Safe & Secure Internet Browsing
As web development has matured so to have the applications and interfaces of websites and the browsers used to view and access them. The fact that we can do so much more on the web now than ever before comes with greater opportunities for criminals. Here, we go though some of the things people can do to ensure that they are browsing more safely.
This is edited content from Sarb Sembhi and co-host Nick Ioannou. Also in video and podcast media.
Access, Anti-malware, Apps, Attack, Attackers, Availability, Authentication, Breach, Cache, Credentials, Confidentiality, Cookies, Domain name, DNS, Encryption, Exploits, Firewall, Identity, Keylogger, Malware, Networks, Packet, Password, Phishing, Risk, Router, Session, Threats, Tokens, Virus, Vulnerability.
- Introduction
- What Users get Wrong with Browsers
- Updating Browsers
- Public Wi-Fi
- Secure and Private Desktop Browsers
- Secure and Private Mobile Browsers
- Reducing Risk Through Browser Compartmentalisation
- Separating Bookmarks by Browser
- Bookmark to Reduce Email Link Click-though
- Browser Extensions for Secure Browsing
- Using a VPN for Secure Browsing
- Checking Emails in a Browser
- Downloading Files from the Internet
- Password Management in Browsers
- Private Browsing Modes Lack Privacy
- How Many Browsers are There?
- Example Compartmentalisation
- Conclusion
This is edited content from Sarb Sembhi and co-host Nick Ioannou. Also in video and podcast media.
Introduction
Today we're looking at browsing the internet more safely in small and medium-sized organisations, in we're going to talk about using browsers securely and preserving privacy. We’re going to start by looking at what users get wrong with browsers and browsing.
What Users get Wrong with Browsers
Security professionals often suggest that if a user can ensure that their basic security hygiene is good, then they only need to be aware of the web sites they browse. Some of the basic things that users get wrong about browsers before they even start browsing include the following:
- Not updating the browser – for everyday secure browsing it is important to update each browser that the organisation authorises for use. This activity is a basic cyber hygiene activity that can easily be automated in most browsers. Attackers rely on this to exploit older versions of browsers.
- Understanding the difference between security and privacy – these are two different concepts that are often intentionally confused by many service providers where they may want end users to compromise one for the other. Many of the big internet technology companies have been known to do this regularly. Users should insist on both, not one at the expense of the other. Whereas security is concerned with Confidentiality, Integrity and Availability (CIA), privacy is mainly concerned with Confidentiality (C).
- Encryption – in particular, this is encryption of any data not just between the browser and the website being visited, but also encrypting all other data. This does include encrypting the network connection, the Domain Name Server (DNS) service. Users often forget that their internet service provider is able to track all their browsing, unless they change their default DNS settings on their router, devices and or browsers. Or, that when they connect with a Wi-Fi service in a public place unless the connection is encrypted all their data will be sent in plain text to the router and can be accessed by anyone. Attackers can use this information to plan how they may be able to attack a user.
- Saving Authentication Credentials in the browser – the functionality to save usernames and passwords within the browser has been around for many years, however, this is something that is likely to be targeted by attackers. Because of this it is often better to save authentication information in a password manager which can be accessed on all devices and browsers more easily. Attackers may try to exploit this to gain access to all passwords.
- Cookies which are necessary to benefit from site visits from tracking cookies – there are several types of cookies used in browsers. The websites a user visits are known as first party cookies as they originate from that website. All other cookies which come from the partners of the website are called third party cookies. Regardless of whether they are first- or third-party cookies, some cookies are essential for the site’s security and functionality, others are used for marketing, advertising, tracking and profiling. Although most website may offer users the options to accept the different types of cookies, users often not want to take the time to select which groups of cookies to accept and end up accepting the ‘all cookies’ option without thinking about it. It is due to the use of cookies that many specialist marketing companies are able to profile users. Later, we’ll be talking about the current move by Google to stop the support for third party cookies in favour of its own alternative service.
- History / cache – most browsers will keep a history of all browsing activities; the exceptions are often the secure or privacy focused browsers; where everything is deleted when the browser is closed. As a default, all browsers will store all history until it is deleted, this setting can and should be changed depending on how the user intends to use the browser – which we come onto later. History is often considered to be the websites visited, and the cache is all the files that get downloaded whilst visiting each page of the site. The term cache includes all images, videos, sound, stylesheets, JavaScript’s, other types of code. Some browsers allow easy access to see all files and not just the history of visited sites. The history information gives away which banks and shopping sites a user logs onto, when, etc.
- Third party plugins / extensions – these have been a feature of modern browsers for many years and there have been many examples of plugins being used to track users, or even turn out to be malware. Many of the most useful uses of plugins and extensions have been incorporated into the browser over time, for example the functionality of being able to view different file types are now built right into the browser through html and stylesheets. The different internet bodies responsible for standards have made things more consistent than they were in the past, thus reducing the need for those plugins and extensions which often slowed down the browsing experience. Later we include a list of plugin and extensions which are still useful today for security and privacy.
- The lie of the “Private Browsing Mode” – this mode has often been thought of by users as a functionality which stops websites from knowing or being able to track and collect user data. However, the reality is that it is nothing more than not allowing someone on the user’s end from identifying which sites the user has visited. So, this functionality has been used by many users believing that they are browsing websites anonymously, when in fact they are not. This misunderstanding has wrongly given users confidence to visit sites they would not have visited with no added privacy at all – be they visiting social media, dating or any other services.
- Mobile browsing is different to PC browsing – as mobile operating platforms are essentially run by two competitors; the competition is less intense now. However, both operating systems were developed to attract applications developers to develop more apps for their systems, and in both cases, this meant allowing the developers to collect as much user information as they wanted without any user consent. Although this is changing, and we cover it later, mobile browsing on Android is far from private and has just got better on Apple’s iOS devices.
Now let’s take a look at how some of these can be overcome with different tools or techniques to provide a more secure and private browsing experience.
This section of the article is only available for our subscribers. Please click here to subscribe to a subscription plan to view this part of the article.
Infographic images are copyright of Virtually Informed, and available to registered users for download during the publication week of the blog article together with other downloadable resources, including: all related infographics on this page, example policy templates, posters, screen savers and much more.