Monday, August 24, 2009

Securing your web browser

Securing your web browser

In order to secure your web browser, you must change the setting on Internet Explorer by selecting tools then Internet options on the web browser tool menu. Select the security tab were you set the security level for Internet zone. The Internet zone is applied to all web sites that do not have customized security levels set. You can learn more about Internet security zones at http://www.microsoft.com/windows/ie/ie6/using/howto/security/setup.mspx.
The recommended setting for the Internet zone is high security setting. The high security setting will disable ActiveX, Active scripting, and Java. In the security setting for this zone, drag slider control up to high. You can further customize your security settings by clicking on the custom level. This gives you the ability to control security settings for the current zone. IF you plan on using only one browser, you will have to use trusted sites to have full capability of web sites that uses ActiveX and scripting.

Monday, August 10, 2009

Web Browser Security 2 -- protect your data and I.D.





Web Browser feature vs. risk:





JavaScript is a scripting language that makes web sites interactive. JavaScript has to be set to limit access to local files.

VB Script is a Microsoft scripting language that makes web sites interactive. The added capability of scripting is often abused or attacked by hackers.






  • Cross-site Scripting or XSS attack takes advantage of trust relations you have with certain web sites.



  • Cross-zone vulnerabilities web browser typically limit access to local files or domains via security zone separation. If your security level is to low, you may be vulnerable.



  • Detection evasion Anti-virus, Intrusion Detection System, Intrusion Prevention System looks for and detects specific activity patterns. If a know bad pattern is detected then counter measures can be taken. Web scripting can go undetected due to dynamic nature of programming.

Securing your web browser


The software listed above must be configured properly and you must understand the functionality of ActiveX, Java, and scripting to understand the risk involved with vulnerabilities. Some features you may want to disable or turn on for specific web sites to enhance security.


Most users who have a Microsoft Windows operating system may use Internet Explorer as a default web browser. There are many different web browsers available such as Mozilla, Safari, and Chrome. Since different applications may use different browsers, all must be secured. You may at some point want to have a totally secured web browser for all financial activity and one for general web browsing. By securing your web browser you can minimize the chances that vulnerability in a web browser can be used to comprise your information.

Wednesday, August 5, 2009

Web Browser security -- protect your data and I.D.





Web Browser Security
Hackers are using vulnerabilities in Web browsers to comprise computer systems. Many of the high profile security breaches have resulted from web browser security holes. I will be reviewing how to protect your data and your Identity.


Web Browser features vs. risk:
Active X is used by Microsoft Windows Explorer and allows application to use the browser. Active X has been targeted by Hackers and used to comprise many systems.

Java is object orientated programming that develops content for web sites. Java applets require a Java virtual machine that has the capability to modify operating system settings if exploited properly.

Plug-ins applications are used with browser such as Mozilla, Safari and Adobe Acrobat and typically can not be used outside of browser application or Adobe flash. Plug-ins can contain programming flaws such that allow buffer over flows and other security violations.

Cookies are files used to store data about certain web site. If a cookie is used to store log in I.D. or password, a hacker could obtain unauthorized access to that site by obtaining the cookie.





I will be covering how to secure you browser in next blog.