Wednesday , December 11 2019
Home / Operating Systems / How to lock down enterprise web browsers

Your organization's web browser is essentially your operating system for the cloud. Secure it appropriately.

How to lock down enterprise web browsers

By

Contributing Writer,

CSO |

Browsers. You can’t use the Internet without them, but they introduce insecurity and instability to the computing environment. Browsers are the operating system of cloud computing and protecting them will become more and more important.

[ Learn how to identify, block and remove malware from Windows PCs. | Get the latest from CSO by signing up for our newsletters. ]

Just last week, Google came out with patches to fix zero-day vulnerabilities with Chrome. As Kaspersky noted in its blog, “The attack leverages a waterhole-style injection on a Korean-language news portal. A malicious JavaScript code was inserted in the main page, which in turn loads a profiling script from a remote site.” The attack determined what browser version and operating system the victim is running. Like many attacks, the goal was to gain persistence on the computer. In this case the malware installs tasks in Windows Task Scheduler.

Both the new Microsoft browser, based on Edge, and the existing Chrome browser will suffer from increasing targeted attacks and zero-day vulnerabilities. You need to look at your user base and determine if their roles and actions put them at increased risks. For highly sensitive machines, you might want to take drastic actions and lock down the browser.

Actions to take include disabling JavaScript in a browser or considering plug-ins and browser scanning tools to help you keep your user base safe.

To disable JavaScript in Chrome, select Menu (the three vertical dots on the far upper right of the browser) -> Settings -> Advanced -> Privacy and Security -> Site Settings. Under “Permissions” look for “JavaScript”. Toggle the setting to “Blocked”.

So many websites use JavaScript that you might find this option too extreme. A wiser approach in a risky environment is to identify those sites for which you must have JavaScript and then only allow JavaScript to run on those websites. You can add those sites in the exception section by clicking on “Add” in the “Allowed” section. Add the URL of the website in the field. Then set the behavior to “Block” or “Allow”. You can even block partial sections of websites.

Add JavaScript exceptions

You can also add the Smart Screen technology via a browser extension from Microsoft to Chrome to prescan sites for JavaScript.

Add the Smart Screen technology to Chrome

The extension allows users to report suspicious sites.

The extension allows users to report suspicous websites

Since recent versions of Chrome now support site isolation, it’s imperative that you keep any and all browsers installed on any device (desktops, phones, tablets) up to date and patched not only to ensure you have all security fixes, but that you receive new protection technologies. Even Microsoft is jumping on the Chrome bandwagon and basing its new Edge browser on the Chrome engine. Microsoft just made announcements at its Ignite conference regarding new logos and new plans as it attempts to reboot it’s beleaguered browser known as Edge.

Microsoft is announcing that Edge is ready for business evaluation and is urging administrators to download and test it. The new browser has Group Policy templates that are separate and distinct from the older Edge Group Policy settings. They allow you to control various settings such as:

For updating purposes, you will be able to control applications and preferences, and you will be able to set a proxy server with Group Policy settings. Edge will be able to update independently from the operating system, thus giving administrators more flexibility.

Bottom line if your firm still relies on Internet Explorer enterprise mode to handle internal corporate websites, it’s time to test Edge based on Chrome. Consider browsers as a platform that you need to protect and defend as much as the operating system itself.

Don’t forget to sign up for TechTalk from IDG the new YouTube channel for tech news of the day.

More on Windows security

This story, “How to lock down enterprise web browsers” was originally published by

CSO.

Copyright © 2019 IDG Communications, Inc.

Source

About IT News Ug

Check Also

‘Servant’ review: A deliciously creepy thriller that creeps along

It’s not clear if ’Servant’ can sustain its frights, but this is still one of Shyamalan’s best productions in years.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

//serconmp.com/afu.php?zoneid=2572107