College of Information Technology, University of Babylon, Iraq

Samaher@inet.uobabylon.edu.iq

By

Dr. Samaher Hussein Ali

LECTURE NOTES ON Browser Protection

Department of Software The University of Babylon

21 December 2013

Def. of Browser

A web browser (commonly referred to as a browser) is a software application for

retrieving, presenting and traversing information resources on the World Wide

Web. An information resource is identified by a Uniform Resource Identifier

(URI/URL) and may be a web page, image, video or other piece of content.

Hyperlinks present in resources enable users easily to navigate their browsers to

related resources.

• Note 1:

The major web browsers are:

Google Chrome, Opera , Internet Explorer, Mozilla Firefox, and Safari.

Dr. Samaher Hussein Ali Notes of Lecture 14

21 December 2013

Def. of Browser & Browser security

Another Def. of Browser: A software program that allows a person to explore the Internet in an easy to use way. Navigating the Internet through a series of links the user is able to browse the Internet.

Browser security is the application of Internet security to web browsers in order to protect networked data and computer systems from breaches of privacy or malware.

Q: How can we Protection of the browser from intruding without deleting the history?

There are several ways in which we can make that your browser user security for our personal information on whether there was more than one person using the same computer through

First: Hush adds protected bookmarks to Chrome’s incognito :mode

Second: Private Browsing

Third: Proxy Servers for Private Browsing

Dr. Samaher Hussein Ali Notes of Lecture 14

21 December 2013

How can protect my Browser?

Protect browser from others who tracking the history is so important will be either by the following :

1. using the private browser which don’t save any history of your browser sits , many browsers

supports this feature like chrome browser and Mozilla browser ,to active private Mozilla browser

will be by the following Steps:

Type “about;config” on Address bar then warning window will appear then click on “I’ll be

careful. I promise!” , then type “ Browser.private ” make it True.

2. you can protect your Chrome Browser by create multi user window and each window have

username and password .

By the following:

• Go to setting add new user type the name and give password for each user.

Dr. Samaher Hussein Ali Notes of Lecture 14

21 December 2013

How to Secure Your Web Browser From Type Internet Explore

Microsoft Internet Explorer (IE) is a web browser integrated into the Microsoft Windows operating system. Removal of this application is not practical. In addition to supporting Java, scripting and other forms of active content, Internet Explorer implements ActiveX technology. While any application is potentially vulnerable to attack, it is possible to mitigate a number of serious vulnerabilities by using a web browser that does not support ActiveX controls. However, using an alternate browser may affect the functionality of some sites that require the use of ActiveX controls. Note1: that using a different web browser will not remove IE, or other Windows components from the system. Other software, such as email clients, may use IE, the Web Browser ActiveX control (Web OC), or the IE HTML rendering engine (MSHTML). Results from the CERT/CC ActiveX workshop in 2000 are available at http://www.cert.org/reports/activeX_report.pdf. Here are steps to disable various features in Internet Explorer 7. Note that menu options may vary between versions of IE, so you should adapt the steps below as appropriate.

Dr. Samaher Hussein Ali Notes of Lecture 14

21 December 2013

How to Secure Your Web Browser From Type Internet Explore

In order to change settings for Internet Explorer, select Tools then Internet Options…

Select the Security tab. On this tab you will find a section at the top that lists the various security zones

that Internet Explorer uses. More information about Internet Explorer security zones is available in the

Microsoft document Setting Up Security Zones. By selecting the High security setting, several features

including ActiveX, Active scripting, and Java will be disabled. With these features disabled, the browser

will be more secure. Click the Default Level button and then drag the slider control up to High.

Dr. Samaher Hussein Ali Notes of Lecture 14

21 December 2013

How to Secure Your Web Browser From Type Internet Explore

Dr. Samaher Hussein Ali Notes of Lecture 14

21 December 2013

For a more fine-grained control over what features are allowed in the zone, click the Custom Level button. Here you can control the specific security options that apply to the current zone. For example ActiveX can be disabled by selecting Disable for Run ActiveX controls and plug-ins. Default values for the High security setting can be selected by choosing High and clicking the Reset button to apply the changes.

The Trusted sites zone is a security zone for sites that you think are safe to visit. You believe that the site is designed with security in mind and that it can be trusted not to contain malicious content. To add or remove sites from this zone, you can click the Sites… button. This will open a secondary window listing the sites that you trust and permitting you to add or remove them. You may also require that only verified sites (HTTPS) can be included in this zone. This gives you greater assurance that the site you are visiting is the site that it claims to be.

How to Secure Your Web Browser From Type Internet Explore

Dr. Samaher Hussein Ali Notes of Lecture 14

21 December 2013

We recommend setting the security level for the Trusted sites zone to Medium-high (or Medium for Internet Explorer 6 and earlier). When the Internet Zone is set to High, you may encounter web sites that do not function properly due to one or more of the associated security settings. This is where the Trusted sites zone can help. If you trust that the site will not contain malicious content, you can add it to the list of sites in the Trusted sites zone. Once a site is added to this zone, features such as ActiveX and Active scripting will be enabled for the site. The benefit of this type of configuration is that IE will be more secure by default, and sites can be “whitelisted” in the Trusted sites zone to gain extra functionality.

The Privacy tab contains settings for cookies. Cookies are text files placed on your computer by various sites that you visit either directly (first-party) or indirectly (third-party) through ad banners

How to Secure Your Web Browser From Type Internet Explore

Dr. Samaher Hussein Ali Notes of Lecture 14

21 December 2013

You can then evaluate the originating site, whether you wish to accept or deny the cookie, and what action to take (allow or block, with the option to remember the decision for all future cookies from that web site). For example, if visiting a web site causes a cookie prompt from a web domain that is associated with advertising, you may wish to click Block Cookie to prevent that domain from being able to set cookies on your computer, for privacy reasons

By selecting the Sites... button, you can manage the cookie settings for specific sites. You can add or remove sites, and you can change the current settings for existing sites. The bottom section of this window will specify the domain of the site and the action to take when that site wants to place a cookie on your machine. You can use the upper section of this window to change these settings.

How to Secure Your Web Browser From Type Internet Explore

Dr. Samaher Hussein Ali Notes of Lecture 14 21 December 2013

Alternatively, if you do not wish to receive warning dialogs when a site attempts to set a cookie, you can use Internet Explorer's pre-set privacy rules. Click the Default button and then drag the slider up to High. Note that some web sites may fail to function properly with the High setting. In such cases, you may add the site to the list of sites for which cookies are allowed, as described above

The Advanced tab contains settings that apply to all of the security zones. We recommend that you disable the Enable third-party browser extensions option. This option includes tool bars and Browser Helper Objects (BHOs). While some add-ons can be useful, they also have the ability to violate your privacy. For example, a browser add-on may monitor your web browsing habits, or even change the contents of web pages in an attempt to gather personal information.

How to Secure Your Web Browser From Type Internet Explore

Dr. Samaher Hussein Ali Notes of Lecture 14

21 December 2013

Internationalized Domain Names (IDN) can be abused to allow spoofing of web page addresses. This can allow phishing attacks to be more convincing. More details about IDN spoofing can be found in Vulnerability Note VU#273262. To protect against IDN spoofing in Internet Explorer, enable the Always show encoded addresses option. This will cause IDN addresses to be displayed in an encoded form in the Internet Explorer address bar and status bar, which will remove the visual similarity to the spoofing target address. We also recommend that you disable the Play sounds in webpages option. Sounds in web pages are rarely integral to web page content, and may also introduce security risks by having the browser process additional untrusted data. This option is for Internet Explorer's ability to natively handle sounds. It will not interfere with other software, such as Adobe Flash or Apple QuickTime.

How to Secure Your Web Browser From Type Internet Explore

Dr. Samaher Hussein Ali Notes of Lecture 14

21 December 2013

the links below show where to find information for four popular web browsers: Opera - http://www.opera.com/support/tutorials/security Mozilla SeaMonkey -

http://www.mozilla.org/projects/seamonkey Konqueror - http://www.konqueror.org Netscape - http://browser.netscape.com

Under the Programs tab, you can specify your default applications for viewing web sites, email messages and various other network related tasks. You can also disable Internet Explorer from asking you if you would like it to be your default web browser here.

which information InPrivate Browsing discards when you close the browser

The following table describes which information InPrivate Browsing discards when you close the browser and how it is affected during your browsing session

Dr. Samaher Hussein Ali Notes of Lecture 14

21 December 2013

How do I open a new Private Window If I use the firefox?

Dr. Samaher Hussein Ali Notes of Lecture 14

21 December 2013

There are two ways to open a new Private Window. Open a new, blank Private Window

At the top of the Firefox window, click the Firefox button and select New Private Window. A new Private Window will open.

Right-click on any link and choose Open Link in New Private Window from the context

menu. A new Private Window will open with the link you selected.

How do I open a new Private Window If I use the firefox?

Dr. Samaher Hussein Ali Notes of Lecture 14

21 December 2013

Important: When in Private Browsing mode, the Firefox button will be purple. You may also have other windows open that are not Private Browsing windows.

How do I open a new Private Window If I use the Firefox?

Dr. Samaher Hussein Ali Notes of Lecture 14

21 December 2013

How do I always start Firefox in Private Browsing? There is a setting in the Options window that automatically enables Private Browsing whenever you start Firefox. Note: If you enter Private Browsing this way, the Firefox button won't turn purple but Firefox will still not retain your history as described above.

1. At the top of the Firefox window, click

on the Firefox button and then select Options

2. Select the Privacy panel. 3. Set Firefox will: to Never remember

history. 4. You will see a message that Firefox

needs to restart to enable this feature. Click OK and Firefox will restart in permanent Private Browsing mode.

Notes:

Dr. Samaher Hussein Ali Notes of Lecture 14

21 December 2013

Note 1: Private Browsing doesn't make you anonymous on the Internet. Your Internet service provider, employer, or the sites themselves can still track what pages you visit. Private Browsing also doesn't protect you from spyware that may be installed on your computer Note 2: If you create new Bookmarks while using Private Browsing, they will not be removed when you stop Private Browsing. Note 3: If you save files to your computer while using Private Browsing, they will not be deleted when you stop Private Browsing. However, any files you open in an external application will be cleared from the system's temporary folder, and none of the files you download will appear in the Downloads list.