Browser Security: Threats, Solutions, and User Education
What is Browser Security?
The web browser has evolved from a mechanism for displaying text documents to the ubiquitous tool for interacting with a huge variety of online content, including rich media and dynamic web applications.
Having a single platform for handling all these various functions and media types is useful for the user, but it comes at the expense of security. The complexity of the browser exposes numerous points of weakness that an attacker can exploit.
Some of the most commonly exploited weaknesses of a web browser include weak antivirus and other defenses on the user’s device, unblocked popups, malicious redirects, unsafe plugins, DNS attacks, and unsafe use of save passwords and form data.
There are two primary avenues for preventing these threats: adopting technical solutions that can limit their impact, such as browser isolation and web filtering, and educating users to adopt safe browsing practices.
Top Browser Security Threats and How to Prevent Them
Weak Antivirus Software and Other Protections
Threat actors are devising increasingly sophisticated ways to breach antivirus software, firewalls, and other measures of protection. Many threat actors manage to sidestep these defenses without being detected.
How to prevent
You can implement web browsing proxies, content filtering, and email scanners, to prevent threats before they reach the user’s browser. To provide additional layers of protection, deploy endpoint protection platforms (EPP), which can detect unknown and fileless threats, using machine learning-based analysis.
Additionally, organizations should implement automated patching, to ensure browsers, operating systems and other software is always running the latest, most secure, version. Employee training is also essential, because it can help users avoid falling for phishing and other social engineering attacks, and reduce their exposure to threats.
Learn more in our detailed guides about:
Redirects and Pop up Ads
Pop ups are commonly used by threat actors as a means to infect computers with malicious code. The pop up may try to coerce users into accessing unsafe web pages, or downloading malware. There are various techniques for forcing users to interact with the popup—attackers may create a popup that cannot be closed, or include a warning that will urge the user to download a malicious payload.
Another technique is malicious redirects—these take the user from a safe web page to a malicious page. The malicious page may use browser or operating system vulnerabilities to trigger a drive-by download, might announce a warning or a threat, to trick users into downloading malware, or may pretend to be a legitimate page requesting the user’s sensitive details.
How to prevent
Popup and ad blockers can be very effective in reducing the threat of these attack techniques. Content filtering solutions can add another layer of defense, preventing malicious content from being displayed to users in the first place. Web filtering can be deployed on the user’s device or at the enterprise level—for example by using a secure web gateway (SWG).
Browser Extensions and Plugins
Plugins and browser extensions help improve user experience and extend the functionality of websites. However, while some plugins are well made, others are poorly designed and introduce vulnerabilities into the site. There are also plugins that are deliberately created with malicious intent.
How to prevent
To prevent this type of threat, create a policy that restricts users from installing plugins and extensions, preferably using a list of allowed and restricted plugins. Another option is adopting centralized software whitelisting and blacklisting solutions—these can be applied to plugins as well, enabling a centrally-governed solution for unsafe plugins.
Related content: read our guide to application whitelisting
Communication with DNS Servers
When a user types an address into a web browser, the browser connects to a DNS server to discover the IP address matching that address. The DNS server is responsible for redirecting the browser to the appropriate site, but attackers can subvert this connection through a variety of means, directing the browser to a malicious site instead.
How to prevent
To protect against DNS attacks, organizations should use a private DNS resolver and ensure it is secure. Another option is to use a secure hosted DNS service, ensuring the DNS provider has strong security and compliance measures.
Saved Passwords and Form Info
Passwords protect valuable information and access to systems and networks. If threat actors manage to steal or decipher passwords, they can use these credentials to gain unauthorized access to certain systems and databases, or the entire network. The problem is that many users create the same weak password for many accounts, and use their browser to save passwords in an unprotected way.
How to prevent
It is critical to educate users not to use the browser’s password saving feature, and if possible, to disable it. However, because users do need a way to remember and organize passwords, organizations should implement password management software with the appropriate security and access control features.
A stronger, more effective measure is multifactor authentication (MFA). You can provide more than one way for a user to authenticate—using a piece of information they know (like a password), something they possess (like a mobile device or security token), or a personal characteristic (for example, their voice or fingerprint).
Browser Security Solutions
Here are a few technical solutions that can improve browser security in your organization.
The standard web browser is installed on an endpoint device, where it communicates directly with the web to search for information or process transactions. When users interact with the Internet via a standard web browser, they may expose their device to threats.
An alternative to a device-based browser, which can help mitigate web-based threats, is a virtual browser. This is a web browser hosted in a virtual environment, completely isolated from the operating system of the end-user device. This ensures that if the user comes across a malicious script or downloads malware, the script or malicious software executes within the virtual machine, and cannot harm the underlying operating system or access the user’s data.
A virtual browser can be isolated in various ways, most commonly by running on a virtual machine, but also using container engines like Docker, or dedicated browser sandboxing platforms.
The downside of virtual browsers is that they often require a large amount of system resources, can slow down the user’s machine, and may be complex to deploy.
Learn more in our detailed guide to virtual browsers
Remote Browser Isolation (RBI)
To provide an extra layer of security when users surf the web, organizations can provide a web browser that is hosted in the cloud. This is known as remote browser isolation. Remote browsing lets users take advantage of the public internet, while maintaining physical isolation from the user’s workstation or mobile device.
Just like a virtual browser, RBI ensures that if the user comes in contact with threats while using the Internet, the infection is contained within the cloud infrastructure and cannot bridge the physical distance between the browser and the local machine.
A downside of RBI is that the user needs to access the remote browser over an Internet connection, and this can introduce latency and performance issues.
Learn more in our detailed guide to remote browsers
A web filter is a software application that reviews content in web pages and either grants or denies permission to view the content. To determine whether or not to display the content, the web filter uses a predefined set of rules, or more advanced methods such as machine learning-based analysis.
Organizations use web filtering to prevent users from accessing web content that may be malicious (such as web pages that trigger drive-by downloads or run malicious scripts) and content that is not suitable for the workplace. The goal of web filtering is to increase productivity, reduce accountability, and protect corporate networks from web-based threats.
Web filtering solutions can perform additional functions such as traffic analysis reporting, soft blocking (warning users of unsuitable content before access is blocked), and the ability for administrators to unblock specific content at the request of users.
Learn more in our detailed guide to web filtering
Secure Web Gateway
Secure Web Gateway (SWG) solutions can help companies achieve two main goals: protecting against web-based threats and implementing corporate policies for web traffic. These solutions typically combine several technologies, such as URL filters, malware scanners, and application controls.
Organizations use SWG solutions to improve browser security, and allow employees and third parties to safely navigate the web without compromising the corporate network.
Learn more in our detailed guide to Secure Web Gateways (SWG) coming soon.
Educate Your Users: 6 Browser Security Best Practices
Browser security is not complete without user education. Over 90% of cyber attacks include a form of social engineering, and your users are the weakest link in the browser security chain. Teach your users the following best practices, to ensure they adopt safe browsing practices and help protect the organization from threats.
1. Keep Browsers Up-to-Date
Keeping your browser software updated is an essential part of browser security and must never be overlooked. Hackers are constantly hunting for flaws in browsers that they can exploit, with new vulnerabilities being exposed every day.
On company-owned devices, ensure you have an automated patching mechanism to update browsers to the latest version. On user-owned devices, educate users to always run the most up-to-date version of the web browser to protect themselves and the network from browser attacks.
2. Use HTTPS
When visiting a website, users should make sure the site uses HTTPS, which is a secure, encrypted communication protocol. Users should look for the green padlock in the URL bar of the browser, and if it isn’t there (a warning will typically be displayed), avoid using the website.
Users must be aware that HTTPS encrypts the data transmitted between the browser and a website, so it cannot be intercepted. In particular, when the user enters confidential data into the browser, they must ensure that the green padlock appears, otherwise attackers can intercept their communication and steal the data.
3. Use Unique Passwords
Reusing the same password across multiple sites means attackers can compromise a user’s sensitive information more easily, as they can access multiple resources once they have cracked a single password. Users need to understand that billions of cracked passwords are freely available on the dark web, probably including their own weak, reused passwords.
Give users a simple technique to generate strong, unique passwords they can remember. Alternatively, provide an automated mechanism to generate strong passwords. Ensure that users change their passwords frequently, at least every 90 days.
4. Disable Auto-Complete for Forms
Most browsers, as well as many websites, provide the option of remembering passwords and personal details entered into forms. This information, intended to make it easier to revisit websites and fill out forms in future, provides a reservoir of data that attackers can exploit. Hidden fields allow websites to steal form data.
Educate users that an attacker can more easily detect if they have enabled auto-complete for forms. If they remain logged into a site, attackers can hijack their browsing session and steal their data. Users must disable auto-complete features on the browser are disabled and clear any stored passwords.
5. Block Pop-ups and Ads
Pop-up windows are usually a form of online advertisement designed to drive web traffic or obtain the user’s email address. A pop-up window typically opens a new web browser window displaying an advertisement.
While many pop-ups are displayed by well-known companies and are safe, malicious sites and adware programs generate pop-ups that can deliver malware or spyware to user devices, hijack browser sessions, or perform other malicious activity.
Ads can also be malicious—there have been many cases of advertisements shown on legitimate publisher websites, which contained malicious scripts that could do damage to visitors.
Modern browsers have a built-in ability to block popups, and users should enable this option. It is preferable for users to install a browser extension from a known, safe software provider to block popups and ads.
Cookies are small text files that are stored in the browser cache when a user visits certain websites. There are two main types of cookies:
- First party cookies are stored directly by the websites you visit and may contain information such as username and login credentials. This allows users to quickly login on subsequent visits, and remembers their session data. However, these cookies are an attractive target for cybercriminals, who can use them to steal user credentials or sensitive data.
- Third party cookies are served by the website the user is visiting, on behalf of an external website or advertiser. They may be used to track the user’s activities for marketing purposes, but may also be used for malicious purposes.
Cookies may be stored on a user’s system for weeks or longer, unless browser settings specify that cookies should be deleted on a regular basis. Users should specify conservative cookie settings, enabling cookies, but limiting the time cookies stay on their system, and requiring explicit permission before accepting cookies.
Browser Security with Hysolate
Hysolate is more than just a remote virtual browser. Hysolate isolates your entire Operating System, so your team can get their jobs done in a productive, secure way. Within Hysolate users can access not just untrusted websites, but also applications, documents and external peripherals like USBs and printers in a fully isolated “untrusted environment”, that doesn’t introduce malicious threats to their corporate or sensitive data in the main OS.
Hysolate sits on user endpoints, eliminating UX issues like lag and latency with heavier applications, but it also comes with full admin management from the cloud. That means that admins can deploy Hysolate at scale across their company, including different settings for different teams, and can also wipe a Workspace if it contains malicious activity, or if it is no longer needed.