Firefox - Secure Web Browser

9
7/31/2019 Firefox - Secure Web Browser http://slidepdf.com/reader/full/firefox-secure-web-browser 1/9 Firefox - secure Web browser Mozilla Firefox is a free and increasi ngly popular Internet browser. Its functioning is e nhanced by the inclusion of numerous add-ons, including some that are designed to make Firefox more private, safe r and more sec ure. Homepage www.mozilla.com/firefox Computer Requirements  All Windows Versions Version 3.0.4 License Free and Open-Source Software Level : 1: Beginner, 2: Average 3: Intermediate, 4: Experienced, 5: Advanced Time required to start using these tools : 20 - 30 minutes What you will get in return:  A stable and secure Internet browser whose features can be enhanced by numerous add-ons The ability to protec t yourself from potentially dangerous programs and malicious websites The ability to clean traces of your Internet browsing sessions from the computer 1.1 Things you should know about this tool before you start This chapter assumes that you already know how to use a web browser; it will not explain how to use the Firefox browser functions. Its purpose is to explain some additional functions that will make Firefox more secure. Mozilla Add-ons are designed specifically for the Firefox web browser.  Add-ons (also referred to as 'extensions' or 'plugins'), are small programs that add or extend different features to a host application--in this instance, Firefox. In this chapter, you will learn how to download, install and use the following Mozilla Add-ons to increas e the privacy, safety a nd security of yo ur Firefox web browser, and of your Internet experience as a whole. The NoScript Add-on is documented separately in section 4.0 NoScript The following Add-ons are documented in section 5.0 More Firefox Add-ons: FireKeeper Form Fox McAfee Site Advisor Petname Tool FireGPG How to Configure Privacy and Security Settings Firefox has many easy-to-use options for protecting your privacy and security whenever you access the Internet. How you configure them depends on your situation: If you are in a public locati on or at work, you may have to re-configure these settings for y our own needs. If you are using your personal computer and do not allow others to use it for Internet purposes, you need only configure these s ettings once. You can also carry a portable versio n of Firefox on a USB memory stick with you. This lets you configure Firefox to your requirements and you can use this version on any public computer. Step 1. Select: Tools > Options in the Firefox menu bar to activate the Options window as follows: fox - secure Web browser 06/03/2009 01:32 //en.security.ngoinabox.org/book/export/html/123 1 of 9

Transcript of Firefox - Secure Web Browser

Page 1: Firefox - Secure Web Browser

7/31/2019 Firefox - Secure Web Browser

http://slidepdf.com/reader/full/firefox-secure-web-browser 1/9

Firefox - secure Web browser 

Mozilla Firefox is a free and increasingly popular Internet browser. Its functioning is enhanced by the inclusion of numerous add-ons, including some

that are designed to make Firefox more private, safer and more secure.

Homepage

www.mozilla.com/firefox

Computer Requirements

 All Windows Versions

Version

3.0.4

License

Free and Open-Source Software

Level: 1: Beginner, 2: Average 3: Intermediate, 4: Experienced, 5: Advanced

Time required to start using these tools: 20 - 30 minutes

What you will get in return:

 A stable and secure Internet browser whose features can be enhanced by numerous add-ons

The ability to protec t yourself from potentially dangerous programs and malicious websites

The ability to clean traces of your Internet browsing sessions from the computer 

1.1 Things you should know about this tool before you start

This chapter assumes that you already know how to use a web browser; it will not explain how to use the Firefox browser functions. Its purpose is to

explain some additional functions that will make Firefox more secure.

Mozilla Add-ons are designed specifically for the Firefox web browser. Add-ons (also referred to as 'extensions' or 'plugins'), are small programs that

add or extend different features to a host application--in this instance, Firefox.

In this chapter, you will learn how to download, install and use the following Mozilla Add-ons to increase the privacy, safety and security of your Firefox

web browser, and of your Internet experience as a whole.

The NoScript Add-on is documented separately in section 4.0 NoScript

The following Add-ons are documented in section 5.0 More Firefox Add-ons:

FireKeeper 

Form Fox

McAfee Site Advisor 

Petname Tool

FireGPG

How to Configure Privacy and Security Settings

Firefox has many easy-to-use options for protecting your privacy and security whenever you access the Internet. How you configure them depends

on your situation:

If you are in a public location or at work, you may have to re-configure these settings for your own needs.

If you are using your personal computer and do not allow others to use it for Internet purposes, you need only configure these settings once.

You can also carry a portable version of Firefox on a USB memory stick with you. This lets you configure Firefox to your requirements and you

can use this version on any public computer.

Step 1. Select: Tools > Options in the Firefox menu bar to activate the Options window as follows:

fox - secure Web browser 06/03/2009 01:32

//en.security.ngoinabox.org/book/export/html/123 1 of 9

Page 2: Firefox - Secure Web Browser

7/31/2019 Firefox - Secure Web Browser

http://slidepdf.com/reader/full/firefox-secure-web-browser 2/9

Figure 1: The Options window in Main mode 

Note: Click: Main if you are not automatically directed to the Main window as shown in Figure 1 .

Here you will find the main configuration settings for Firefox.

2.1 How to Configure the Privacy window

The Privacy window lets you manage privacy and security options for the browser.

Step 1. Click: Privacy to activate the following screen:

Figure 2: The Privacy window 

The History section

The History section lets you manage your Firefox browser 'history', that is, a list of all the different sites you have visited since you began using the

program. By disabling the following options, you will leave no trace of the website addresses you have visi ted on this computer.

Step 2. Click to disable both the Remember visited pages for the last [number of] days and Remember what I enter in forms and the search bar 

options (if this option was not previously enabled) as shown below:

fox - secure Web browser 06/03/2009 01:32

//en.security.ngoinabox.org/book/export/html/123 2 of 9

Page 3: Firefox - Secure Web Browser

7/31/2019 Firefox - Secure Web Browser

http://slidepdf.com/reader/full/firefox-secure-web-browser 3/9

Figure 3: The disabled options in the History section 

The Cookies section

The Cookies section lets you manage how and when you let cookies download themselves onto your workstation. A cookie is a file used to

authenticate, maintain or track your Internet behaviour and habits. Every time you vis it a particular web site, its cookies automatically download

themselves onto your computer. For example, when you open some webmail login pages, your user name automatically appears. This is because that

site has set a cookie on your computer and associated your login page with that cookie. Although many cookies are required for accessing and

browsing Internet sites, some might be designed for potentially harmful or malicious purposes. Therefore, i t is strongly recommended that you delete all

cookies downloaded to your computer after you have finished using Firefox. Please refer to The Private Data section below to learn how to do this.

Step 3. Activate the Keep until: drop-down list to view its options as follows:

Figure 4: The Keep until: drop-down list 

Step 4. Choose I close Firefox option.

The Private Data section

The Private Data section lets you manage how information collected when browsing the Internet is treated. This includes the cache, cookies, web

history, and temporary files. You are strongly advised to clear  All Private Data after you have finished browsing the Internet, especially when using

computers designated for public use.

Step 5. Click to enable the Always clear my data when I close Firefox and Ask me before clearing private data options (if these options were not

previously enabled).

Step 6. Click: and check all the options in the window presented.

Figure 5: The Clear Private Data screen 

Step 7. Click: and again to confirm your settings.

Note: To clear your private data held in the Firefox browser at any time simply Select: Tools > Clear Private Data or press the Ctrl+Shift+Del keys.

The Private Data section is now set to delete cookies after each session, and duplicates the behaviour previously set in the 'Cookies' section. It is a

good idea to enable both options, given the importance of clearing cookies. The other forms of private data, such as history and passwords, are only

visible to people who are s itting at your computer, so you might occasionally decide not to clear all of them. Remember that cookies can be sent to the

web sites you visit, which makes them especially vulnerable.

For an advanced and more secure way of deleting temporary data, please refer to the Ccleaner chapter.

2.2 How to Configure the Security window

 Among other things, the Security window lets you manage how your login and password information is stored. Although many browsers are equipped to

save and store this information, it is strongly recommended that you do not use them, as they could pose a security risk. For more information on

password storage, please refer to KeePass chapter.

Step 1. Click: Security to activate the following window:

fox - secure Web browser 06/03/2009 01:32

//en.security.ngoinabox.org/book/export/html/123 3 of 9

Page 4: Firefox - Secure Web Browser

7/31/2019 Firefox - Secure Web Browser

http://slidepdf.com/reader/full/firefox-secure-web-browser 4/9

Figure 6: The Security window 

In the first section, it is a good idea to check the Tell me if the site I'm visiting is a suspected forgery option. In addition to this, you can use a

combination of Add-ons from section 5.0 More Firefox Add-ons, like FormFox and McAfee SiteAdvisor to automatically inform you if you are visiting

an unsafe web site.

The other settings in the Security window can be left as they are by default.

Installing Firefox Add-ons

Downloading and installing Mozilla Add-ons is quick and s imple. To begin downloading and installing different Add-ons, follow these steps:

Step 1. Select: Start > Mozilla Firefox or double-click the Firefox desktop icon to open Firefox.

Step 2. Type https://addons.mozilla.org/ into the address bar, then press Enter to activate the Mozilla Add-ons page.

Step 3. Type the Add-on name (for example, NoScript) into the Mozilla search field, then click Search to find that Add-on.

Step 4. Click the button to activate the Software Installation screen for that Add-on.

Step 5. Click the button to begin installation.

Note: If you are installing add-ons from non-Mozilla websites, you may need to Allow that webpage to load the installation windows. You will find the

in the top right-hand corner.

Step 6. Click the Restart Firefox button to close, then re-open Firefox with the Add-on(s) in operation.

Tip: You can also find some of these Firefox Add-ons on various websites. They will always have an .xpi file extension (for example, noscript-1.6.8-

fx+mz+sm.xpi).

To confirm that your Add-on has been downloaded, Select: Tools > Add-ons in the Firefox menu bar to activate the following screen:

fox - secure Web browser 06/03/2009 01:32

//en.security.ngoinabox.org/book/export/html/123 4 of 9

Page 5: Firefox - Secure Web Browser

7/31/2019 Firefox - Secure Web Browser

http://slidepdf.com/reader/full/firefox-secure-web-browser 5/9

Figure 7: The Mozilla Firefox Add-ons screen 

Note: Certain add-ons, notably McAfee SiteAdvisor , should be downloaded from their own respective sites.

NoScript

NoScript is a particularly useful Mozilla Add-on that can help protect your computer from malicious websites on the Internet. It operates by

implementing a 'white list' of sites that you have determined as being acceptable, safe or trusted (like a home-banking site or an on-line journal). All

other sites are considered potentially harmful and their functioning is restricted, until you decide that the site's content presents no harm and add it to

the white list.

4.1 How to Use NoScript

 After you have downloaded NoScript and restarted Firefox, the NoScript icon appears in the bottom right corner of the Firefox status bar as follows:

Figure 8: The NoScript button 

Note: You will find that after installing NoScript some web sites may not load properly; the reason for this will be explained below.

To begin using NoScript, perform the following steps:

Step 1. Click: to activate its pop-up menu as follows:

Figure 9: The NoScript pop-up menu 

NoScript also has i ts own status bar. It displays information about which objects (for example, advertisements and pop-up messages) and scripts are

currently prevented from executing themselves on your system. The Options button lets you activate the NoScript Options screen, and appears in the

right corner as follows:

Figure 10: The NoScript status bar 

 After installation, NoScript will automatically start blocking all pop-up advertisements, banners, Java code and JavaScript, as well as other potentially

harmful attributes of a web site. NoScript cannot differentiate between harmful content and content necessary to correctly display a web site. It is up to

you to make exceptions for those sites with content that you think is safe.

Here are two examples of NoScript at work: In Figure 11 , NoScript has successfully blocked an advertisement on a commercial website. In Figure 12 ,the Air Canada web site notifies you that JavaScript must be enabled (at least temporarily) to view this web site.

fox - secure Web browser 06/03/2009 01:32

//en.security.ngoinabox.org/book/export/html/123 5 of 9

Page 6: Firefox - Secure Web Browser

7/31/2019 Firefox - Secure Web Browser

http://slidepdf.com/reader/full/firefox-secure-web-browser 6/9

Figure 11: An example of NoScript blocking a pop-up advertisement in a commercial site 

Figure 12: The Air Canada site requesting that JavaScript be enabled 

Sometimes NoScript will only partially block JavaScript. When this happens, the following message and symbol appears:

Since NoScript does not differentiate between malicious and real code, you might find that certain key features and functions (for instance, a tool bar)

are missing. Simply:

Step 2: Click and select either 

the Temporarily Allow [web site name] option to allow all code for this session or 

the Allow [web site name] option for a permanent rule to enable all code on the webpage

Tip: Although NoScript might seem a little frustrating at firs t, (as the websites you have always visited may not display properly), you will immediately

profit from the automated object-blocking feature. This will restric t pesky advertisements, pop-up messages and malicious code built (or hacked) into

web pages.

4.2 How to Use the NoScript Options (Experienced and Advanced Users Only)

NoScript can be configured to defend your system against cross-site scripting attacks (XSS), including the blocking of JAR remote resources. A

cross-si te script is a computer security vulnerability that permits hackers and other intruders to 'inject' a computer bug or virus into the existing code

used in a web browser, (particularly code written in HTML, Java and JavaScript or other browser-supported languages). Indeed, a single web site

could attract multiple attacks from different sites, if they have either advertising or links to that si te. Attacks like this can be also generated by third

party web sites. If you are knowledgeable about computers and software, NoScript has a number of tabs for configuring certain security parameters to

protect your systems from these kinds of attacks.

To access these features perform the following steps:

Step 1. Click: to activate its pop-up menu, then select Options to activate the NoScript Options screen. Then choose the Advanced tab as

follows:

Figure 13: The NoScript Options screen with the Advanced tab in active mode 

fox - secure Web browser 06/03/2009 01:32

//en.security.ngoinabox.org/book/export/html/123 6 of 9

Page 7: Firefox - Secure Web Browser

7/31/2019 Firefox - Secure Web Browser

http://slidepdf.com/reader/full/firefox-secure-web-browser 7/9

Step 2. Click a tab (for instance JAR or XSS ), and then check the options and/or specify your exceptions where required.

Tip: For more comprehensive and detailed information about NoScript, please refer to http://noscript.net/ and http://noscript.net/faq

The Plugins tab lets you set additional restrictions for both trusted and untrusted sites.

Figure 14: The NoScript Options screen with the Plugins tab in active mode 

More Firefox Add-ons

In this section, you will learn about other useful Mozilla Add-Ons. They can enhance or refine your Internet safety and security when accessing

different web sites, and when performing transactions.

Important: Sometimes, conflicts might arise between different tools or different vers ions of a tool. If you think a particular tool is negatively affecting

the overall performance of your system, uninstall it and see i f your system begins to function normally thereafter. If the recommended add-ons below

begin to conflict with each other (as may happen with NoScript) decide which one is more important for you and uninstall the other.

Note: A number of these download sites run non-malicious JavaScript programs. If you have already installed NoScript, you can temporarily allow therunning of scripts to download a specific add-on.

5.1 Firekeeper 

 Firekeeper describes itself as 'Intrusion Detection and Prevention System'. In layman's terms, Firekeeper detects and informs the user about

malicious s ites that sometimes attempt to exploit security vulnerabilities in Firefox to hijack your computer system. Basically, Firekeeper act ively

scans all incoming data and automatically blocks suspicious content. It also informs you about different attacks that have been launched against your 

system, frequently originating from the same web si te.

Figure 15: An example of a Firekeeper Alert screen 

5.2 FormFox

FormFox displays the actual destination of a web form. It lets you determine whether it is safe to submit important personal information such as your 

credit information, email, password, user name and related information. FormFox figures out and displays the actual destination of a web form thatmay only appear to be a legitimate, safe or trusted site. Before clicking Enter , Login or Submit buttons or links on any electronic form, roll your cursor 

over that button to activate a tooltip that displays the actual destination of your information.

Important: Remember, just because a web form is displayed on a secure page, it does not necessarily mean that it will send your information to a

destination that is equally secure.

fox - secure Web browser 06/03/2009 01:32

//en.security.ngoinabox.org/book/export/html/123 7 of 9

Page 8: Firefox - Secure Web Browser

7/31/2019 Firefox - Secure Web Browser

http://slidepdf.com/reader/full/firefox-secure-web-browser 8/9

Figure 16: An example of a FormFox tooltip 

5.3 McAfee SiteAdvisor 

 McAfee SiteAdvisor is proprietary software designed for use with all Internet browsers, including Firefox. McAfee SiteAdvisor 

maintains a huge on-line database containing information about different web sites. It displays information about malicious or unknown sites, as well as

the reliable or safe ones. It also rates different links that arise when you perform an Internet search. SiteAdvisor is constantly scanning the Internet

with an automated search engine to help you to review these s ites.

Figure 17: An example of McAfee SiteAdvisor rating sites 

5.4 Petname Tool

Petname Tool is a memory aid that helps you to recall your experience of, or history with a given web site. However, the Petname Tool is only

enabled whenever you visit a site using a Secure Socket Layer (SSL - for more info see How-to Booklet chapter 7. Keeping your Internet

Communication Private). A text box will appear on the right side of the Firefox toolbar. Simply type a descriptive note about that site in the text box; it

will appear the next time you vis it that site, assuring you that you are v isiting the exact same site you had previously visi ted. This minimises the risk of 

Internet fraud, phishing or 'spoofing'. Petname displays i tself in three modes:

Disabled and greyed out displaying the word 'untrusted': This indicates that this is not an SSL page!

 A yellow background, displaying the word 'untrusted': This indicates that this is an SSL page.

 A green background, displaying a note you had previously written: This indicates that this page is from an SSL site that you have previously

visited.

5.5 FireGPG

FireGPG is a Fi refox Add-on that lets you decrypt and encrypt text shown on a web page. It is ideal for increasing the privacy of your webmail

communications. FireGPG uses the Public Key Encryption (PKE) model. It has a special feature for Gmail accounts that makes the encryption

process even easier.

Note: FireGPG requires the prior installation of the Gnu Privacy Guard encryption software & the creation of a keypair.

For more information about how SafeHistory works, please refer to http://getfiregpg.org/install.html

5.6 Removing Mozilla add-ons

To uninstall any of the Mozilla add-ons perform the following steps.

Step 1: In the Firefox menu, select Tools > Add-ons

Step 2: Choose the desired add-on and click: Uninstall

fox - secure Web browser 06/03/2009 01:32

//en.security.ngoinabox.org/book/export/html/123 8 of 9

Page 9: Firefox - Secure Web Browser

7/31/2019 Firefox - Secure Web Browser

http://slidepdf.com/reader/full/firefox-secure-web-browser 9/9

Figure 18: The Firefox add-ons screen 

FAQ and Review

Muhindo and Salima easily understand some of the recommended Firefox Add-ons, but find others a little more difficult to grasp. Fortunately, Assani

is able to help them better understand these more complex but still useful Add-ons.

Q : Since I'm already using NoScript to protect me from webpages that try to load malicious scripts, is there any reason to use FireKeeper as well? 

A: NoScript blocks all scripts from unknown pages, but users tend to 'whitelist' the pages they vis it frequently, which allows those pages to load 

 potentially-malicoius scripts. NoScript users also tend to allow unknown sites to load scripts, on a temporary basis, i f those scripts are necessary for 

the page to function properly. FireKeeper monitors content from all websites and tries to tell the difference between malicious scripts and safe ones.While this is a much more difficult job, Firekeeper updates itself periodically, so it should get better over time. Firekeeper also keeps you informed 

about potentially malicious websites even if Fi refox is not vulnerable to them. This is useful because the next time you visit that si te, you might be 

using a different browser.

6.1 Questions to test yourself with after completing this chapter 

How do you erase your temporary Internet history, cookies and cache from your browser?1.

What kinds of attacks can NoScript protect your system from?2.

From what attacks can SafeCache and SafeHistory protect you?3.

fox - secure Web browser 06/03/2009 01:32