What is Browser Security?
The web browser has evolved from a mechanism for displaying text documents to the ubiquitous tool for interacting with a huge variety of online content, including rich media and dynamic web applications.
Having a single platform for handling all these various functions and media types is useful for the user, but it comes at the expense of browser security. The complexity of the browser exposes numerous points of weakness that an attacker can exploit.
Some of the most commonly exploited weaknesses of a web browser include weak antivirus and other defenses on the user’s device, unblocked popups, malicious redirects, malicious browser extensions and unsafe plugins, DNS attacks, and unsafe use of save passwords and form data.
There are two primary avenues for preventing these threats: adopting technical solutions that can limit their impact, such as browser security solutions and web filtering, and educating users to adopt safe browsing practices.
Top Browser Threats and How to Prevent Them
Weak Antivirus Software and Other Protections
Threat actors are devising increasingly sophisticated ways to breach antivirus software, firewalls, and other measures of protection. Many threat actors manage to sidestep these defenses without being detected.
You can implement web browsing proxies, content filtering, and email scanners, to prevent threats before they reach the user’s browser. To provide additional layers of protection, deploy browser security solutions, which can detect internal and external web threats.
Additionally, organizations should implement automated patching, to ensure browsers, operating systems and other software is always running the latest, most secure, version. Employee training is also essential, because it can help users avoid falling for phishing and other social engineering attacks, and reduce their exposure to threats.
Redirects and Pop-up Ads
Pop ups are commonly used by threat actors as a means to infect computers with malicious code. The pop up may try to coerce users into accessing unsafe web pages, or downloading malware. There are various techniques for forcing users to interact with the pop-up — attackers may create a popup that cannot be closed, or include a warning that will urge the user to download a malicious payload.
Another technique is malicious redirects — these take the user from a safe web page to a malicious page. The malicious page may use browser or operating system vulnerabilities to trigger a drive-by download, might announce a warning or a threat, to trick users into downloading malware, or may pretend to be a legitimate page requesting the user’s sensitive details.
How to prevent popup and ad blockers can be very effective in reducing the threat of these attack techniques. Content filtering solutions can add another layer of defense, preventing malicious content from being displayed to users in the first place. Web filtering can be deployed on the user’s device or at the enterprise level — for example by using a secure web gateway (SWG).
Browser Extensions and Plugins
Plugins and browser extensions help improve user experience and extend the functionality of websites. However, while some plugins are well made, others are poorly designed and introduce vulnerabilities into the site. There are also plugins that are deliberately created with malicious intent.
To prevent this type of threat, create a policy that restricts users from installing plugins and extensions, preferably using a list of allowed and restricted plugins. Another option is adopting centralized software whitelisting and blacklisting solutions—these can be applied to plugins as well, enabling a centrally-governed solution for unsafe plugins.
Communication with DNS Servers
When a user types an address into a web browser, the browser connects to a DNS server to discover the IP address matching that address. The DNS server is responsible for redirecting the browser to the appropriate site, but attackers can subvert this connection through a variety of means, directing the browser to a malicious site instead.
To protect against DNS attacks, organizations should use a private DNS resolver and ensure it is secure. Another option is to use a secure hosted DNS service, ensuring the DNS provider has strong security and compliance measures.
Saved Passwords and Form Info
Passwords protect valuable information and access to systems and networks. If threat actors manage to steal or decipher passwords, they can use these credentials to gain unauthorized access to certain systems and databases, or the entire network. The problem is that many users create the same weak password for many accounts, and use their browser to save passwords in an unprotected way.
It is critical to educate users not to use the browser’s password saving feature, and if possible, to disable it. However, because users do need a way to remember and organize passwords, organizations should implement password management software with the appropriate security and access control features.
A stronger, more effective measure is multifactor authentication (MFA). You can provide more than one way for a user to authenticate—using a piece of information they know (like a password), something they possess (like a mobile device or security token), or a personal characteristic (for example, their voice or fingerprint).
Web Security Solutions
Here are a few technical solutions that can improve browser security in your organization.
Security Browser Extensions
Organizations can opt to add security browser extensions to some or all devices in their organization.
Security browser extensions can protect organizations against a variety of threats in multiple use cases and have the benefit of full compatibility with the web and the enterprise ecosystem, utilizing the existing browser and providing a native browsing experience.
They can provide content and URL filtering, secure web browsing and protect from inbound malicious threats such as malware and phishing attacks.
Additionally, they can protect organizations from internal threats and data loss, and provide governance capabilities with different policy settings to control the browsing experience and manage from an enterprise level.
Organizations can opt to add security browser extensions to some or all devices in their organizations.
Check out Perception Point’s browser security extension in action:
Remote Browser Isolation (RBI)
To provide an extra layer of security when users surf the web, organizations can provide a web browser that is hosted in the cloud. This is known as remote browser isolation. Remote browsing lets users take advantage of the public internet, while maintaining physical isolation from the user’s workstation or mobile device.
Just like a virtual browser, RBI ensures that if the user comes in contact with threats while using the Internet, the infection is contained within the cloud infrastructure and cannot bridge the physical distance between the browser and the local machine.
A downside of RBI is that the user needs to access the remote browser over an Internet connection, and this can introduce latency and performance issues; some RBI solutions may also not be fully compatible with the web ecosystem.
A web filter is a software application that reviews content in web pages and either grants or denies permission to view the content. To determine whether or not to display the content, the web filter uses a predefined set of rules, or more advanced methods such as machine learning-based analysis.
Organizations use web filtering to prevent users from accessing web content that may be malicious (such as web pages that trigger drive-by downloads or run malicious scripts) and content that is not suitable for the workplace. The goal of web filtering is to increase productivity, reduce accountability, and protect corporate networks from web-based threats.
Web filtering solutions can perform additional functions such as traffic analysis reporting, soft blocking (warning users of unsuitable content before access is blocked), and the ability for administrators to unblock specific content at the request of users.
Secure Web Gateway
Secure Web Gateway (SWG) solutions can help companies achieve two main goals: protecting against web-based threats and implementing corporate policies for web traffic. These solutions typically combine several technologies, such as URL filters, malware scanners, and application controls.
A downside of Secure Web Gateways, is that they may not be able to handle today’s sophisticated threat landscape, with different kinds of advanced attacks, such as sophisticated phishing, malicious extensions, malware targeting browsers specifically, browser zero-days, and more.
They will scan most if not all of the traffic statically, similarly to anti-virus scanning, and have susceptibility to evasive and unseen threats.
6 Best Practices for Secure Browsers
Browser security is not complete without user education. Over 90% of cyber attacks include a form of social engineering, and your users are the weakest link in the browser security chain. Teach your users the following best practices, to ensure they adopt safe browsing practices and help protect the organization from threats.
1. Keep Browsers Up-to-Date
Keeping your browser software updated is an essential part of browser security and must never be overlooked. Hackers are constantly hunting for flaws in browsers that they can exploit, with new vulnerabilities being exposed every day.
On company-owned devices, ensure you have an automated patching mechanism to update browsers to the latest version. On user-owned devices, educate users to always run the most up-to-date version of the web browser to protect themselves and the network from browser attacks.
2. Use HTTPS
When visiting a website, users should make sure the site uses HTTPS, which is a secure, encrypted communication protocol. Users should look for the green padlock in the URL bar of the browser, and if it isn’t there (a warning will typically be displayed), avoid using the website.
Users must be aware that HTTPS encrypts the data transmitted between the browser and a website, so it cannot be intercepted. In particular, when the user enters confidential data into the browser, they must ensure that the green padlock appears, otherwise attackers can intercept their communication and steal the data.
3. Use Unique Passwords
Reusing the same password across multiple sites means attackers can compromise a user’s sensitive information more easily, as they can access multiple resources once they have cracked a single password. Users need to understand that billions of cracked passwords are freely available on the dark web, probably including their own weak, reused passwords.
Give users a simple technique to generate strong, unique passwords they can remember. Alternatively, provide an automated mechanism to generate strong passwords. Ensure that users change their passwords frequently, at least every 90 days.
4. Disable Auto-Complete for Forms
Most browsers, as well as many websites, provide the option of remembering passwords and personal details entered into forms. This information, intended to make it easier to revisit websites and fill out forms in future, provides a reservoir of data that attackers can exploit. Hidden fields allow websites to steal form data.
Educate users that an attacker can more easily detect if they have enabled auto-complete for forms. If they remain logged into a site, attackers can hijack their browsing session and steal their data. Users must disable auto-complete features on the browser are disabled and clear any stored passwords.
5. Block Pop-ups and Ads
Pop-up windows are usually a form of online advertisement designed to drive web traffic or obtain the user’s email address. A pop-up window typically opens a new web browser window displaying an advertisement.
While many pop-ups are displayed by well-known companies and are safe, malicious sites and adware programs generate pop-ups that can deliver malware or spyware to user devices, hijack browser sessions, or perform other malicious activity.
Ads can also be malicious—there have been many cases of advertisements shown on legitimate publisher websites, which contained malicious scripts that could do damage to visitors.
Modern browsers have a built-in ability to block popups, and users should enable this option. It is preferable for users to install a browser extension from a known, safe software provider to block popups and ads.
Cookies are small text files that are stored in the browser cache when a user visits certain websites. There are two main types of cookies:
- First party cookies are stored directly by the websites you visit and may contain information such as username and login credentials. This allows users to quickly login on subsequent visits, and remembers their session data. However, these cookies are an attractive target for cybercriminals, who can use them to steal user credentials or sensitive data.
- Third party cookies are served by the website the user is visiting, on behalf of an external website or advertiser. They may be used to track the user’s activities for marketing purposes, but may also be used for malicious purposes.
Cookies may be stored on a user’s system for weeks or longer, unless browser settings specify that cookies should be deleted on a regular basis. Users should specify conservative cookie settings, enabling cookies, but limiting the time cookies stay on their system, and requiring explicit permission before accepting cookies.
Advanced Browser Security with Perception Point
Perception Point Advanced Browser Security adds enterprise-grade security to your organization’s native browsers. The managed solution fuses patented web technology with multi-layer advanced threat detection engines which delivers the unprecedented ability to detect and remediate all malicious threats from the web, including phishing, ransomware, malware, APTs, and more.
The behavior of the browser extension is managed in the cloud, while all of the computing resources run locally on user endpoints. This eliminates the need to invest in a large and costly infrastructure, and provides a better local user experience in terms of speed, along with offline availability.
We add advanced security to native browsers to protect your organization against all malicious threats from the web and protect access to sensitive corporate apps.
Contact us for a demo or download and to learn more our Advanced Browser Security.