2.10 - Browser Security Flashcards
1
Q
Browser download and installation
A
- Always use trusted sources
– Attackers want you to install the malware for them
– No fancy exploit required - Avoid untrusted third-party sites
– Don’t click links in emails
– Don’t follow links from other websites
– Always visit a browser site directly - Use hashes to verify the download
– Confirm the downloaded file matches the
version on the server
2
Q
Hash verification
A
- Install a hash checking application
– Available for command line and GUI
– Options available in the Microsoft Store - Hash values may be available on the download site
– Usually includes a digital signature for verification - Verify the downloaded file
– Compare the downloaded file hash with the posted hash value
3
Q
Extensions and plug-ins
A
- Trusted sources
– Official browser extension library
– Chrome Web Store
– Microsoft Store
– Known-good websites - Untrusted sources
– Random or unfamiliar websites
– Installed by malware - This is a significant attack vector
– Almost everything we do is in our browser
4
Q
Malicious browser extensions
A
- March 2021
– More than 24 malicious
– Google Chrome extensions identified
– Includes 40 malicious domains
– Not identified by security technologies - Malicious activity identified
– Credential theft
– Screenshots and keylogging
– Data exfiltration - Don’t trust any software - Always have backups
5
Q
Password managers
A
- Password vaults
– All passwords in one location
– A database of credentials - Secure storage
– All credentials are encrypted
– Cloud-based synchronization options - Create unique passwords
– Passwords are not the same across sites - Personal and enterprise options
– Corporate access
6
Q
Secure connections
A
- Security alerts and invalid certificates
– Something isn’t quite right
– Should raise your interest - Look at the certificate details
– May be expired or the wrong domain name
– The certificate may not be properly signed
(untrusted certificate authority)
– Correct time and date is important
7
Q
Enable pop-up blockers
A
- Pop-up blocker
– Prevent unwanted notification windows - Enable or disable
– Should usually be enabled
– Disable temporarily when troubleshooting - Block and allow
– Control pop-up blocking on certain websites
8
Q
Clearing private data
A
- Clear browsing data
– History
– Saved passwords
– List of downloaded files - Clear cache
– Parts of a website are stored locally
– Remove all local data
9
Q
Private browsing mode
A
- Don’t store information from a browsing session
– Good for privacy
– Useful when testing or troubleshooting - Removes the information when the browser is closed
– No history tracking
– No download file list
– Cached information is deleted
10
Q
Browser data synchronization
A
- Share browsing data across multiple systems
– Sign in to the browser - Use with other computers, tablets, and mobile devices
– Browsing history
– Favorites
– Installed extensions
– Other settings
11
Q
Ad blockers
A
- Some browsers can block advertising
– This isn’t always an option - Many sites will track visits
– And recognize a return visit - Difficult to always recognize an advertisement
– You can control the security level