Practising Safer Web Browsing Terry Labach Information Security

Practising Safer Web Browsing Terry Labach Information Security

Practising Safer Web Browsing Terry Labach Information Security Services IST February 17, 2012 "People are terrible about making security tradeoffs. If you give a naive user a choice, such as, 'If you want to see the dancing pigs, you could be compromising your machine,' most users will choose the dancing pigs over security every time." - Bruce Schneier, security author and consultant, on

how computer users manage risks while using the Internet. [http://www.theglobeandmail.com/servlet/story/ LAC.20060803.TWVISTA03/TPStory/Business] Practising Safer Web Browsing 2 Outline

The risks The threats Taking responsibility Browser configuration Browser tools Questions Practising Safer Web Browsing 3

The risks Embarrassment Identity theft Financial loss Loss of productivity Practising Safer Web Browsing

4 The threats Government Businesses Criminals Practising Safer Web Browsing 5

Taking responsibility The basics Use good passwords Not in dictionary Reasonably long with mix of characters Dont reuse passwords Dont let browser save passwords Master password Password vault Practising Safer Web Browsing

6 "You know, I almost bore myself when I say to myself, 'It's time to get the groceries,' I certainly don't want to put it out there for people to read." - Eugene Levy, comedian, talking about Twitter in a Canadian Press interview. Practising Safer Web Browsing 7 Taking responsibility

Thoughtful browsing Dont give up personal information Date of birth Postal code or location Vacation schedule Social Insurance Number! Practising Safer Web Browsing

8 Taking responsibility Secret questions Use with caution Might be easier to reset your password than you think Fun With Secret Questions & Answers Practising Safer Web Browsing

9 Taking responsibility Maintain safe environment Keep operating system, browser up to date Apply security patches Be cautious using public Wi-Fi Use secure communications (https) Practising Safer Web Browsing 10

Taking responsibility Clicking on links can introduce attacks Poisoned search results Clickjacking Cross-site scripting Practising Safer Web Browsing 11 Taking responsibility Installing software Know what software needed for sites you

browse Enter software web site address yourself, dont click link Dont install software for unknown file types or oddly named files Practising Safer Web Browsing 12 Taking responsibility Separate browsing environments Have one user login id for social networking,

etc.; a different id for financial transactions Virtual machines (advanced) Use separate virtual computers on your PC for browsing with different security needs High security virtual machine has no unneeded software Practising Safer Web Browsing 13 Browser configuration

General principles Protect your information Protect your privacy Disallow access and execution Exceptions You will want to break these principles for good reasons at times Use principles as your default Practising Safer Web Browsing 14

Browser configuration Firefox Disable Java and JavaScript Disable save passwords (or use master password) Practising Safer Web Browsing 15 Browser configuration Internet Explorer

Apply high security setting to Internet zone Limit cookie permissions Do not allow third party extensions Practising Safer Web Browsing 16 Browser configuration Safari Disable Java and JavaScript Block pop-up windows Disable opening of so-called safe files

Practising Safer Web Browsing 17 Browser configuration Chrome Limit cookie permissions Web content settings Practising Safer Web Browsing 18

Humanshave unacceptable speed and accuracy. (They are also large, expensive to maintain, difficult to manage, and they pollute the environment. It is astonishing that these devices continue to be manufactured and deployed. But they are sufficiently pervasive that we must design our protocols around their limitations.) - C. Kaufman, R. Perlman, & M. Speciner in Network Security: PRIVATE Communication in a PUBLIC World Practising Safer Web Browsing

19 Tools NoScript http://noscript.net/ Blocks JavaScript and defends against other potentially malicious content Swiss Army Knife of protection Practising Safer Web Browsing 20

Tools Web of Trust (WOT) http://www.mywot.com/ Ranks websites based on feedback from WOT users Adds links to search engine results Practising Safer Web Browsing 21 Tools

Ghostery http://www.ghostery.com/ Detect and block 3rd party tracking Shows the elements of web pages served from third parties Practising Safer Web Browsing 22 Tools Do Not Track Plus http://www.donottrackplus.com/

Detect and block 3rd party tracking Shows you who is tracking you Practising Safer Web Browsing 23 Tools View Thru https://chrome.google.com/webstore/detail/jkn cfnbcgbclefkbknfdbngiegdppgdd Displays the target of shortened URLs Known to be flaky in use

Practising Safer Web Browsing 24 Tools HTTPS Everywhere https://www.eff.org/https-everywhere Forces use of https protocol on web pages that support it Practising Safer Web Browsing

25 Tools Adblock Plus http://adblockplus.org/en/ Blocks ads while browsing Practising Safer Web Browsing 26 Resources - User safety

CERT - Securing Your Web Browser SANS - Browser Safety SANS - Secure Browsing Environment Canadian Cyber Incident Response Centr e U.S. Computer Emergency Readiness Tea m Practising Safer Web Browsing

27 Resources - Browsers Firefox Privacy & Security Internet Explorer Improve the safety of your browsing and e-mail activities Safari Security & Privacy

Chrome Manage privacy and security settings Practising Safer Web Browsing 28 Resources Tools discussed

NoScript Web of Trust Ghostery View Thru HTTPS Everywhere AdBlock Plus Do Not Track Plus Practising Safer Web Browsing

29 Resources Other Tools Facecloak Protect user privacy on Facebook Qualys BrowserCheck ensures browser and plugins are up to date Trashmail lets you use a disposable email address LastPass

Secure password vault Practising Safer Web Browsing 30 Resources Waterloo IST Information Security Services Terry Labach Web application security

Consulting Testing applications Ethical hacking Programming best practices Web training and education Practising Safer Web Browsing 31 Questions?

Practising Safer Web Browsing 32

Recently Viewed Presentations

  • SGW WIMS task management solution - opssys.com

    SGW WIMS task management solution - opssys.com

    SGW also produced a number of more complex daily forms for tests like Cl2 demand, jar testing and chemical delivery. Although we were really happy with these forms we found it difficult to ensure all operators were using them as...
  • Work-Life Balance for Engineering Faculty Minority Faculty Development

    Work-Life Balance for Engineering Faculty Minority Faculty Development

    Work-Life Balance for Engineering Faculty Minority Faculty Development Workshop Susan Robison 410-465-5892 * * * * * * * * * * * * * * * * * * * * * * * * * * * *...
  • Behavioral Finance 02/07/2020 Behavioral Finance 1 Efficient Markets

    Behavioral Finance 02/07/2020 Behavioral Finance 1 Efficient Markets

    Efficient Markets Hypothesis - 3. 6/10/2013. Behavioral Finance [Textbook] Arbitrage: By simultaneously selling and purchasing identical securities at favorably different prices, the arbitrageur captures an immediate payoff with no up-front capital and no risk
  • ppt.guaihou.com

    ppt.guaihou.com

    [email protected] 本设计作品中所使用的图片来源于以下网站(图片链接见本页备注),以下网站均有声明:图片为免费无版权图片,并且可以供个人和商业使用,如需确认版权情况,可查看该网站图片版权声明。
  • Le Passe Compose - PBworks

    Le Passe Compose - PBworks

    How is the Passe Compose formed? Auxilliary verb + past participle. Present tense + -er verbs- é. Avoir -ir verbs- i-re verbs- u. Review the conjugation of avoir
  • In the short story "The Cask of Amontillado," Edgar Allan Poe ...

    In the short story "The Cask of Amontillado," Edgar Allan Poe ...

    In the short story "The Cask of Amontillado," Edgar Allan Poe uses imagery to create a horrific mood. by: Altay, Shawn, Peter, and Justin. Pg. 211 "We had passed through walls of piled bones, with casks and puncheons intermingling, into...
  • DAY 1 CH 14 SEC 1-3  ACTIVITY CHOOSE

    DAY 1 CH 14 SEC 1-3 ACTIVITY CHOOSE

    Define conquistador. Describe Cortes and his take over of the Aztecs. Describe Pizarro and how he took over the Incan empire. Describe how the Catholic Church influenced Spanish conquest. What were the early years of English settlements like in America?...
  • The Publication of the Rotary Club of Arlington

    The Publication of the Rotary Club of Arlington

    You can make up meetings by: attending another clubs weekly meeting, doing a online eclub meeting on the RI website, donating Blood, doing meals on wheels, volunteering for any Rotary sponsored community service project or attending any other Rotary event...