8 Must-have Features of a Secure Browser (2)

Posted by Gerd Meissner

Feb 7, 2017

Illustration: Empty Canvas - 8 Must-have Features of a Secure Browser (2)SECURITY

Regular browsers, such as the one that came with your PC or mobile device, are leaking data on the internet like a sieve. The inherent vulnerabilities of the local browser model allow criminal hackers to infiltrate computers and steal or manipulate data.

Firewalls or antivirus software provide little or no protection against modern attackers and their tools. Browser add-ons, plugins and extensions promising “extra” security and privacy cannot be trusted. Their makers were even caught selling out private user data.

Because the “traditional” browser architecture is inherently unsafe and promoting data leakage,  a new generation of secure browsers has been developed for security-conscious companies and consumers.

Not all supposedly “secure” browsers are equal, and some are not secure at all. How can you tell the difference?

In this second part of “8 Must-Have Features of a Secure Browser” (read Part 1 here), we examine another four features and capabilities your browser must have to deserve the label “secure” for business or personal use.

*

5. A secure browser enables control over data exchange between websites through copy/paste

Did you know? Regular browser’s mundane clipboard function - certainly not the most exciting feature, attracting attention only when it stops working - is among the favorite tools of data thieves for exfiltrating sensitive information.

There are mainly three ways this can happen:

  • A common method is that someone with (temporary) access to a computer steals confidential information from internal documents or from a web app they have privileged access to.

    The copy-and-paste feature comes in handy here, because it allows the perpetrator to transfer data to an external web form or webmail service opened for that purpose in another tab.

    In the banking industry, for example, criminal insiders have used this method to exfiltrate customer credentials and account information from their employer’s IT system.

  • Attackers can also exploit the clipboard function of regular browsers from the outside. They plant exploit kits to harvest clipboard data, or target software developers and system administrators to dupe them into executing malicious code on machines to which the victims hold privileged access.

    The latter is accomplished with a ready-to-copy snippet of some seemingly useful programming code. Such snippets are offered to webmasters or software developers via malicious download pages.

    The snippets carry a hidden payload, an executable command string that inserts itself from the clipboard and goes to work from the command prompt of an open terminal window. This allows the attacker to take full control of the server the developer is working on.

  • On computers that are accessible to the public - think hotel business centers or public libraries -  the browser clipboard provides crooks with another opportunity.

    Data thieves who press the CTRL-C / CTRL-V key combination or click “insert from clipboard” are frequently rewarded with an online banking or email password belonging to the last person who used that computer, courtesy of the clipboard feature.

    They can then identify the app that password was used for simply by checking the browser history. Like city hustlers who push the “coin return” button first on any vending machine they use, most online scammers make a habit of hitting “insert from keyboard” first when using a public computer.

Why it is important:

Admin control over how cut-and-paste works in the browser helps minimize the risk of data loss and data theft. This feature is a security must-have for organizations where employees handle intellectual property (IP) and other sensitive data, like customers’ financial information, on the same computer that they use to access the web.

Blocking access to a range of external apps or websites does not sufficiently minimize the risk of data exfiltration. External web forms created for the purpose of siphoning away valuable data from the inside can live in hidden directories of - hacked - legitimate servers that are not blacklisted.

Illustration: Start from an empty canvas - that's how to launch new web sessions. - 8 Must-have Features of a Secure Browser

For a browser to deserve the label “secure,” users or IT administrators should be able to configure which internal and external resources the browser clipboard can access, inbound and outbound. They should also be able to control which types of content the browser is permitted to handle (see also Part 1: The secure browser should let users or admins control content by type).

*

6. A secure browser allows for safe storing of limited profile information

A browser built with both ease-of-use and human imperfections in mind will provide a more secure web experience for its users.

Case in point: weak, unprotected or re-used passwords still pose the biggest threat to data security (check out this recent blog post on how to create better, more secure passwords).

A secure browser should provide a method to overcome the vulnerabilities commonly associated with the password approach to guarding access to protected resources.

Users need to be able to easily store and retrieve profile information that is essential for new web sessions. Ideally, the secure browser removes all temptation to fall back on non-secure “shortcuts” - like reusing the same (weak) password for more than one service.

Stored profile information should include:

  • the level of user privileges (including “guest”) on devices that more than one person can access
  • users’ preferred local or remote devices such as printers, and
  • shortcuts to frequently used web apps associated with the user’s profile, including a secure form autofill function and password manager that frees the user from the repetitive task of filling in login form data.

Where users can access their browser based on a remotely stored user profile, that browser should allow them to set a “trust level” for the computer or mobile device from which they are launching a web session.

Examples: A notebook computer that can only be accessed by the account owner could be labeled “trusted,” as opposed to a desktop computer in a hotel business center, which should be set to “not trusted.” The latter would automatically invoke added security settings.

Why it is important:

Just recently, form autofill exploits impacting major browsers have highlighted risks associated with profile features in regular browsers.

Browser Form Autofill Demo Animation (Bleeping Computer)

Source: Autofill Profiles Can Be Abused for Phishing Attacks (Bleeping Computer)

The capability to securely store and retrieve limited user profile information significantly improves the user’s protection against hacking and malware attacks, as well as against privacy violations due to negligence or human error.

Such secure browser features, especially when combined with password manager capabilities, empower users to handle login information more safely.

This provides additional protection, for example under time pressure and while accessing the internet on a computer that is accessible for more than one user. When users log in under such conditions, they will not be tempted to use the clipboard (see 5.) during the login procedure or to store complex passwords in unencrypted online documents and sticky notes.

The security gains for large organizations are even bigger. With remotely configured secure browser profiles and credential management, organizations can centrally control and coordinate employees’ access to the web, as well as provision resources on the network and web-based app accounts to individual users or groups.

This capability helps to prevent IT security risks commonly associated when employees switch to another team or leave the company. Centrally managed secure browsers enable IT admins to re-assign or revoke access without delay.

*

7. A secure browser provides temporary or virtual storage for arm’s-length file manipulation

When you are - intentionally or unintentionally - downloading or accessing documents, including image files, from the web directly to your computer using a regular browser, you are putting your computer and local network at risk.

Local browsers are not secure. They can be duped into processing a hidden payload of malicious code (see Part 1.3 of this post) in such files.

Two typical examples:

  • Most exploit kits that install ransomware on the local computer infiltrate the IT system this way. The ransomware then proceeds to encrypt valuable files and prompt the user to pay a ransom to regain access to the data.

  • Spyware also spreads by exploiting the inherent vulnerabilities of non-secure browsers. When users access infected Microsoft Office documents, or even compressed image files, with a non-secure browser, malicious code can be fetched, installed and run from a remote server on the local computer.

Some file formats are more suspicious than others - Word documents come to mind, PDF documents, or the notorious Flash file format. Unfortunately, locally installed anti-virus software cannot be counted on to trigger an alarm or neutralize the malware

AV software can even increase the risk of a malware infection, as researchers at the Concordia University in Quebec, Canada, have demonstrated. To deserve the label “secure,” a browser should provide a method to prevent possible contaminated files from ever touching the local computing environment.

Why it is important:

Temporary or virtual file storage options in the cloud strengthen browser security through a remote buffer zone. They add what can be compared to the decontamination chamber in a nuclear power plant.

Before maintenance workers are allowed to leave the reactor room, they have to remove their clothes and take a shower. Only when the dosimeter indicates that all residue containing radiation has been removed, they can enter the outer “vital area,” the control zone surrounding the core.

Think of the temporary or virtual file storage as a decontamination chamber for the internet. It provides users with airtight protection when they handle - potentially contaminated - files downloaded from a website or cloud service.

A secure browser allows users to view, copy, print, rename such files “at arm’s-length” and prevent them from contaminating the local computer.

It enables users to conveniently store them in the remote “safe zone,” or to examine suspicious files and neutralize them - through file conversion, for example - before downloading and storing them locally, should that become necessary.

Research shows that such a safety buffer isn’t just a “nice-to-have,” but has become a necessity. It proves that traditional antivirus software, the single solution most consumers and companies relied on for protection against web-borne threats from compromised files, is not up to the task.

What’s worse, antivirus software has been found to make the local computer more vulnerable to such exploits. This leaves the user with one last line of defense against such web-borne threats - the secure browser.

Bottom line: Without temporary or virtual file storage, a modern browser cannot be called “secure.”

*

8. A secure browser supports authentication service integration for access to browser and web resources

Any extra step required from the individual user to obtain authorization to access browser resources adds complexity - and new risks.

Asking users to enter their credentials at critical turns - be it to save files to a local network directory, or be it to access a “risky” resource on the web, such as an online shopping site - will harm productivity. What's even worse, it will lead users to cut corners, for example by sharing passwords or reusing them on multiple sites.

One way out of this dilemma is integrating the browser with a standardized commercial authentication system, such as Google’s Single-Sign-On service or the Active Directory service for Microsoft networks. A secure browser should support integration and synchronization with trusted identity services.

Why it is important:

Once launched, a secure browser should not require further - confusing - authentication steps, which would put the user at risk.

Instead, it needs to allow for verifying user identity, access privileges and permissions at the beginning of each web session.

One of the most significant IT security gains from this benefits larger organizations. A secure browser for business use in the enterprise should sync up with authentication services, which allows IT admins to configure access to resources on a per-user or group level.

This integration lets the company flexibly enforce and manage its web use policies (which sites are “safe” to access at work, how should the browser handle URLs not included on the company’s whitelist or blacklist?) across the board. It also helps prevent vulnerabilities introduced where several employees share one computer.

Also, when a member of the organization switches teams or leaves, the integration with authentication services allows administrators to remove all permissions that were associated with that person’s role.

Home and small office users, on the other hand, find that browsers which seamlessly integrate with authentication services provide a faster and more secure browsing experience.

Once you are logged in, you should be immediately able to perform searches, navigate directly to sites, or click your single-sign-on links for other preferred services, like webmail, social media or cloud storage sites without having to worry about forgotten or misspelled passwords.

*

In summary, to deserve the label “secure” and in addition to the required features described in Part 1, a browser should offer clipboard control options, protected user profile settings, temporary or virtual storage for arm’s-length file manipulation, and support authentication service integration.

To prevent any malicious code from infecting your local system, the browser needs to insulate the user from web-borne threats, as well as make it intuitive and easy for the user to handle web content securely.

Many browser makers today claim their browser is secure - only to introduce dozens and dozens of new security patches and updates a few days or weeks later.

This “secure browser” bluster and bravado has become increasingly confusing for users. Little did it do to protect them better when accessing the web.

Not all so-called secure browsers are equal. Some cannot even be considered secure. We hope this shortlist of tips for how to select a secure browser for business or private use will help to clear up the confusion, and provide you with criteria to pick a product that keeps you protected on the web.

                                                                   ###

About the author: Gerd Meissner writes, edits, reviews and manages content at Authentic8.

Read in Part 1 why a secure browser should


Topics: Security