Firefox - Secure Web Browser
-
Upload
hossam-el-hamalawy -
Category
Documents
-
view
223 -
download
0
Transcript of Firefox - Secure Web Browser
7/31/2019 Firefox - Secure Web Browser
http://slidepdf.com/reader/full/firefox-secure-web-browser 1/9
Firefox - secure Web browser
Mozilla Firefox is a free and increasingly popular Internet browser. Its functioning is enhanced by the inclusion of numerous add-ons, including some
that are designed to make Firefox more private, safer and more secure.
Homepage
www.mozilla.com/firefox
Computer Requirements
All Windows Versions
Version
3.0.4
License
Free and Open-Source Software
Level: 1: Beginner, 2: Average 3: Intermediate, 4: Experienced, 5: Advanced
Time required to start using these tools: 20 - 30 minutes
What you will get in return:
A stable and secure Internet browser whose features can be enhanced by numerous add-ons
The ability to protec t yourself from potentially dangerous programs and malicious websites
The ability to clean traces of your Internet browsing sessions from the computer
1.1 Things you should know about this tool before you start
This chapter assumes that you already know how to use a web browser; it will not explain how to use the Firefox browser functions. Its purpose is to
explain some additional functions that will make Firefox more secure.
Mozilla Add-ons are designed specifically for the Firefox web browser. Add-ons (also referred to as 'extensions' or 'plugins'), are small programs that
add or extend different features to a host application--in this instance, Firefox.
In this chapter, you will learn how to download, install and use the following Mozilla Add-ons to increase the privacy, safety and security of your Firefox
web browser, and of your Internet experience as a whole.
The NoScript Add-on is documented separately in section 4.0 NoScript
The following Add-ons are documented in section 5.0 More Firefox Add-ons:
FireKeeper
Form Fox
McAfee Site Advisor
Petname Tool
FireGPG
How to Configure Privacy and Security Settings
Firefox has many easy-to-use options for protecting your privacy and security whenever you access the Internet. How you configure them depends
on your situation:
If you are in a public location or at work, you may have to re-configure these settings for your own needs.
If you are using your personal computer and do not allow others to use it for Internet purposes, you need only configure these settings once.
You can also carry a portable version of Firefox on a USB memory stick with you. This lets you configure Firefox to your requirements and you
can use this version on any public computer.
Step 1. Select: Tools > Options in the Firefox menu bar to activate the Options window as follows:
fox - secure Web browser 06/03/2009 01:32
//en.security.ngoinabox.org/book/export/html/123 1 of 9
7/31/2019 Firefox - Secure Web Browser
http://slidepdf.com/reader/full/firefox-secure-web-browser 2/9
Figure 1: The Options window in Main mode
Note: Click: Main if you are not automatically directed to the Main window as shown in Figure 1 .
Here you will find the main configuration settings for Firefox.
2.1 How to Configure the Privacy window
The Privacy window lets you manage privacy and security options for the browser.
Step 1. Click: Privacy to activate the following screen:
Figure 2: The Privacy window
The History section
The History section lets you manage your Firefox browser 'history', that is, a list of all the different sites you have visited since you began using the
program. By disabling the following options, you will leave no trace of the website addresses you have visi ted on this computer.
Step 2. Click to disable both the Remember visited pages for the last [number of] days and Remember what I enter in forms and the search bar
options (if this option was not previously enabled) as shown below:
fox - secure Web browser 06/03/2009 01:32
//en.security.ngoinabox.org/book/export/html/123 2 of 9
7/31/2019 Firefox - Secure Web Browser
http://slidepdf.com/reader/full/firefox-secure-web-browser 3/9
Figure 3: The disabled options in the History section
The Cookies section
The Cookies section lets you manage how and when you let cookies download themselves onto your workstation. A cookie is a file used to
authenticate, maintain or track your Internet behaviour and habits. Every time you vis it a particular web site, its cookies automatically download
themselves onto your computer. For example, when you open some webmail login pages, your user name automatically appears. This is because that
site has set a cookie on your computer and associated your login page with that cookie. Although many cookies are required for accessing and
browsing Internet sites, some might be designed for potentially harmful or malicious purposes. Therefore, i t is strongly recommended that you delete all
cookies downloaded to your computer after you have finished using Firefox. Please refer to The Private Data section below to learn how to do this.
Step 3. Activate the Keep until: drop-down list to view its options as follows:
Figure 4: The Keep until: drop-down list
Step 4. Choose I close Firefox option.
The Private Data section
The Private Data section lets you manage how information collected when browsing the Internet is treated. This includes the cache, cookies, web
history, and temporary files. You are strongly advised to clear All Private Data after you have finished browsing the Internet, especially when using
computers designated for public use.
Step 5. Click to enable the Always clear my data when I close Firefox and Ask me before clearing private data options (if these options were not
previously enabled).
Step 6. Click: and check all the options in the window presented.
Figure 5: The Clear Private Data screen
Step 7. Click: and again to confirm your settings.
Note: To clear your private data held in the Firefox browser at any time simply Select: Tools > Clear Private Data or press the Ctrl+Shift+Del keys.
The Private Data section is now set to delete cookies after each session, and duplicates the behaviour previously set in the 'Cookies' section. It is a
good idea to enable both options, given the importance of clearing cookies. The other forms of private data, such as history and passwords, are only
visible to people who are s itting at your computer, so you might occasionally decide not to clear all of them. Remember that cookies can be sent to the
web sites you visit, which makes them especially vulnerable.
For an advanced and more secure way of deleting temporary data, please refer to the Ccleaner chapter.
2.2 How to Configure the Security window
Among other things, the Security window lets you manage how your login and password information is stored. Although many browsers are equipped to
save and store this information, it is strongly recommended that you do not use them, as they could pose a security risk. For more information on
password storage, please refer to KeePass chapter.
Step 1. Click: Security to activate the following window:
fox - secure Web browser 06/03/2009 01:32
//en.security.ngoinabox.org/book/export/html/123 3 of 9
7/31/2019 Firefox - Secure Web Browser
http://slidepdf.com/reader/full/firefox-secure-web-browser 4/9
Figure 6: The Security window
In the first section, it is a good idea to check the Tell me if the site I'm visiting is a suspected forgery option. In addition to this, you can use a
combination of Add-ons from section 5.0 More Firefox Add-ons, like FormFox and McAfee SiteAdvisor to automatically inform you if you are visiting
an unsafe web site.
The other settings in the Security window can be left as they are by default.
Installing Firefox Add-ons
Downloading and installing Mozilla Add-ons is quick and s imple. To begin downloading and installing different Add-ons, follow these steps:
Step 1. Select: Start > Mozilla Firefox or double-click the Firefox desktop icon to open Firefox.
Step 2. Type https://addons.mozilla.org/ into the address bar, then press Enter to activate the Mozilla Add-ons page.
Step 3. Type the Add-on name (for example, NoScript) into the Mozilla search field, then click Search to find that Add-on.
Step 4. Click the button to activate the Software Installation screen for that Add-on.
Step 5. Click the button to begin installation.
Note: If you are installing add-ons from non-Mozilla websites, you may need to Allow that webpage to load the installation windows. You will find the
in the top right-hand corner.
Step 6. Click the Restart Firefox button to close, then re-open Firefox with the Add-on(s) in operation.
Tip: You can also find some of these Firefox Add-ons on various websites. They will always have an .xpi file extension (for example, noscript-1.6.8-
fx+mz+sm.xpi).
To confirm that your Add-on has been downloaded, Select: Tools > Add-ons in the Firefox menu bar to activate the following screen:
fox - secure Web browser 06/03/2009 01:32
//en.security.ngoinabox.org/book/export/html/123 4 of 9
7/31/2019 Firefox - Secure Web Browser
http://slidepdf.com/reader/full/firefox-secure-web-browser 5/9
Figure 7: The Mozilla Firefox Add-ons screen
Note: Certain add-ons, notably McAfee SiteAdvisor , should be downloaded from their own respective sites.
NoScript
NoScript is a particularly useful Mozilla Add-on that can help protect your computer from malicious websites on the Internet. It operates by
implementing a 'white list' of sites that you have determined as being acceptable, safe or trusted (like a home-banking site or an on-line journal). All
other sites are considered potentially harmful and their functioning is restricted, until you decide that the site's content presents no harm and add it to
the white list.
4.1 How to Use NoScript
After you have downloaded NoScript and restarted Firefox, the NoScript icon appears in the bottom right corner of the Firefox status bar as follows:
Figure 8: The NoScript button
Note: You will find that after installing NoScript some web sites may not load properly; the reason for this will be explained below.
To begin using NoScript, perform the following steps:
Step 1. Click: to activate its pop-up menu as follows:
Figure 9: The NoScript pop-up menu
NoScript also has i ts own status bar. It displays information about which objects (for example, advertisements and pop-up messages) and scripts are
currently prevented from executing themselves on your system. The Options button lets you activate the NoScript Options screen, and appears in the
right corner as follows:
Figure 10: The NoScript status bar
After installation, NoScript will automatically start blocking all pop-up advertisements, banners, Java code and JavaScript, as well as other potentially
harmful attributes of a web site. NoScript cannot differentiate between harmful content and content necessary to correctly display a web site. It is up to
you to make exceptions for those sites with content that you think is safe.
Here are two examples of NoScript at work: In Figure 11 , NoScript has successfully blocked an advertisement on a commercial website. In Figure 12 ,the Air Canada web site notifies you that JavaScript must be enabled (at least temporarily) to view this web site.
fox - secure Web browser 06/03/2009 01:32
//en.security.ngoinabox.org/book/export/html/123 5 of 9
7/31/2019 Firefox - Secure Web Browser
http://slidepdf.com/reader/full/firefox-secure-web-browser 6/9
Figure 11: An example of NoScript blocking a pop-up advertisement in a commercial site
Figure 12: The Air Canada site requesting that JavaScript be enabled
Sometimes NoScript will only partially block JavaScript. When this happens, the following message and symbol appears:
Since NoScript does not differentiate between malicious and real code, you might find that certain key features and functions (for instance, a tool bar)
are missing. Simply:
Step 2: Click and select either
the Temporarily Allow [web site name] option to allow all code for this session or
the Allow [web site name] option for a permanent rule to enable all code on the webpage
Tip: Although NoScript might seem a little frustrating at firs t, (as the websites you have always visited may not display properly), you will immediately
profit from the automated object-blocking feature. This will restric t pesky advertisements, pop-up messages and malicious code built (or hacked) into
web pages.
4.2 How to Use the NoScript Options (Experienced and Advanced Users Only)
NoScript can be configured to defend your system against cross-site scripting attacks (XSS), including the blocking of JAR remote resources. A
cross-si te script is a computer security vulnerability that permits hackers and other intruders to 'inject' a computer bug or virus into the existing code
used in a web browser, (particularly code written in HTML, Java and JavaScript or other browser-supported languages). Indeed, a single web site
could attract multiple attacks from different sites, if they have either advertising or links to that si te. Attacks like this can be also generated by third
party web sites. If you are knowledgeable about computers and software, NoScript has a number of tabs for configuring certain security parameters to
protect your systems from these kinds of attacks.
To access these features perform the following steps:
Step 1. Click: to activate its pop-up menu, then select Options to activate the NoScript Options screen. Then choose the Advanced tab as
follows:
Figure 13: The NoScript Options screen with the Advanced tab in active mode
fox - secure Web browser 06/03/2009 01:32
//en.security.ngoinabox.org/book/export/html/123 6 of 9
7/31/2019 Firefox - Secure Web Browser
http://slidepdf.com/reader/full/firefox-secure-web-browser 7/9
Step 2. Click a tab (for instance JAR or XSS ), and then check the options and/or specify your exceptions where required.
Tip: For more comprehensive and detailed information about NoScript, please refer to http://noscript.net/ and http://noscript.net/faq
The Plugins tab lets you set additional restrictions for both trusted and untrusted sites.
Figure 14: The NoScript Options screen with the Plugins tab in active mode
More Firefox Add-ons
In this section, you will learn about other useful Mozilla Add-Ons. They can enhance or refine your Internet safety and security when accessing
different web sites, and when performing transactions.
Important: Sometimes, conflicts might arise between different tools or different vers ions of a tool. If you think a particular tool is negatively affecting
the overall performance of your system, uninstall it and see i f your system begins to function normally thereafter. If the recommended add-ons below
begin to conflict with each other (as may happen with NoScript) decide which one is more important for you and uninstall the other.
Note: A number of these download sites run non-malicious JavaScript programs. If you have already installed NoScript, you can temporarily allow therunning of scripts to download a specific add-on.
5.1 Firekeeper
Firekeeper describes itself as 'Intrusion Detection and Prevention System'. In layman's terms, Firekeeper detects and informs the user about
malicious s ites that sometimes attempt to exploit security vulnerabilities in Firefox to hijack your computer system. Basically, Firekeeper act ively
scans all incoming data and automatically blocks suspicious content. It also informs you about different attacks that have been launched against your
system, frequently originating from the same web si te.
Figure 15: An example of a Firekeeper Alert screen
5.2 FormFox
FormFox displays the actual destination of a web form. It lets you determine whether it is safe to submit important personal information such as your
credit information, email, password, user name and related information. FormFox figures out and displays the actual destination of a web form thatmay only appear to be a legitimate, safe or trusted site. Before clicking Enter , Login or Submit buttons or links on any electronic form, roll your cursor
over that button to activate a tooltip that displays the actual destination of your information.
Important: Remember, just because a web form is displayed on a secure page, it does not necessarily mean that it will send your information to a
destination that is equally secure.
fox - secure Web browser 06/03/2009 01:32
//en.security.ngoinabox.org/book/export/html/123 7 of 9
7/31/2019 Firefox - Secure Web Browser
http://slidepdf.com/reader/full/firefox-secure-web-browser 8/9
Figure 16: An example of a FormFox tooltip
5.3 McAfee SiteAdvisor
McAfee SiteAdvisor is proprietary software designed for use with all Internet browsers, including Firefox. McAfee SiteAdvisor
maintains a huge on-line database containing information about different web sites. It displays information about malicious or unknown sites, as well as
the reliable or safe ones. It also rates different links that arise when you perform an Internet search. SiteAdvisor is constantly scanning the Internet
with an automated search engine to help you to review these s ites.
Figure 17: An example of McAfee SiteAdvisor rating sites
5.4 Petname Tool
Petname Tool is a memory aid that helps you to recall your experience of, or history with a given web site. However, the Petname Tool is only
enabled whenever you visit a site using a Secure Socket Layer (SSL - for more info see How-to Booklet chapter 7. Keeping your Internet
Communication Private). A text box will appear on the right side of the Firefox toolbar. Simply type a descriptive note about that site in the text box; it
will appear the next time you vis it that site, assuring you that you are v isiting the exact same site you had previously visi ted. This minimises the risk of
Internet fraud, phishing or 'spoofing'. Petname displays i tself in three modes:
Disabled and greyed out displaying the word 'untrusted': This indicates that this is not an SSL page!
A yellow background, displaying the word 'untrusted': This indicates that this is an SSL page.
A green background, displaying a note you had previously written: This indicates that this page is from an SSL site that you have previously
visited.
5.5 FireGPG
FireGPG is a Fi refox Add-on that lets you decrypt and encrypt text shown on a web page. It is ideal for increasing the privacy of your webmail
communications. FireGPG uses the Public Key Encryption (PKE) model. It has a special feature for Gmail accounts that makes the encryption
process even easier.
Note: FireGPG requires the prior installation of the Gnu Privacy Guard encryption software & the creation of a keypair.
For more information about how SafeHistory works, please refer to http://getfiregpg.org/install.html
5.6 Removing Mozilla add-ons
To uninstall any of the Mozilla add-ons perform the following steps.
Step 1: In the Firefox menu, select Tools > Add-ons
Step 2: Choose the desired add-on and click: Uninstall
fox - secure Web browser 06/03/2009 01:32
//en.security.ngoinabox.org/book/export/html/123 8 of 9
7/31/2019 Firefox - Secure Web Browser
http://slidepdf.com/reader/full/firefox-secure-web-browser 9/9
Figure 18: The Firefox add-ons screen
FAQ and Review
Muhindo and Salima easily understand some of the recommended Firefox Add-ons, but find others a little more difficult to grasp. Fortunately, Assani
is able to help them better understand these more complex but still useful Add-ons.
Q : Since I'm already using NoScript to protect me from webpages that try to load malicious scripts, is there any reason to use FireKeeper as well?
A: NoScript blocks all scripts from unknown pages, but users tend to 'whitelist' the pages they vis it frequently, which allows those pages to load
potentially-malicoius scripts. NoScript users also tend to allow unknown sites to load scripts, on a temporary basis, i f those scripts are necessary for
the page to function properly. FireKeeper monitors content from all websites and tries to tell the difference between malicious scripts and safe ones.While this is a much more difficult job, Firekeeper updates itself periodically, so it should get better over time. Firekeeper also keeps you informed
about potentially malicious websites even if Fi refox is not vulnerable to them. This is useful because the next time you visit that si te, you might be
using a different browser.
6.1 Questions to test yourself with after completing this chapter
How do you erase your temporary Internet history, cookies and cache from your browser?1.
What kinds of attacks can NoScript protect your system from?2.
From what attacks can SafeCache and SafeHistory protect you?3.
fox - secure Web browser 06/03/2009 01:32