1 00:00:00,000 --> 00:00:01,680 In the last lesson, we covered 2 00:00:01,680 --> 00:00:04,549 a lot of the basics of web browser security. 3 00:00:04,549 --> 00:00:07,367 In this lesson, we're going to go a bit more in depth 4 00:00:07,367 --> 00:00:09,219 and talk about some additional concerns 5 00:00:09,219 --> 00:00:11,789 that you need to think about within your organization 6 00:00:11,789 --> 00:00:14,542 when we start talking about web browser security. 7 00:00:14,542 --> 00:00:17,160 And the first one is cookies. 8 00:00:17,160 --> 00:00:18,744 Cookies are text files that are placed 9 00:00:18,744 --> 00:00:20,944 on a client's computer to store information 10 00:00:20,944 --> 00:00:22,683 about the user's browsing habits, 11 00:00:22,683 --> 00:00:24,725 their credentials, and other data. 12 00:00:24,725 --> 00:00:27,395 Cookies are used for authentication into websites, 13 00:00:27,395 --> 00:00:29,960 session tracking, your shopping carts, 14 00:00:29,960 --> 00:00:31,423 and many other purposes. 15 00:00:31,423 --> 00:00:33,395 Most organizations these days, though, 16 00:00:33,395 --> 00:00:35,107 will block the storage of cookies 17 00:00:35,107 --> 00:00:38,215 because they're concerned about privacy and security. 18 00:00:38,215 --> 00:00:41,100 You should know there are two different types of cookies, 19 00:00:41,100 --> 00:00:43,200 though, that are asked about on the exam. 20 00:00:43,200 --> 00:00:45,504 There are tracking cookies and session cookies. 21 00:00:45,504 --> 00:00:47,616 Now, a tracking cookie is usually used 22 00:00:47,616 --> 00:00:49,896 by spyware to gather details on you. 23 00:00:49,896 --> 00:00:51,744 They're trying to learn what websites you go to, 24 00:00:51,744 --> 00:00:54,176 for how long, and what type of things you click on. 25 00:00:54,176 --> 00:00:56,145 Now, session cookies, on the other hand, 26 00:00:56,145 --> 00:00:58,026 are used to keep track of users 27 00:00:58,026 --> 00:01:00,016 and their preferences and maybe even the things 28 00:01:00,016 --> 00:01:01,744 that they're putting into their shopping carts. 29 00:01:01,744 --> 00:01:03,896 This is being used not as much to track you 30 00:01:03,896 --> 00:01:06,555 but instead to maintain the connection and the session 31 00:01:06,555 --> 00:01:09,875 between you and the server versus me and the server. 32 00:01:09,875 --> 00:01:12,125 Now, many sites are realizing that cookies 33 00:01:12,125 --> 00:01:14,195 are not something that people like anymore, 34 00:01:14,195 --> 00:01:16,140 and so they're starting to migrate over 35 00:01:16,140 --> 00:01:18,376 to what's called server-side tracking instead. 36 00:01:18,376 --> 00:01:20,790 This allows them to do the same types of tracking 37 00:01:20,790 --> 00:01:22,325 for your shopping carts and things of that nature 38 00:01:22,325 --> 00:01:24,424 while allowing you to block cookies 39 00:01:24,424 --> 00:01:26,810 and not have to have them on your machine, 40 00:01:26,810 --> 00:01:28,280 because again, you might be afraid 41 00:01:28,280 --> 00:01:29,376 that your cookies are going to get stolen 42 00:01:29,376 --> 00:01:31,736 and people will get personal information about you. 43 00:01:31,736 --> 00:01:33,856 The second thing we want to cover in this lesson 44 00:01:33,856 --> 00:01:36,824 is locally shared objects, or LSOs. 45 00:01:36,824 --> 00:01:39,450 These are also known as Flash cookies, 46 00:01:39,450 --> 00:01:41,264 and they're stored in your Windows user profile 47 00:01:41,264 --> 00:01:45,584 under the Flash folder inside your roaming AppData folder. 48 00:01:45,584 --> 00:01:47,656 This is used by Adobe's Flash Player 49 00:01:47,656 --> 00:01:50,840 and it's less of an issue these days because Adobe Flash 50 00:01:50,840 --> 00:01:53,743 is being phased out in favor of HTML5. 51 00:01:53,743 --> 00:01:57,243 LSOs can be disabled within your Flash Player settings 52 00:01:57,243 --> 00:01:59,736 if you're still using Flash, and this is also found 53 00:01:59,736 --> 00:02:01,845 inside the local settings manager 54 00:02:01,845 --> 00:02:04,325 in most of today's operating systems. 55 00:02:04,325 --> 00:02:06,574 Next, we have add-ons, and add-ons 56 00:02:06,574 --> 00:02:09,117 are small browser extensions or plugins 57 00:02:09,117 --> 00:02:11,435 that'll provide you additional functionality. 58 00:02:11,435 --> 00:02:13,410 Now, there are some examples of this that 59 00:02:13,410 --> 00:02:15,624 would be things like Adobe Flash or Adobe Shockwave 60 00:02:15,624 --> 00:02:18,874 that allow you to run active content within your browser. 61 00:02:18,874 --> 00:02:21,535 You might have a browser extension for a password manager 62 00:02:21,535 --> 00:02:24,184 that will load in your password when you visit a site. 63 00:02:24,184 --> 00:02:26,949 Now, these add-ons are not necessarily bad, 64 00:02:26,949 --> 00:02:29,045 but any time you're adding additional code, 65 00:02:29,045 --> 00:02:31,675 there could be some malicious code being added. 66 00:02:31,675 --> 00:02:33,925 Or if you're downloading an untrusted add-on, 67 00:02:33,925 --> 00:02:35,870 you could be installing malicious code 68 00:02:35,870 --> 00:02:36,944 into your browser as well. 69 00:02:36,944 --> 00:02:39,524 Organizations, for this reason, most of the time, 70 00:02:39,524 --> 00:02:41,035 will block additional add-ons, 71 00:02:41,035 --> 00:02:42,342 and they try to keep their browser 72 00:02:42,342 --> 00:02:45,142 as slimmed down as possible, because that eliminates 73 00:02:45,142 --> 00:02:47,487 some of the additional issues that you might have. 74 00:02:47,487 --> 00:02:49,224 The last concern we're going to talk about 75 00:02:49,224 --> 00:02:51,235 is advanced security options. 76 00:02:51,235 --> 00:02:53,790 Every browser has a way for you to configure it 77 00:02:53,790 --> 00:02:56,020 and set the different settings you want 78 00:02:56,020 --> 00:02:57,473 for the security of your browser. 79 00:02:57,473 --> 00:03:00,939 For example, do you want to use an SSL or TLS 80 00:03:00,939 --> 00:03:02,902 to be able to make your secure connection? 81 00:03:02,902 --> 00:03:05,490 How about your local storage or cache sizes? 82 00:03:05,490 --> 00:03:07,224 How big or small do you want those to be? 83 00:03:07,224 --> 00:03:08,835 Do you want your browsing history to be kept 84 00:03:08,835 --> 00:03:10,976 or deleted once you turn off the browser? 85 00:03:10,976 --> 00:03:12,670 Each of these things are things 86 00:03:12,670 --> 00:03:14,205 you can configure through the browser 87 00:03:14,205 --> 00:03:16,673 through its own tool and through group policy. 88 00:03:16,673 --> 00:03:19,393 I'm going to show you both of these in the next lesson.