17. Secure Web Browsing

Question 1

What is client-side scripting in web browsing?

Answer 1

Code executed within browser that alters page’s appearance or adds functionality

Server-side scripting means code runs on the server to display the page

Disabling scripting in the Firefox browser requires the advanced options configuration interface and cannot be configured on a site-by-site basis.

Question 2

Why is enabling client-side scripting not that risky?

Answer 2

Modern browsers “sandbox” the scripts running on page/browser

Scripts can’t change anything on other tabs or on the computer (Atleast not without explicit authorization from the user). Scripting can be disabled in some browsers via settings, though newer browsers like Microsoft’s Edge don’t permit script disabling.

Question 3

Browser Add-ons

What do browser extensions do?

Answer 3

Add functionality to the browser

They might install a toolbar or change menu options. They can run scripts to interact with the pages you are looking at.

Question 4

What are browser cookies?

Answer 4

Plain text files created by a website when you visit it

Question 5

Purpose of browser cookies?

Answer 5

To store session info to personalize the website for users

Cookies can store data like form inputs, site preferences, and can be used for targeted ads or to gather browser info, IP address, and browsing habits, often revealing geographic location

Question 6

Meaning of PII?

Cookies are a type of PII

Answer 6

Personally Identifiable Information

Question 7

What are root certificates?

Answer 7

Certificates pre-installed on browsers that are automatically trusted

These represent the commercial CAs that grant certificates to most of the companies that do business on the web

Question 8

Meaning of PKI?

Answer 8

Public Key Infrastructure

Question 9

What is PKI?

Answer 9

Framework where Certificate Authorities (CAs) verify server certificates for browsers

This ensures secure communication

Question 10

How to know if a site you visit is valid & trusted?

Answer 10

Padlock is shown

Question 11

How to know if a site you visit is HIGHLY trusted?

Answer 11

Padlock is shown & address bar is colored green

Question 12

How to know if a site you visit is untrusted or invalid?

Answer 12

Site is blocked by a warning message

If you want to trust the site anyway, click through the warning

Question 13

What do firewalls do?

Answer 13

Restrict access to a computer/network to a defined list of hosts & apps

Question 14

How do firewalls restrict access?

Answer 14

By filtering packets as they move through the system

firewalls make decisions based on predefined rules about whether to allow or block those packets.

Question 15

What can packet filters on firewalls be applied to?

Answer 15

• IP addresses
• Port numbers

IP addresses will affect host devices; Ports will affect app protocols (HTTP, FTP, SMTP, etc.)

Question 16

What does stateful inspection in firewalls do?

only advanced firewalls have this

Answer 16

Blocks unencrypted packets with suspicious signatures or activity patterns

Question 17

What is a hardware firewall?

Answer 17

Deicated appliance with firewall installed as firmware

Question 18

What is software firewall?

Answer 18

Software installed as an app

Question 19

What is a host/peronal firewall?

Answer 19

Software installed on client PC

Windows PCs use Windows Defender Firewall

Question 20

To limit access to a computer on a network to one internet host with a specific app, what do you configure in your firewall’s ACL?

Answer 20

• Host’s IP address
• App’s port number