2.10 - Browser Security Flashcards

1
Q

Browser download and installation

A
  • Always use trusted sources
    – Attackers want you to install the malware for them
    – No fancy exploit required
  • Avoid untrusted third-party sites
    – Don’t click links in emails
    – Don’t follow links from other websites
    – Always visit a browser site directly
  • Use hashes to verify the download
    – Confirm the downloaded file matches the
    version on the server
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Hash verification

A
  • Install a hash checking application
    – Available for command line and GUI
    – Options available in the Microsoft Store
  • Hash values may be available on the download site
    – Usually includes a digital signature for verification
  • Verify the downloaded file
    – Compare the downloaded file hash with the posted hash value
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Extensions and plug-ins

A
  • Trusted sources
    – Official browser extension library
    – Chrome Web Store
    – Microsoft Store
    – Known-good websites
  • Untrusted sources
    – Random or unfamiliar websites
    – Installed by malware
  • This is a significant attack vector
    – Almost everything we do is in our browser
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Malicious browser extensions

A
  • March 2021
    – More than 24 malicious
    – Google Chrome extensions identified
    – Includes 40 malicious domains
    – Not identified by security technologies
  • Malicious activity identified
    – Credential theft
    – Screenshots and keylogging
    – Data exfiltration
  • Don’t trust any software - Always have backups
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Password managers

A
  • Password vaults
    – All passwords in one location
    – A database of credentials
  • Secure storage
    – All credentials are encrypted
    – Cloud-based synchronization options
  • Create unique passwords
    – Passwords are not the same across sites
  • Personal and enterprise options
    – Corporate access
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Secure connections

A
  • Security alerts and invalid certificates
    – Something isn’t quite right
    – Should raise your interest
  • Look at the certificate details
    – May be expired or the wrong domain name
    – The certificate may not be properly signed
    (untrusted certificate authority)
    – Correct time and date is important
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Enable pop-up blockers

A
  • Pop-up blocker
    – Prevent unwanted notification windows
  • Enable or disable
    – Should usually be enabled
    – Disable temporarily when troubleshooting
  • Block and allow
    – Control pop-up blocking on certain websites
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Clearing private data

A
  • Clear browsing data
    – History
    – Saved passwords
    – List of downloaded files
  • Clear cache
    – Parts of a website are stored locally
    – Remove all local data
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Private browsing mode

A
  • Don’t store information from a browsing session
    – Good for privacy
    – Useful when testing or troubleshooting
  • Removes the information when the browser is closed
    – No history tracking
    – No download file list
    – Cached information is deleted
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Browser data synchronization

A
  • Share browsing data across multiple systems
    – Sign in to the browser
  • Use with other computers, tablets, and mobile devices
    – Browsing history
    – Favorites
    – Installed extensions
    – Other settings
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Ad blockers

A
  • Some browsers can block advertising
    – This isn’t always an option
  • Many sites will track visits
    – And recognize a return visit
  • Difficult to always recognize an advertisement
    – You can control the security level
How well did you know this?
1
Not at all
2
3
4
5
Perfectly