific browser settings:
SSL security loopholes.
PDF cloaking for viruses.
Flash video cloaking for viruses.
First, let's understand the above issues.
Popups aren’t just annoying. They may contain security threats. Often, these threats are malicious links which prove to be an entry point for malware.
De-Listing SSL Compatibilities
SSL stands for Secure Socket Layer. It was introduced by Netscape as a part of Hypertext transfer protocol/Secure (Https) for web transfers. This system involves server authentication procedures and encryption of all communication information.
SSL was identified to have a security flaw and thus was replaced with Transport Layer Security (TLS). With SSL it was possible to provide a fake authentication certificate that manipulated the encryption key used by the browser to protect data.
However, TLS supports backward compatibility with SSL. For example, if a user using TLS communicates with a site that is still using SSL, then the user’s browser will rollback to SSL resulting in the old security breach being exposed.
So you need to stay safe by de-listing the SSL compatibility from your web browser.
Blocking Flash and PDF Files in Your Browser
The PDF file format and Flash video standard are Adobe products. However, the code build for both the encoding standards proves to be a blanket for virus invasion.
A whopping 1075 vulnerabilities were reported against Flash since 2005. Thus, it is recommended that you block Flash and PDF files from loading on your web browsers.
Now that we have understood the overview of key problems, let's learn how we can fix it on different browsers.
Security Settings for Firefox
The recent version of Firefox automatically blocks PDF files from loading into the browser, so ensure that you are using Firefox version 57 or above.
To avoid loading Flash contents on your web page, use Flash blocker for Firefox.
To block the SSL backward compatibility issue, follow the steps below:
In the address field of Firefox, type about:config. A warning will appear on the screen.
Click on 'I Accept Risk'.
You will see a configuration screen. In the search field type 'security.tls'.
Search for an entry — security.tls.version.min.
Double click on that entry and change the value to 2 in the dialog box. Click OK to close the box.
To block the Popups in Firefox, follow these steps:
Click on the Hamburger Menu icon at the end of the address bar. Choose Options from the drop-down list.
Choose Privacy and Security from the left-hand menu.
Scroll down to permission sections and tick the box for Block pop up windows.
Securing Your Chrome Browser
Click on the icon having three dots at the end of the address bar.
From the drop-down list choose settings and it will open a new tab.
In the new tab scroll down to the bottom and click on Advanced.
Using SSL 3.0 and TLS 1.0 in Firefox
From the extended screen, again scroll down and click on Open proxy setting under the system section.
From the internet properties window, choose the Advanced tab and scroll down in the Settings window. Ensure that the Use SSL 3.0 and Use TLS 1.0 are unchecked.
Press Ok and return to the advanced settings screen.
Go to Privacy and Security settings and disable the Flash and Popups.
Also, enable the option of downloading pdf files instead of automatically opening them in Chrome.
Securing Your Internet Explorer
I don't have Internet Explorer or Edge, so to demonstrate their security settings, I used an Internet Explorer online tool, for quick access to give try out. In case you want to test on browsers remotely or on virtual machines, you can also use Modern IE.
To remove the SSL compatibility problem on IE, follow the steps below:
Go to settings by pressing on the cog icon at the end of the address bar and click on Internet Options from the drop-down list.
Click on the Advanced tab and scroll down through the list of settings. (Similar to Chrome)
Uncheck the options USE TLS1.0, and USE SSL 3.0.
Click OK to close the window.
To block the Flash content on Internet Explorer, you need to control the ActiveX settings:
Click the cog icon for settings at the end of the address bar.
From the drop-down select Safety and ensure that ActiveX Filtering is checked.
To block PDF files from loading on your browser follow these steps:
From the cog menu, select Manage Add-ons.
Choose Tools and Extensions as Add-on type and select All Add-ons from the Show drop-down list.
Choose the Adobe PDF reader in the main screen and click on the Disable button at the bottom of the box.
To block Popups, go to the Tools menu below the address bar and click on the Turn on the Popup blocker option.
Securing Your Microsoft Edge Browser
In Microsoft Edge, the SSL backward compatibility issue is already taken care of.
To block Popups and Flash content in Microsoft Edge, go to the three-dotted symbol at the end of the address bar and select Settings.
Scroll down and select the Advanced settings. Set the Block popups slider to On and Use Adobe Flash Player slider to Off.
I hope the demonstrations above for various browsers were helpful for you. It is important to secure your browser before using it to surf the internet. This keeps your personal data, your online activity and your system safe and free of numerous issues, thus allowing for hassle-free internet usage.
Opinions expressed by DZone contributors are their own.