Home > Security > End user security for web browsing

End user security for web browsing


Someone asked me, earlier this week, how to setup a “very secure Fedora 16…” system for a user that mostly surfs the web and uses email.  Instead of responding directly to that user I’m writing this in order to get others to comment and provide additional information that I may not think about as I’m writing this.  Generally speaking, however, I think this would be a short list of things to do:

  • Remove unused packages.  Software packages that are unused on your system may introduce unwanted access into your system through an unpatched bug.  More software packages also means more packages to update/maintain.
  • Use the latest version of your web browser.  Web browser makers provide updates to their supported versions of their software.  If you are using an older version of your web browser then you may not be protected from all vulnerabilities.
  • Use HTTPS whenever possible.  When you use HTTPS instead of HTTP when surfing the web, the connection between you and the web server is encrypted.  If you use the Firefox browser then you can use the HTTPS Everywhere plug-in that will automatically change HTTP to HTTPS on many pages that the plug-in knows about.
  • Don’t use the same password for all of your online accounts.  If one of your accounts gets compromised then all of your online accounts could get become compromised.  Use a password manager to store your passwords so you can use long, complex passwords and not have to remember them.  Firefox has a password manager built-in.
  • Use SE Linux.  SE Linux helps keep your system secure by using mandatory access controls.  This will keep any rouge code from gaining too much access and doing too much damage.

This is a short list and I’ll probably add onto it.  Anyone have anything else to add?

Advertisements
Categories: Security
  1. Frederik Hertzum
    2011-12-31 at 16:39 EST

    A few tips:
    If you use Firefox, make sure you have NoScript (or similar) installed and only allow the sites to execute javascript if you need them to do so. This is perhaps the most important thing you didn’t mention (for Firefox users).

    Also install Adblock+ (or similar); it filters out a large body of elements, some which may trigger bugs (though I don’t personally know of any such problems with Firefox — I’m sure they exist). Plus it really makes the internet feel snappy again (ads and similar is a -real- problem these days — the sheer volume of it makes my bulging workstation feel like an Atom based laptop if adblock is not active).

  2. foo
    2011-12-31 at 18:29 EST

    In your browser, disable the following things:

    WebGL
    video
    audio
    @font-face
    sending referrers
    CSS
    JavaScript
    Cookies

    Also install these:

    NoScript
    AdBlock Plus
    Cookie Monster
    Stylish
    Referrer blocker
    Perspectives/Convergence/Monkeysphere
    Cert Patrol
    Greasemonkey
    RequestPolicy

    Force these on:

    OCSP
    Privacy mode
    Do not track me mode

    You probably also want to use a browser that sandboxes the rendering processes.

  3. 2012-01-01 at 16:32 EST
  1. No trackbacks yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s