25-08-2017, 09:32 PM
Browser Security
Browser Security.pdf (Size: 951.72 KB / Downloads: 14)
INTRODUCTION
The initial design of internet and web protocols assumed an environment where
servers, clients, and routers cooperate and follow standard protocols except for unintentional
errors. However, as the amount sensitivity of usage increased, concerns about security, fraud
and attacks became important. In particular, since currently internet access is widely available,
it is very easy for attackers to obtain many client (and even host) connections and addresses,
and use them to launch different attacks, both on the networking itself and on other hosts and
clients. Today's attackers are more likely to host their malicious files on the web. They may
even update those files constantly using automated tools. When you are surfing the Internet, it
is easy to visit sites you think are safe but are not. These sites can introduce malware when you
click the site itself, when you download a file from the site manually and install it, or worse,
when you are conned into believing the site you are visiting is a real site, but in fact is nothing
more than a fake used to garner your personal information.
From a network security perspective, a browser is essentially a somewhat controlled
hole in your organization’s firewall that leads to the heart of what it is you are trying to
protect. While browser designers do try to limit what attackers can do from within a browser,
much of the security relies far too heavily on the browser user, who often has other interests
besides security. There are limits to what a browser developer can compensate for, and
browser users will not always accept the constraints of security that a browser establishes
WEB BROWSER
Web browsers, often referred to just as browsers, are software applications used to
locate and display Web pages on the World Wide Web. While this is the most popular usage,
browsers can also be used to access and view content on a private or local network as well.
Most, but not all browsers are graphical browsers, which mean that they can display graphics
as well as text. In addition, most modern browsers can present multimedia information,
including sound and video, though they require plug-ins for some formats.
. WHY BROWSER SECURITY?
The web browser is the primary connection to the rest of the internet, and multiple
applications may rely on the browser, or elements within the browser, to function. This makes
the security settings within the browser even more important. Many web applications try to
enhance the browsing experience by enabling different types of functionality, but this
functionality might be unnecessary and may leave you susceptible to being attacked. The
safest policy is to disable the majority of those features unless you decide they are necessary.
If you determine that a site is trustworthy, you can choose to enable the functionality
temporarily and then disable it once you are finished visiting the site. While every application
has settings that are selected by default, you may discover that the browser also has predefined
security levels that you can select. For example, Internet Explorer offers custom settings that
allow you to select a particular level of security; features are enabled or disabled based on the
selection. Even with these guides, it is helpful to have an understanding of what the different
terms mean so that you can evaluate the features to determine which settings are appropriate
for you.
SECURITY VERSUS USABILITY
Usability and security have long been at odds with each other in software design The
browser is no exception to that rule. When browsing the Web or downloading files the user
constantly needs to make choices about whether to trust a site or the content accessed from that
site. Browser approaches to this have evolved over time—for example, browsers used to give
a slight warning if you accessed a site with an invalid HTTPS certificate; now most browsers
block sites with invalid certificates and make the user figure out how to unblock them. Similar
approaches are taken with file downloads. Internet Explorer tends to ask the user several
times before opening a downloaded file, especially if the file is not signed. Prompting the
user for actions that are legitimate most of the time often creates user fatigue, which makes the
user careless in walking the tightrope between software with a ―reasonable but not excessive‖
security posture and a package that is either too open for safety or too closed to be useful.
Most browsers today have evolved from the ―make the user make the choice‖ model to the
―block and require explicit override action‖ model.
1. CONCLUSION
Browsers are at the heart of the Internet experience, and as such they are also at the
heart of many of the security problems that plague users and developers alike. As the
sensitivity of internet usage increased concerns about security, fraud and attacks became
important. There are limits to what a browser developer can compensate for, and browser users
will not always accept the constraints of security that a browser establishes. Attack and
defense strategies are coevolving, as are the use and threat models. As always, anybody can
break into anything if they have sufficient skill, motivation and opportunity. The job of
browser developers, network administrators, and browser users is to modulate those three
quantities to minimize the number of successful attacks.