Saturday, 20 August 2011

Add-on’s to help make your browser more secure.

A multitude of security extensions exist that enhance the native capability of both IE8/9 and FireFox (and Chrome and Safari). These range from open-source projects to commercial offerings suitable for enterprise deployment. Some of the most well-known browser security extensions include:

  • Exploit Prevention Labs' LinkScanner (http://linkscanner.explabs.com/linkscanner/default.aspx)
  • Google toolbar (http://toolbar.google.com/T5/intl/en/index.html)
  • McAfee's SiteAdvisor (http://www.siteadvisor.com/)
  • Netcraft's Anti-Phishing Toolbar (http://toolbar.netcraft.com/)
Exploit Prevention Labs offers a commercial version of its product, LinkScanner Pro that is designed to “inspects each web page when you visit for exploits, hacked pages and malicious lures.” This extension also modifies the results returned from most major search engines such that a colour-coded icon appears alongside each entry returned from the engine. This rating system is designed to aid users in avoiding sites that pose an active threat.

LinkScanner’s proxy technology will sandbox the URL visited by the user (in real time) on their own system if the site has not been previously analysed. This will return an analysis of any hidden exploit code and the particular exploit if it is known.

The Google toolbar and Netcraft's Anti-Phishing Toolbar (see Figure 1) each provide a set of controls for both IE and FireFox that are designed to minimise the likelihood of a successful phishing attack. By presenting the user with a rating for the site and detailed information about the sites domain and content, the user is far less likely to be fooled into entering their information into a rogue system.


Figure 1: The Netcraft Anti-Phishing Toolbar[1]
 
McAfee's SiteAdvisor is offered as a free (though limited in functions) and commercial product. Extensive tests of websites are conducted by McAfee, with the results being displayed to the user through the extension. This can be loaded in an enterprise environment to block user access to suspicious or dangerous websites.

The FireCat project[2] for FireFox is designed as a “mindmap collection of the most efficient and useful FireFox extensions oriented application security auditing and assessment.” With the forthcoming version 2.0 of this project, FireCAT will incorporate an advanced “management of plug-ins, instant download from security-database, ability to add new extension, extension version checker, FireFox 3.X compatible extensions.”


Figure 2: The FireCatEextension Map for FireFox

The security controls and extensions developed both commercially and as open-source releases for FireFox are multitudinous. Extensions such as No-Script (see Figure 3) and Firebug[3] can be used to turn the browser into a Malware analysis platform. These extensions (and others of the same class) allow a sophisticated user to finely control the actions of scripts and active code in their browsers.
Figure 3: About NoScript

NoScript

NoScript blocks the execution of all executable web content (JavaScript, Java, Flash, Silverlight, and other plugins). The user has to explicitly allow and whitelist sites for NoScript to accept them.

NoScript can force the browser to always use HTTPS when establishing connections to some sensitive sites, in order to prevent man-in-the-middle attacks.

It also have anti-repinning controls, Anti-XSS and Anti-ClickJacking protections built in.

To learn more about NoScript, visit the following pages:
and




[1] See http://toolbar.netcraft.com/. The image was sourced from this site.
[2] See http://www.security-database.com/toolswatch/IMG/png/FireCAT1.4.png for the image in figure 2 and http://www.security-database.com/toolswatch for the FireCat project.
[3] See http://getfirebug.com/

No comments: