Re: web browser security/hardening

[Michael Krymson <krymson () gmail com>]

Well, if you must visit dangerous sites, you've definitely done a lot to
limit your attack surface already, more than I would say 99% of web
surfers. Be sure the weakest part of security, yourself, remains
vigilant and do not run programs from any of those sites, nor supply
personal information. Never reuse any usernames, emails, or passwords
that you use for other more legitimate endeavors. It is amazing how you
can glean a password for someone from a web site, and then track them
around using Google and get into other things using that one password.

In addition, cross site scripting is something the web sites you visit
need to look out for, it is not necessarily something you can prevent,
yourself...although disabling scripting anyway can thwart those attack
vectors.

But your question is what can be improved in your setup. If I were to
get really drastic, and you absolutely still need to visit these sites,
do so from a throw-away computer that has nothing else on it. Isolate it
on your network as well. Regularly re-image your machine or rebuild it.
Don't use wireless for this machine.

Again though, that's pretty darn paranoid and out there, and more effort
than most people will put in, but, it is still an improvement.


sun sadm wrote:
> Hi colleague
>
> Because I visit dangerous and dirty pr0n sites (like every male
> person) I locked down my Web Browser on Fedora Core 5
>
> Information available from my local Web Browser (tested by
> showmyip.com): User-Agent, wrong Time stamp, Languages
> All other Information were filtered by Privoxy
>
> I use a Mozilla Firefox (which is updated by Fedora's "yum") with the
> plug in "noscript"
> - don't allow Java (it means no program can bypass sandbox restrictions)
> - allow JavaScripts very seldom from trusted sites
> - delete all cookies with closing browser
> - no auto download of file and no auto install of plug ins
> - never us auto remember of passwords, I use always fake addresses
> - disable ads
>
> Because of low performance I don't use onion routing with TOR
>
> Am I secure from common Web Attacks like Cross-Site Scripting,
> malicious scripting, active content, Spoofing (called Phising)?
> What would you improve in my setup?
>
> Nico
>
> ---------------------------------------------------------------------------
>
> This list is sponsored by: Norwich University
>
> EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
> The NSA has designated Norwich University a center of Academic
> Excellence in Information Security. Our program offers unparalleled
> Infosec management education and the case study affords you unmatched
> consulting experience. Using interactive e-Learning technology, you
> can earn this esteemed degree, without disrupting your career or home
> life.
>
> http://www.msia.norwich.edu/secfocus
> ---------------------------------------------------------------------------


---------------------------------------------------------------------------
This list is sponsored by: Norwich University

EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The NSA has designated Norwich University a center of Academic Excellence 
in Information Security. Our program offers unparalleled Infosec management 
education and the case study affords you unmatched consulting experience. 
Using interactive e-Learning technology, you can earn this esteemed degree, 
without disrupting your career or home life.

http://www.msia.norwich.edu/secfocus
---------------------------------------------------------------------------