Monday, August 10, 2009

Web Browser Security 2 -- protect your data and I.D.

Web Browser feature vs. risk:

JavaScript is a scripting language that makes web sites interactive. JavaScript has to be set to limit access to local files.

VB Script is a Microsoft scripting language that makes web sites interactive. The added capability of scripting is often abused or attacked by hackers.

  • Cross-site Scripting or XSS attack takes advantage of trust relations you have with certain web sites.

  • Cross-zone vulnerabilities web browser typically limit access to local files or domains via security zone separation. If your security level is to low, you may be vulnerable.

  • Detection evasion Anti-virus, Intrusion Detection System, Intrusion Prevention System looks for and detects specific activity patterns. If a know bad pattern is detected then counter measures can be taken. Web scripting can go undetected due to dynamic nature of programming.

Securing your web browser

The software listed above must be configured properly and you must understand the functionality of ActiveX, Java, and scripting to understand the risk involved with vulnerabilities. Some features you may want to disable or turn on for specific web sites to enhance security.

Most users who have a Microsoft Windows operating system may use Internet Explorer as a default web browser. There are many different web browsers available such as Mozilla, Safari, and Chrome. Since different applications may use different browsers, all must be secured. You may at some point want to have a totally secured web browser for all financial activity and one for general web browsing. By securing your web browser you can minimize the chances that vulnerability in a web browser can be used to comprise your information.

No comments: