Browsers And Their Security Features

Browsers And Their Security Features
Through Browsers, we can get access to the information and data resources which are available on the internet. A browser allows users to explore various things available on the internet like web pages, videos, games, music etc. Due to digitization across all spheres around us, almost everything, like financial services, social networking, and shopping, is getting online. And to get access to these services, you need web browsers.
 
A user interacts with a web application through a web browser. It is the browser that plays a key role in accessing the data and rendering them. Exploiting vulnerabilities in web browsers has become an increasing trend for attackers because not many users know how to configure the browsers securely. Hence, everyone needs to be somewhat careful while doing day-to-day transactions. In today’s internet scenario, everything should not be trusted especially in the web apps where Personally Identifiable Information (PII) are stored, Banking and e-Commerce apps where money transactions happen. No matter how secure the web apps are, one needs to be cautious while using these websites in public places like Internet café. This is because there can be add-ons in the web browsers at such places that can store the sensitive data.
 
There are certain things which users need to take care i.e. how to secure their browser and ensure that it has been updated to the latest version. They need to be aware of some of the security mechanisms incorporated in modern browsers like:
  • Popup block,
  • Ad-ware block,
  • Mark of the web (where file came from i.e. origin),
  • secure SSL enhancements (TLS 1.2 is enabled by default),
  • Site pinning
These days, there are some security strategies followed to ensure better security. Some of the approaches are Défense in Depth (to provide multiple layers of protection against the threats), least privilege (to grant the least amount of privileges required for a user) and Minimized attack surface (to reduce vulnerable points as much as in practical). Most of these security features have been incorporated in most of the current browsers.
 
Despite these fortifications in web browsers, attackers still manage to find and exploit weaknesses in browsers, for example, Spear Phishing Attack. These are targeted attacks where an attacker targets a group of people and sends a mail having a drive-by exploit in Internet Explorer 8.
 
Browsers are complex pieces of programs having many subsystems like HTML rendering, JavaScript engine, CSS parser, image parsers, etc. A small error coding error in any of these components can provide the foothold for running malicious code. Take Code Execution for instance. For this type of exploit, an attacker tried to discover a vulnerability in the browser itself to execute arbitrary binary codes. Once they get success, they search for potential victims. Through such malicious codes, they have many options to go for - downloading other malicious packages, stealing sensitive data and sending it to servers abroad, or silently waiting for further instructions from the attacker.
 
Moreover, exploits can also happen due to ActiveX controls / binary extensions. It may be a case where the web browser has no security flaws. But the user needs some extensions or add-ons in the browser and he adds them to the browser without considering much about the security aspect. Here the user is more concerned about the functionality aspect rather than the security one. And this can lead to a security breach! There is a trade-off between security and functionality offered by browsers. So, one needs to find out what’s an acceptable risk in terms of functionality vs security.
 
To summarize, we should ensure that not only the web application but the web browsers are secured. Users should ensure that the web browsers are regularly updated and unsafe add-ons are removed. If possible, the user can also install a plug-in of Anti-Virus in the browsers. And as always, there should be proper security awareness among the users along with proper security policies.   
 
Authored By - Vikash Anand Patnaik
TCS Cyber Security Practice
 
Rate this article: 
4
Average: 4 (1 vote)
Article category: