Home SecurityOS Security How to lock down enterprise web browsers

How to lock down enterprise web browsers

by ethhack

Browsers. You can’t use the Internet without them, but they introduce insecurity and instability to the computing environment. Browsers are the operating system of cloud computing and protecting them will become more and more important.

Just last week, Google came out with patches to fix zero-day vulnerabilities with Chrome. As Kaspersky noted in its blog, “The attack leverages a waterhole-style injection on a Korean-language news portal. A malicious JavaScript code was inserted in the main page, which in turn loads a profiling script from a remote site.” The attack determined what browser version and operating system the victim is running. Like many attacks, the goal was to gain persistence on the computer. In this case the malware installs tasks in Windows Task Scheduler.

Both the new Microsoft browser, based on Edge, and the existing Chrome browser will suffer from increasing targeted attacks and zero-day vulnerabilities. You need to look at your user base and determine if their roles and actions put them at increased risks. For highly sensitive machines, you might want to take drastic actions and lock down the browser.

Actions to take include disabling JavaScript in a browser or considering plug-ins and browser scanning tools to help you keep your user base safe.

How to disable JavaScript in a browser

To disable JavaScript in Chrome, select Menu (the three vertical dots on the far upper right of the browser) -> Settings -> Advanced -> Privacy and Security -> Site Settings. Under “Permissions” look for “JavaScript”. Toggle the setting to “Blocked”.

Copyright © 2019 IDG Communications, Inc.

Source link

Related Articles

Leave a Comment