Time for a mid-year browser security check

Credit to Author: Susan Bradley| Date: Mon, 27 Jun 2022 09:24:00 -0700

We’ve reached the mid-point of 2022 and when it comes to security, I feel like we’re not making much headway. I still see people report they’re getting scammed, ransomed, and attacked on a regular basis — and for many users the browser is becoming the most important part of whatever platform you use. So now is a good time to review your browsers, and any extensions you’ve installed to beef up security.

Note, I said browsers —plural. While enterprises might want to standardize on only one browser for better control, for small businesses and individual users, I recommend installing more than one. (I often use three different browsers.)

Why is this important? Because attackers (and trackers) go after browsers. In fact, it’s good to think of your browser a separate operating system, and act accordingly to protect it. Though I focus mainly on Windows issues, these guidelines and recommendations apply to Mac OS, Ubunto, Mint, and others.

Basically, every browser should be reviewed for additional protection against malicious sites and ads. On platforms such as macOS, you will need to focus on Chrome, Firefox, or WaterFox protections; if you’ve standardized on Safari, you will need to use Adguard.

Even now, I see malicious banner ads in rotation. If you don’t have endpoint protection or something similar, you can better protect yourself by deploying something like uBlock Origin, which blocks ads and unwanted content.

Be aware that uBlock and uBlock Origin are two different products, with the latter being a fork of the former. They’re separately maintained. I recommend uBlock Origin, which you can install and deploy as a standalone extension. Once it’s installed, you can then build whitelists of sites that you will allow and adjust other settings as needed. If you are new to ublock, you can leave the defaults alone, or review these posts for recommended settings. You can also click on the extension icon in your browser and select “Filter lists.”

By default, some filters are already enabled, though you can more seriously lock down your browser by enabling them all. Then, on another browser, leave the defaults alone for a more lenient approach to surfing.

In a network setting, you can go through the same process and use PowerShell or Group policy to deploy the settings throughout your network. While I’m specifically focused on Chrome, most major browsers work similarly. To deploy using Group policy to Chrome, you need to download the Google group policy ADMX templates and place them in the central policy store. Edit your Google Chrome GPO and navigate to Computer Configuration. Then go to Policies>Administrative Templates>Google>Google Chrome>Extensions. Enable the “Configure the list of force-installs apps and extensions” setting and ensure you link your group policy to an organizational unit that contains authenticated users or Domain computers as a security filtering. If you prefer to test this out before a full deployment, set up a specific security testing group.

It’s a good idea to test uBlock first rather than deploying it widely; you may find that you need to exclude a web site. Invariably you will need to whitelist a website using group policy tools. To do so, follow the guidance at deployhappiness.

As they note:

In your Chrome GPO, navigate to Computer ConfigurationPreferencesWindows SettingsRegistry and create a new registry preference. Leave the Action type at Update. In the preference, set the following:

Hive: HKEY_LOCAL_MACHINE

Key Path: SoftwarePoliciesGoogleChrome3rdpartyextensionscjpalhdlnbpafiamejdnhcphjbkeiagmpolicy

Value name:adminSettings

Value type: REG_SZ

Value data: {“autoUpdate”:true,”netWhitelist”:”about-schemenbehind-the-scenenchrome-extension-schemenchrome-schemenlocalhostnloopconversation.about-schemenopera-schemenWHITELISTWEBSITE.com”}

This value data has the default exclusions plus WHITELISTWEBSITE.com as an allowed website. Be sure to change the last value (WHITELISTWEBSITE.com) to the website that should be whitelisted. Websites should always be preceded with a n . If you had to add a second website, the value data would look like:

{“autoUpdate”:true,”netWhitelist”:”about-schemenbehind-the-scenenchrome-extension-schemenchrome-schemenlocalhostnloopconversation.about-schemenopera-schemenWHITELISTWEBSITE.comnSECONDWEBSITE.com”}

These changes will be active after a GPU update and after a new Chrome browser sessions starts. If you’d rather deploy the solution using PowerShell, you can do so in a similar fashion to group policy.

You may have to be a bit more adventurous with Chrome, Firefox, or Waterfox on the Mac platform. If you are in an enterprise with macOS workstations, you may need to use your remote tools or type up instructions telling your users how to manually deploy the protections if you don’t have management tools in place for your Apple hardware.

You can also add third party external websites that include filter lists. Sample external lists include the following:

https://easylist.to/*
https://*.fanboy.co.nz/*
https://filterlists.com/*
https://forums.lanik.us/*
https://github.com/*
https://*.github.io/
https://*.letsblock.it/*

Note that the likelihood of page breakage increases with more filter lists added. So always test in a sample setting before deploying across your network.  

Attackers know that the browser is one of the ways they can gain access to computers and networks and steal saved user names and passwords. If you  ensure your browser is as secure as it can be, perhaps the second half of 2022 won’t be quite as fraught with danger as the first part of the year has been.

http://www.computerworld.com/category/security/index.rss