Sunday, January 30, 2011

Tips on Staying Safe on the Internet from Richard Huzil

Guys,

  Here is the article with the various security notes and tools available (some for IE and some for Firefox) as discussed after our team meeting.

  Regards,

  - Richard

Cyber Threat Awareness

Browsing the Web

Compliments of SANS Institute
Copyright 2010, SANS Institute
What is a web browser? Everybody uses a web browser to access the Internet. That fact alone makes the web browser a tempting target for Bad Guys who want to take over your computer and use it for their own nefarious purposes by installing malicious software, or “malware.”
Why is it important for me to know about malware? In the past, a user had to take some specific action, like opening an email attachment, for their computer to become infected with malware. Lately, simply visiting a website can cause your computer to become infected. This type of "drive-by download" is accomplished using features built into web browsers that allow them to run scripts. Scripts are really small computer programs that normally do useful things, like display a video, allow you to choose from a menu and maintain a shopping cart, among others. Unfortunately, scripts can also be used to install malware on your computer without your knowledge or consent.
Security firm Websense
says Internet users are always within "two degrees of malware separation" as they click from one site to another.
Simply visiting a website can cause your computer to become infected
What can I do to keep my browser safe? We have assembled a variety of measures and tools that you, the computer user, can use to make your web browsing experience safer by limiting the impact of scripts and helping you to avoid potentially harmful websites.

General Browser Security Tips

Keep your browser up-to-date. The Bad Guys are constantly identifying new vulnerabilities and weaknesses in browsers and browser makers are constantly releasing updates to fix them. Running the latest version of your browser ensures that you have the benefit of the latest security technology. NOTE: MITRE’s only supported browser is Internet Explorer (IE). You may contact the MITRE Corporate Help Desk
for concerns or questions about IE, or for an unsupported browser (e.g., Firefox, Opera, Safari, Chrome, etc.), try one of the shared lists (listserves) for usage questions.
Be careful about browser plug-ins. Plug-ins are browser extras — small, downloadable programs that add functionality to your browser. When you browse to a website, you may receive a message onscreen that in order to work with the site, you have to download and install a browser plug-in. "Just click here." But think before you click. Remember that any software you install will need to be updated, and may contain security vulnerabilities. Do you know that this website and the plug-in are trustworthy? If you don't know or aren't sure, don't click. Do you really need that plug-in? The fewer plug-ins you have installed, the safer your browser will be.
MITRE Cyber Threat Alert: The Bad Guys use these plug-in notification messages as a means of delivering malware, usually by indicating you need a plug-in when you actually don’t, and then seemingly failing when you try to install the said plug-in. In the meantime, malware was quietly downloaded to your system.
Check that your browser and plug-ins are up-to-date. Qualys has published a website that will do a quick check on your browser to help you identify common security issues. Visit https://browsercheck.qualys.com/
and install the plug-in (yes, this one is safe!). Then click the "Scan Now" button. Note that Javascript is also required. An onscreen report tells you whether or not your browser and commonly installed plug-ins are up-to-date and provides you with a convenient way to update any found to be out-of-date.
Consider using Web of Trust (WOT). The Web of Trust is a cooperative venture that warns users of potentially dangerous websites. When you do a Google search, a circular indicator will appear next to each search result that has been rated by the service. Red indicates a site that is probably dangerous, yellow a potentially dangerous site, and green a site that is probably safe to use. Once you've logged in to a website, the same indicator appears in the title bar of the browser. Keep in mind that WOT ratings are based on votes cast by members of the Internet community, and while not necessarily authoritative, can provide useful information about websites to avoid. For more information visit http://www.mywot.com/
.
Google recently announced it would begin flagging sites in its search results that appear to have been hacked.

Tips for Internet Explorer

Microsoft's Internet Explorer (IE) is one of the most commonly used browsers. Protect your computer by running the latest version whenever possible. Right now that's IE8. If upgrading to IE8 is not possible, here are some tips for improving the security of IE7.
NOTE: MITRE requires IE8; earlier versions are not permitted to access the Internet
1.    Prevent Data Execution (DEP). Bad Guys exploit vulnerabilities in IE to infiltrate your computer with malware masquerading as data. Microsoft has published a "Fix It" site to turn on Data Execution Prevention (DEP) for IE7
. Click the button marked "Enable the application compatibility database." Note: The DEP fix is not needed for IE8 and later versions.
Ease of implementation: Moderate
Impact on browsing: Minimal
2.    Turn on the Phishing Filter. Microsoft includes a Phishing Filter in IE that detects when a website is not exactly what it appears to be. If the site you are visiting is on the list of reported phishing websites, IE will display a warning web page and a notification on the address bar. From the warning web page, you can continue or close the page. If the website contains characteristics common to a phishing site but isn't on the list, IE will notify you in the address bar that it might be a phishing website. You can turn on the Phishing Filter from the Tools menu in IE. For more information visit https://www.microsoft.com/mscorp/safety/technologies/antiphishing/at_glance.mspx.

Ease of implementation: Moderate
Impact on browsing: Minimal
3.    Increase IE Security Settings. The Internet Options menu in IE contains a Security tab that gives you a great deal of control over the behavior of IE when you visit a website. The default setting of "Medium-high" for the Internet Zone will prompt you before downloading any content that IE assesses as unsafe. By changing this setting to "High," you can effectively block all scripts from running on any web page you visit. While this is the safest possible setting, it can severely impact the performance of a website. To allow scripts to run on sites you trust, you can add them to the Trusted Sites Zone, one site at a time or whole domains at once using a wildcard (*). For example, entering http://*.sans.org
would allow you to browse the entire SANS website without any prompts. For more information visit http://support.microsoft.com/kb/174360.

Ease of implementation: Difficult
Impact on browsing: Severe
The fewer plug-ins you have installed, the safer your browser will be.

Tips for Firefox

The comments and suggestions below relate specifically to Firefox 3.6, the current version. The security suggestions below take the form of "Add-ons" that are downloaded and added to Firefox using the Tools menu.
1.    NoScript. This add-on blocks scripts from running in Firefox. When you visit a website that wants to run scripts, NoScript will display a warning at the bottom of the screen, and give you the opportunity to allow scripts to run on a temporary or permanent basis. Not allowing the scripts to run can severely impact the performance of many web pages. After you have used NoScript for a while, it will learn about the web pages you visit frequently and will not be as "pesky." For more information visit http://noscript.net/
.
Ease of implementation: Moderate
Impact on browsing: Moderate to severe
2.    HTTPS Everywhere. You are probably familiar with HTTPS from using encrypted secure sites like those for online banking. Many websites offer some limited support for encryption over HTTPS, but make it difficult to use. HTTPS Everywhere attempts to make a secure connection to many of the most popular sites on the Internet even if you don't specifically ask for it. If it fails to make a secure connection, it defaults to an unencrypted HTTP connection and your browser continues to function as if nothing had happened. For more information visit https://www.eff.org/https-everywhere
.
Ease of implementation: Moderate
Impact on browsing: Minimal
3.    Adblock Plus. Adblock Plus is an extension for Firefox, Thunderbird, and several other applications with the primary goal of removing advertisements. It works by comparing ads that are about to be displayed with a set of filters that describe undesirable advertising. When you install Adblock Plus, it sets up a subscription to a basic set of filters that will meet the needs of most users. Many additional sets of filters are available for your use. For more information visit http://adblockplus.org/en/
.
Ease of implementation: Moderate
Impact on browsing: Moderate

No comments:

Post a Comment