Network Security

Time for a mid-year browser security check

Time for a mid-year browser security check
Written by ga_dahmani
Time for a mid-year browser security check

We’re halfway through 2022, and when it comes to safety, I feel like we’re not making much headway. I still see people reporting that they are regularly scammed, ransomed, and attacked, and for many users, the browser is becoming the most important part of whatever platform they use. So now is a good time to check your browsers and any extensions you have installed to tighten security.

note i said browsers -plural. While businesses may want to standardize on a single browser for better control, for small businesses and individual users I recommend installing more than one. (I often use three different browsers).

Why is this important? Because attackers (and trackers) go after browsers. In fact, it’s good to think of your browser as a separate operating system and act accordingly to protect it. Although I focus primarily on Windows issues, these guidelines and recommendations apply to Mac OS, Ubuntu, Mint, and others.

Basically, every browser should be checked for extra protection against malicious sites and ads. On platforms like macOS, you’ll need to focus on the protections in Chrome, Firefox, or WaterFox; if you’ve standardized on Safari, you’ll need to use guard.

Even now, I see malicious banner ads in rotation. If you don’t have endpoint protection or something similar, you can better protect yourself by implementing something like Origin of uBlockthat blocks ads and unwanted content.

be aware of uLock and uBlock Origin are two different products, the latter being a fork of the former. They are kept separately. I recommend uBlock Origin, which you can install and deploy as a standalone extension. Once installed, you can whitelist sites that you will allow and adjust other settings as needed. If you are new to ublock you can leave the defaults alone or review these posts for recommended settings. You can also click on the extension icon in your browser and select “Filter Lists”.

By default, some filters are already enabled, although you can more seriously crash your browser by enabling all of them. Then, in another browser, leave the defaults alone for a more forgiving approach to browsing.

In a network configuration, you can go through the same process and use PowerShell or Group Policy to deploy the configuration to your entire network. While I’m specifically targeting Chrome, most major browsers work similarly. To deploy using Group Policy in Chrome, you need to download the Google Group Policy ADMX Templates and place them in the central policy store. Edit your Google Chrome GPO and go to Computer Configuration. Then go to Policies>Administrative Templates>Google>Google Chrome>Extensions. Enable the “Configure the list of forced installation applications and extensions” setting and make sure to link your group policy to an organizational unit that contains authenticated users or Domain computers as security filtering. If you prefer to test this before a full deployment, set up a specific security test group.

It’s a good idea to test uBlock first rather than implement it widely; you may need to exclude a website. Invariably, you will need to whitelist a website using group policy tools. To do so, follow the instructions on unfoldhappiness.

As they point out:

In your Chrome GPO, go to Computer Configuration\Preferences\Windows Settings\Logging and create a new logging preference. Leave the action type as Update. In the preference, set the following:

Hive: HKEY_LOCAL_MACHINE

Key Path: Software\Policies\Google\Chrome\3rdparty\extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm\policy

Value Name:adminSettings

Value type: REG_SZ

Value Data: {“autoUpdate”:true,”netWhitelist”:”about-scheme\nbehind-the-scene\nchrome-extension-scheme\nchrome-scheme\nlocalhost\nloopconversation.about-scheme\nopera-scheme\nWHITELISTWEBSITE. com “}

This value data has the default exclusions plus WHITELISTWEBSITE.com as an allowed website. Be sure to change the last value (WHITELISTWEBSITE.com) to the website that needs to be whitelisted. Websites should always be preceded by \n . If I were to add a second website, the value data would look like this:

{“autoUpdate”:true,”netWhitelist”:”about-scheme\nbehind-the-scene\nchrome-extension-scheme\nchrome-scheme\nlocalhost\nloopconversation.about-scheme\nopera-scheme\nWHITELISTWEBSITE.com\nSECONDWEBSITE. com”}

These changes will be active after a GPU update and after a new Chrome browser session starts. If you prefer to implement the solution using PowerShell, you can do so in a similar fashion to group policy.

You may have to be a bit more adventurous with Chrome, Firefox, or Waterfox on the Mac platform. If you’re in an enterprise with macOS workstations, you may need to use their remote tools or write instructions that tell your users how to manually deploy protections if you don’t have management tools for your Apple hardware.

You can also add third-party external websites that include filter lists. Examples of external lists Please include the following:

https://easylist.to/*
https://*.fanboy.co.nz/*
https://filterlists.com/*
https://foros.lanik.us/*
https://github.com/*
https://*.github.io/
https://*.letsblock.it/*

Note that the probability of page breakage increases with the addition of more filter lists. Therefore, always test on a sample configuration before deploying to your network.

Attackers know that the browser is one of the ways they can gain access to computers and networks and steal saved usernames and passwords. If you make sure your browser is as secure as possible, perhaps the second half of 2022 won’t be as fraught with danger as the first part of the year has been.

Copyright © 2022 IDG Communications, Inc.

About the author

ga_dahmani

Leave a Comment