1 00:00:00,880 --> 00:00:03,010 Web Browser Security. 2 00:00:03,010 --> 00:00:05,360 Your web browser is your gateway to the Internet 3 00:00:05,360 --> 00:00:07,430 and all of the wonders that it has, 4 00:00:07,430 --> 00:00:09,580 but it's also your gateway to the Internet 5 00:00:09,580 --> 00:00:12,400 and all of the dangers that are out there lurking for you. 6 00:00:12,400 --> 00:00:15,890 This is why web browser security is really important. 7 00:00:15,890 --> 00:00:17,280 And in our organizations, 8 00:00:17,280 --> 00:00:20,170 it's becoming more and more important everyday. 9 00:00:20,170 --> 00:00:22,140 In the old days, when I first got started, 10 00:00:22,140 --> 00:00:24,820 if there was a custom application that need to be built, 11 00:00:24,820 --> 00:00:26,800 a company would hire a software firm 12 00:00:26,800 --> 00:00:28,010 and they would create something 13 00:00:28,010 --> 00:00:30,300 specifically for the Windows operating system 14 00:00:30,300 --> 00:00:32,560 that we could use inside our organization. 15 00:00:32,560 --> 00:00:34,470 Those days are pretty much gone. 16 00:00:34,470 --> 00:00:38,020 Instead, most people are going to use web apps instead, 17 00:00:38,020 --> 00:00:40,220 and this allows us to do quicker deployment 18 00:00:40,220 --> 00:00:42,490 as well as cross-platform functionality 19 00:00:42,490 --> 00:00:45,930 because it'll work on either Linux, Mac, or Windows, 20 00:00:45,930 --> 00:00:49,400 but it does rely on having a good secure web browser, 21 00:00:49,400 --> 00:00:51,730 so it makes this lesson even more important 22 00:00:51,730 --> 00:00:53,410 when your company uses web apps. 23 00:00:53,410 --> 00:00:56,830 So, how do we ensure that our web browser is secure? 24 00:00:56,830 --> 00:00:59,300 The first thing you need to do is ensure your web browser 25 00:00:59,300 --> 00:01:02,280 is always up-to-date with the latest security patches. 26 00:01:02,280 --> 00:01:05,090 If an attacker has found a way to exploit a browser, 27 00:01:05,090 --> 00:01:07,840 you know that the manufacturer is going to figure that out, 28 00:01:07,840 --> 00:01:09,120 create a security patch, 29 00:01:09,120 --> 00:01:11,120 and deploy it out into the environment. 30 00:01:11,120 --> 00:01:14,010 For us, that means we want to get that patch tested 31 00:01:14,010 --> 00:01:16,250 and then install it throughout our network. 32 00:01:16,250 --> 00:01:18,100 But when you're installing these patches, 33 00:01:18,100 --> 00:01:20,060 I want you to remember, I said the patches. 34 00:01:20,060 --> 00:01:21,430 I don't want you to jump on 35 00:01:21,430 --> 00:01:23,980 and be the first to upgrade to a new browser, 36 00:01:23,980 --> 00:01:26,010 instead, let other people upgrade 37 00:01:26,010 --> 00:01:28,120 to the newest browser immediately 38 00:01:28,120 --> 00:01:29,020 while they can figure out 39 00:01:29,020 --> 00:01:30,900 what all the bugs are and the issues, 40 00:01:30,900 --> 00:01:34,060 while you're staying on a nice stable browser. 41 00:01:34,060 --> 00:01:35,360 What do I mean by this? 42 00:01:35,360 --> 00:01:38,560 Well, for example, let's say there was Internet Explorer 11, 43 00:01:38,560 --> 00:01:41,130 and there's all these security bugs in Internet Explorer 11, 44 00:01:41,130 --> 00:01:42,880 there's patches that have been released, 45 00:01:42,880 --> 00:01:44,770 those are good, you want to get those, 46 00:01:44,770 --> 00:01:46,900 test those, and install those in your network. 47 00:01:46,900 --> 00:01:49,670 But if they decide to jump up to version 12, 48 00:01:49,670 --> 00:01:51,930 you want to let that go out for a little while 49 00:01:51,930 --> 00:01:53,540 into the open market first 50 00:01:53,540 --> 00:01:55,740 before deploying that in your organization 51 00:01:55,740 --> 00:01:58,580 because new browsers tend to be a little bit more buggy 52 00:01:58,580 --> 00:02:00,370 and they're not very stable. 53 00:02:00,370 --> 00:02:01,203 So, we want to make sure 54 00:02:01,203 --> 00:02:02,970 that we have something stable and reliable, 55 00:02:02,970 --> 00:02:05,130 and let other people be out on the bleeding edge 56 00:02:05,130 --> 00:02:06,960 with the latest technology. 57 00:02:06,960 --> 00:02:08,560 Now, the next thing we want to look at 58 00:02:08,560 --> 00:02:10,170 is updating our browsers. 59 00:02:10,170 --> 00:02:11,950 Whenever you're going to update your browser, 60 00:02:11,950 --> 00:02:13,900 if you're doing it in a home environment, 61 00:02:13,900 --> 00:02:16,520 you're probably going to be doing this through Windows Update. 62 00:02:16,520 --> 00:02:18,240 You're going to get the latest security patches 63 00:02:18,240 --> 00:02:19,850 and install them on your machine. 64 00:02:19,850 --> 00:02:21,520 But if you're going to be doing this 65 00:02:21,520 --> 00:02:23,130 in an enterprise environment, 66 00:02:23,130 --> 00:02:24,170 you're more likely going to be 67 00:02:24,170 --> 00:02:25,990 downloading that patch separately, 68 00:02:25,990 --> 00:02:27,180 testing it in your lab, 69 00:02:27,180 --> 00:02:28,200 and then deploying it 70 00:02:28,200 --> 00:02:30,210 through your patch management system. 71 00:02:30,210 --> 00:02:32,780 Either way, you do want to make sure that your web browsers 72 00:02:32,780 --> 00:02:34,600 are getting those security fixes though, 73 00:02:34,600 --> 00:02:37,010 they are really important to have. 74 00:02:37,010 --> 00:02:38,890 The other question I get a lot from students 75 00:02:38,890 --> 00:02:41,820 is which web browser should I actually use? 76 00:02:41,820 --> 00:02:43,540 Well, this is a great question. 77 00:02:43,540 --> 00:02:44,870 And a lot of it comes down 78 00:02:44,870 --> 00:02:46,570 to the needs of your organization, 79 00:02:46,570 --> 00:02:48,320 the sites that you're actually using, 80 00:02:48,320 --> 00:02:50,180 and the operating system you're using, 81 00:02:50,180 --> 00:02:53,360 because some browsers are only on certain operating systems. 82 00:02:53,360 --> 00:02:57,150 For example, you can't get Internet Explorer on a Macintosh, 83 00:02:57,150 --> 00:03:00,020 but you also can't get Safari on a Linux machine. 84 00:03:00,020 --> 00:03:01,410 They just don't exist there. 85 00:03:01,410 --> 00:03:03,270 And there's a lot of different browsers out there, 86 00:03:03,270 --> 00:03:06,180 and so it really depends on which one you like best. 87 00:03:06,180 --> 00:03:09,140 Some corporate websites are only made and supported 88 00:03:09,140 --> 00:03:10,840 for a single type of browser. 89 00:03:10,840 --> 00:03:13,290 For example, I worked with one large corporation 90 00:03:13,290 --> 00:03:15,010 where all of their web apps were developed 91 00:03:15,010 --> 00:03:17,330 that they only supported Internet Explorer. 92 00:03:17,330 --> 00:03:18,630 I've worked with other corporations 93 00:03:18,630 --> 00:03:20,580 that don't support Internet Explorer at all, 94 00:03:20,580 --> 00:03:23,480 and instead they have to use something like Firefox. 95 00:03:23,480 --> 00:03:26,460 Whether you're going to use Opera, Firefox, Safari, 96 00:03:26,460 --> 00:03:29,210 Internet Explorer, or Google Chrome really does depend 97 00:03:29,210 --> 00:03:32,010 on the operating system you have and your needs. 98 00:03:32,010 --> 00:03:34,350 If your company is running a Windows environment, 99 00:03:34,350 --> 00:03:35,620 you're probably already going to have 100 00:03:35,620 --> 00:03:38,520 Internet Explorer and Edge installed by default, 101 00:03:38,520 --> 00:03:42,000 but you could install Chrome or Firefox in addition to that 102 00:03:42,000 --> 00:03:43,560 if your company allows. 103 00:03:43,560 --> 00:03:45,220 If you're using a Mac system, 104 00:03:45,220 --> 00:03:47,130 you're going to have Safari by default. 105 00:03:47,130 --> 00:03:49,040 But again you can install Chrome 106 00:03:49,040 --> 00:03:51,290 or Firefox if you like as well. 107 00:03:51,290 --> 00:03:53,120 Personally, I like Chrome. 108 00:03:53,120 --> 00:03:54,290 It's cross-platform, 109 00:03:54,290 --> 00:03:56,820 it works on Windows, Mac, and Linux, 110 00:03:56,820 --> 00:03:57,860 and it allows you to get 111 00:03:57,860 --> 00:04:00,230 a lot of frequent updates and patches to it, 112 00:04:00,230 --> 00:04:01,830 as well as being cross-platform 113 00:04:01,830 --> 00:04:03,530 and a pretty speedy browser. 114 00:04:03,530 --> 00:04:04,800 So, that's just my preference, 115 00:04:04,800 --> 00:04:06,460 but you can use whichever one you like 116 00:04:06,460 --> 00:04:08,630 as long as you configure it properly. 117 00:04:08,630 --> 00:04:11,360 So, with the basics of web browsers covered, 118 00:04:11,360 --> 00:04:13,370 let's talk about the four general actions 119 00:04:13,370 --> 00:04:14,670 that you should start with 120 00:04:14,670 --> 00:04:16,200 to best secure your browser, 121 00:04:16,200 --> 00:04:17,780 whichever browser you decided 122 00:04:17,780 --> 00:04:19,460 to install in your organization. 123 00:04:19,460 --> 00:04:22,340 The first one is to implement good policies. 124 00:04:22,340 --> 00:04:23,510 You want to make sure you're creating 125 00:04:23,510 --> 00:04:25,480 and implementing web browsing policies 126 00:04:25,480 --> 00:04:28,140 as either an administrative or a technical control. 127 00:04:28,140 --> 00:04:30,680 This means that you can have either a handwritten policy 128 00:04:30,680 --> 00:04:32,320 that's an administrative control 129 00:04:32,320 --> 00:04:34,380 or you can have a more technical policy 130 00:04:34,380 --> 00:04:36,500 that's implemented through a configuration file, 131 00:04:36,500 --> 00:04:39,380 a group policy, or other technical means. 132 00:04:39,380 --> 00:04:41,070 It's your organization, after all. 133 00:04:41,070 --> 00:04:42,820 You get to decide what is 134 00:04:42,820 --> 00:04:43,860 and what is not allowed 135 00:04:43,860 --> 00:04:45,110 to be added and loaded 136 00:04:45,110 --> 00:04:46,430 through your web browsers, 137 00:04:46,430 --> 00:04:47,730 not your users. 138 00:04:47,730 --> 00:04:48,970 You can decide to block things 139 00:04:48,970 --> 00:04:51,600 like Flash, ads, content filters, 140 00:04:51,600 --> 00:04:53,150 and all sorts of other things. 141 00:04:53,150 --> 00:04:55,290 Again, it's really up to you. 142 00:04:55,290 --> 00:04:57,570 The second thing is train your users. 143 00:04:57,570 --> 00:04:58,840 User training will prevent 144 00:04:58,840 --> 00:05:01,730 so many issues within your organization. 145 00:05:01,730 --> 00:05:05,460 This might be how to show people how to go to the HTTPS 146 00:05:05,460 --> 00:05:08,380 or secure website for the thing they're browsing to. 147 00:05:08,380 --> 00:05:10,240 It can show them how to close the browser 148 00:05:10,240 --> 00:05:11,670 using keyboard shortcuts 149 00:05:11,670 --> 00:05:13,580 instead of clicking the X on a pop-up, 150 00:05:13,580 --> 00:05:15,320 because sometimes the X you're trying to click 151 00:05:15,320 --> 00:05:17,280 actually does naughty things. 152 00:05:17,280 --> 00:05:19,690 And you can teach them other safe browsing habits. 153 00:05:19,690 --> 00:05:22,010 Again, user training is really important 154 00:05:22,010 --> 00:05:24,090 to the security of your organization. 155 00:05:24,090 --> 00:05:26,150 The third thing you can do to secure your browser 156 00:05:26,150 --> 00:05:28,780 is to use proxy and content filtering. 157 00:05:28,780 --> 00:05:31,130 Proxies will allow you to cache the website 158 00:05:31,130 --> 00:05:33,680 to reduce requests and the bandwidth being used. 159 00:05:33,680 --> 00:05:35,690 So, instead of having to go all the way out to the Internet 160 00:05:35,690 --> 00:05:37,240 to pull a copy of that website, 161 00:05:37,240 --> 00:05:39,890 you'll instead pull it from the local proxy. 162 00:05:39,890 --> 00:05:40,723 The other thing you can do 163 00:05:40,723 --> 00:05:43,320 is enabling yourself a content filter. 164 00:05:43,320 --> 00:05:44,680 Content filters can be used 165 00:05:44,680 --> 00:05:46,620 to blacklist specific websites 166 00:05:46,620 --> 00:05:49,050 or entire categories of websites. 167 00:05:49,050 --> 00:05:50,640 One of the colleges I taught at 168 00:05:50,640 --> 00:05:52,120 had a rule that you couldn't go 169 00:05:52,120 --> 00:05:54,040 to any gambling websites for instance, 170 00:05:54,040 --> 00:05:55,730 which kind of makes sense because at college 171 00:05:55,730 --> 00:05:57,600 you don't need to go and do gambling 172 00:05:57,600 --> 00:05:59,210 when you're trying to learn something. 173 00:05:59,210 --> 00:06:00,980 Your business can do the same thing. 174 00:06:00,980 --> 00:06:02,340 I've been in some organizations 175 00:06:02,340 --> 00:06:03,960 that will block social media 176 00:06:03,960 --> 00:06:04,880 because they want to make sure 177 00:06:04,880 --> 00:06:07,310 their employees are on task and on target 178 00:06:07,310 --> 00:06:09,860 as opposed to going and wasting time at work. 179 00:06:09,860 --> 00:06:11,020 Whatever your decision is, 180 00:06:11,020 --> 00:06:13,080 you can blacklist those specific sites 181 00:06:13,080 --> 00:06:14,800 or entire categories of sites 182 00:06:14,800 --> 00:06:17,090 using a good content filter. 183 00:06:17,090 --> 00:06:18,700 The fourth and final thing you can do 184 00:06:18,700 --> 00:06:21,260 is to prevent malicious code from being loaded. 185 00:06:21,260 --> 00:06:23,540 How do you prevent malicious code from being loaded? 186 00:06:23,540 --> 00:06:25,310 Well, you're going to configure your browser 187 00:06:25,310 --> 00:06:28,300 to prevent ActiveX controls, Java applets, 188 00:06:28,300 --> 00:06:31,270 JavaScript, Flash, and other active content 189 00:06:31,270 --> 00:06:33,840 from being downloaded and run on your machine 190 00:06:33,840 --> 00:06:35,210 through your web browser. 191 00:06:35,210 --> 00:06:36,730 If you do these four things, 192 00:06:36,730 --> 00:06:37,870 you'll be well on your way 193 00:06:37,870 --> 00:06:39,470 to having a more secure browser.