Thursday, October 14, 2010

How to make Internet Experience Safe?

Posted by Active Support 24/7- ITPro247 | Thursday, October 14, 2010
Securing Your Web Browser In A Non-Secure Environment

          As You know there are tons of viruses, malewares, Trojans, back-doors, and many other harmful software are being generated by the social engineers and hackers. In this situation we should stay cautioned about every link and every click when we connected to Internet. So I decided to give useful information to my Blog readers.

My This Blog will help you configure your web browser for safer internet surfing. It is written for home computer users, students, small business workers, and any other person who works with limited Information Technology (IT) support and broadband (cable modem, DSL) or dial-up connectivity


There is an increasing threat from software attacks that take advantage of vulnerable web browsers. We have observed a trend whereby new software vulnerabilities are exploited and directed at web browsers through use of compromised or malicious web sites. This problem is made worse by a number of factors, including the following.

  • Many users have a tendency to click on links without considering the risks of their actions.
  • Web page addresses can be disguised or take you to an unexpected site.
  • Many web browsers are configured to provide increased functionality at the cost of decreased security
  • New security vulnerabilities may have been discovered since the software was configured and packaged by the manufacturer.
  • Computer systems and software packages may be bundled with additional software, which increases the number of vulnerabilities that may be attacked.
  • Third-party software may not have a mechanism for receiving security updates.
  • Many web sites require that users enable certain features or install more software, putting the computer at additional risk
  • Many users do not know how to configure their web browsers securely.
  • Many users are unwilling to enable or disable functionality as required to secure their web browser.
As a result, exploiting vulnerabilities in web browsers has become a popular way for attackers to compromise computer systems.


It is important to understand the functionality and features of the web browser you use. Enabling some web browser features may lower security. Attackers focus on exploiting client-side systems (your computer) through various vulnerabilities. They use these vulnerabilities to take control of your computer, steal your information, destroy your files, and use your computer to attack other computers. A low-cost way attackers do this is by exploiting vulnerabilities in web browsers. An attacker can create a malicious web page that will install Trojan software or spyware that will steal your information. Rather than actively targeting and attacking vulnerable systems, a malicious web site can passively compromise systems as the site is visited. A malicious HTML document can also be emailed to victims. In these cases, the act of opening the email or attachment can compromise the system.

How to Secure Your Web Browser
          
Some software features that provide functionality to a web browser, such as ActiveX, Java, Scripting (JavaScript, VBScript, etc), may also introduce vulnerabilities to the computer system. These may stem from poor implementation, poor design, or an insecure configuration. For these reasons, you should understand which browsers support which features and the risks they could introduce. Some web browsers permit you to fully disable the use of these technologies, while others may permit you to enable features on a per-site basis.
 
Internet Explorer provides variety of features and you should understand the risks attached with these features. You should enable Automatic Updates or visit www.microsoft.com for security patches, or hot fixes that Microsoft corporation frequently issue in order to make the browsing experience more secure and better. In addition to supporting Java, scripting and other forms of active content, Internet Explorer implements ActiveX technology. While any application is potentially vulnerable to attack, it is possible to mitigate a number of serious vulnerabilities by using a web browser that does not support ActiveX controls. However, using an alternate browser may affect the functionality of some sites that require the use of ActiveX controls. Note that using a different web browser will not remove IE, or other Windows components from the system. Other software, such as email clients, may use IE, the Web Browser ActiveX control (WebOC), or the IE HTML rendering engine (MSHTML).

Here are steps to disable various features in Internet Explorer 7 or Later. Note that menu options may vary between versions of IE, so you should adapt the steps below as appropriate.

In order to change settings for Internet Explorer, select Tools then Internet Options


Select the Security tab. On this tab you will find a section at the top that lists the various security zones that Internet Explorer uses.
For each of these zones, you can select a Custom Level of protection. By clicking the Custom Level button, you will see a second window open that permits you to select various security settings for that zone. The Internet zone is where all sites initially start out. The security settings for this zone apply to all the web sites that are not listed in the other security zones. We recommend the High security setting be applied for this zone. By selecting the High security setting, several features including ActiveX, Active scripting, and Java will be disabled. With these features disabled, the browser will be more secure. Click the Default Level button and then drag the slider control up to High.

 
 
For a more fine-grained control over what features are allowed in the zone, click the Custom Level button. Here you can control the specific security options that apply to the current zone. For example ActiveX can be disabled by selecting Disable for Run ActiveX controls and plug-ins. Default values for the High security setting can be selected by choosing High and clicking the Reset button to apply the changes. 




The Trusted sites zone is a security zone for sites that you think are safe to visit. You believe that the site is designed with security in mind and that it can be trusted not to contain malicious content. To add or remove sites from this zone, you can click the Sites… button. This will open a secondary window listing the sites that you trust and permitting you to add or remove them. You may also require that only verified sites (HTTPS) can be included in this zone. This gives you greater assurance that the site you are visiting is the site that it claims to be. 



We recommend setting the security level for the Trusted sites zone to Medium-high (or Medium for Internet Explorer 6 and earlier). When the Internet Zone is set to High, you may encounter web sites that do not function properly due to one or more of the associated security settings. This is where the Trusted sites zone can help. If you trust that the site will not contain malicious content, you can add it to the list of sites in the Trusted sites zone. Once a site is added to this zone, features such as ActiveX and Active scripting will be enabled for the site. The benefit of this type of configuration is that IE will be more secure by default, and sites can be “whitelisted” in the Trusted sites zone to gain extra functionality.

 
 The Privacy tab contains settings for cookies. Cookies are text files placed on your computer by various sites that you visit either directly (first-party) or indirectly (third-party) through ad banners, for example. A cookie can contain any data that a site wishes to store. It is often used to track your computer as you move through a web site and store information such as preferences or credentials. We recommend that you select the Advanced button and select Override automatic cookie handling. Then select Prompt for both first and third-party cookies. This will prompt you each time a site tries to place a cookie on your machine. If the number of cookie prompts is too excessive, the option to Always allow session cookies can be enabled. This will allow non-persistent cookies to be accepted without user interaction. Session cookies have less risk than persistent cookies.




 You can then evaluate the originating site, whether you wish to accept or deny the cookie, and what action to take (allow or block, with the option to remember the decision for all future cookies from that web site). For example, if visiting a web site causes a cookie prompt from a web domain that is associated with advertising, you may wish to click Block Cookie to prevent that domain from being able to set cookies on your computer, for privacy reasons.


By selecting the Sites... button, you can manage the cookie settings for specific sites. You can add or remove sites, and you can change the current settings for existing sites. The bottom section of this window will specify the domain of the site and the action to take when that site wants to place a cookie on your machine. You can use the upper section of this window to change these settings. 


Alternatively, if you do not wish to receive warning dialogs when a site attempts to set a cookie, you can use Internet Explorer's pre-set privacy rules. Click the Default button and then drag the slider up to High. Note that some web sites may fail to function properly with the High setting. In such cases, you may add the site to the list of sites for which cookies are allowed, as described above. 



The Advanced tab contains settings that apply to all of the security zones. We recommend that you disable the Enable third-party browser extensions option. This option includes tool bars and Browser Helper Objects (BHOs). While some add-ons can be useful, they also have the ability to violate your privacy. For example, a browser add-on may monitor your web browsing habits, or even change the contents of web pages in an attempt to gather personal information.



Internationalized Domain Names (IDN) can be abused to allow spoofing of web page addresses. This can allow phishing attacks to be more convincing. To protect against IDN spoofing in Internet Explorer, enable the Always show encoded addresses option. This will cause IDN addresses to be displayed in an encoded form in the Internet Explorer address bar and status bar, which will remove the visual similarity to the spoofing target address.  

We also recommend that you disable the Play sounds in webpages option. Sounds in web pages are rarely integral to web page content, and may also introduce security risks by having the browser process additional untrusted data. This option is for Internet Explorer's ability to natively handle sounds. It will not interfere with other software, such as Adobe Flash or Apple QuickTime.




Under the Programs tab, you can specify your default applications for viewing web sites, email messages and various other network related tasks. You can also disable Internet Explorer from asking you if you would like it to be your default web browser here. 


 These are the steps that can reduce the risks/threats that can be exploits without our intention while using internet.

If you have any Question or Suggestion you can write me Email at
Ahmad297@gmail.com

 
Or join me at Twitter
As www.twitter.com/ahmad297
  • Stumble This
  • Fav This With Technorati
  • Add To Del.icio.us
  • Digg This
  • Add To Facebook
  • Add To Yahoo

0 comments:

Post a Comment