Learn free form Wikipedia’s selection and earn gcl, European Chamber’s world recognized commercial certificate



Download 7.78 Mb.
Page41/173
Date19.10.2016
Size7.78 Mb.
#3503
1   ...   37   38   39   40   41   42   43   44   ...   173

Browser security


Browser security is the application of internet security to web browsers to protect computer systems, networks, and data, from malware or breaches of privacy. Browser security exploits often use JavaScript - sometimes with cross-site scripting (XSS)[1] - sometimes with a secondary payload using Adobe Flash,[2] but can also take advantage of many other vulnerabilities (security holes) that are commonly exploited in all browsers; including Mozilla Firefox,[3] Google Chrome,[4] Opera[5] and  Microsoft Internet Explorer.[6]

Breaches of browser security are usually for the purpose of bypassing protections to display pop-up advertising[7] collecting personally identifiable information (PII) for either internet marketing or identity theft, website tracking or web analytics about a user against their will using tools such as webvbugs, Clickjacking, Likejacking (where Facebook's like button is targeted)[8][9][10][11], HTTP cookies, zombie cookies or Flash cookies (Local Shared Objects or LSOs);[2] installing adware, viruses, spyware such as Trojan horses (to gain access to users' personal computers via cracking) or other malware including online banking theft using man-in-the-browser attacks.

Vulnerabilities in the browser software itself can be minimised by keeping browser software updated[12] but will not be sufficient if the underlying operating system is compromised, for example, by a rootkit.[13] Some subcomponents of browsers such as scripting, add-ons, and cookies are particularly vulnerable ("the confused deputy problem") and also need to be addressed.

Following the principle of defence in depth, a fully patched and correctly configured browser may not be sufficient to ensure that browser-related security issues cannot occur. For example, a rootkit can capture keystrokes while someone logs into a banking website, or carry out a man-in-the-middle attack by modifying network traffic to and from a web browser. DNS hijacking or DNS spoofing may be used to return false positives for mistyped website names, or to subvert search results for popular search engines. Malware such as RSPlug simply modifies a system's configuration to point at rogue DNS servers.

Browsers can use more secure methods of network communication to help prevent some of these attacks:


  • DNS: DNSSec and DNSCrypt, for example with non-default DNS servers such as Google Public DNS or OpenDNS.

  • HTTP: HTTP Secure and SPDY with digitally signed public key certificates or Extended Validation Certificates.

Perimeter defenses, typically through firewalls and the use of filtering proxy servers that block malicious websites and perform antivirus scans of any file downloads, are commonly implemented as a best practice in large organisations to block malicious network traffic before it reaches a browser.

Firewall


firewall can either be software-based or hardware-based and is used to help keep a network secure. Its primary objective is to control the incoming and outgoing network traffic by analyzing the data packets and determining whether it should be allowed through or not, based on a predetermined rule set. A network's firewall builds a bridge between an internal network that is assumed to be secure and trusted, and another network, usually an external (inter)network, such as the Internet, that is not assumed to be secure and trusted.[1]

Many personal computer operating systems include software-based firewalls to protect against threats from the public Internet. Many routers that pass data between networks contain firewall components and, conversely, many firewalls can perform basic routing functions.[2]



Types

There are different types of firewalls depending on where the communication is taking place, where the communication is intercepted and the state that is being traced.[13]



Network layer or packet filters

Network layer firewalls, also called packet filters, operate at a relatively low level of the TCP/IP protocol stack, not allowing packets to pass through the firewall unless they match the established rule set. The firewall administrator may define the rules; or default rules may apply. The term "packet filter" originated in the context of BSD operating systems.

Modern firewalls can filter traffic based on many packet attributes like source IP address, source port, destination IP address or port, destination service like WWW or FTP. They can filter based on protocols, TTL values, netblock of originator, of the source, and many other attributes.

Commonly used packet filters on various versions of Unix are ipf (various), ipfw (FreeBSD/Mac OS X), pf (OpenBSD, and all other BSDs), iptables/ipchains (Linux).



Application-layer

Application-layer firewalls work on the application level of the TCP/IP stack (i.e., all browser traffic, or all telnet or ftp traffic), and may intercept all packets traveling to or from an application. They block other packets (usually dropping them without acknowledgment to the sender).

On inspecting all packets for improper content, firewalls can restrict or prevent outright the spread of networked computer worms and trojans. The additional inspection criteria can add extra latency to the forwarding of packets to their destination.

Application firewalls function by determining whether a process should accept any given connection.



Proxies

A proxy server (running either on dedicated hardware or as software on a general-purpose machine) may act as a firewall by responding to input packets (connection requests, for example) in the manner of an application, while blocking other packets. A proxy server is a gateway from one network to another for a specific network application, in the sense that it functions as a proxy on behalf of the network user.[15]

Proxies make tampering with an internal system from the external network more difficult and misuse of one internal system would not necessarily cause a security breach exploitable from outside the firewall (as long as the application proxy remains intact and properly configured). Conversely, intruders may hijack a publicly-reachable system and use it as a proxy for their own purposes; the proxy then masquerades as that system to other internal machines. While use of internal address spaces enhances security, crackers may still employ methods such as IP spoofing to attempt to pass packets to a target network.

Network address translation

Firewalls often have network address translation (NAT) functionality, and the hosts protected behind a firewall commonly have addresses in the "private address range", as defined in RFC 1918. Firewalls often have such functionality to hide the true address of protected hosts. Originally, the NAT function was developed to address the limited number of IPv4 routable addresses that could be used or assigned to companies or individuals as well as reduce both the amount and therefore cost of obtaining enough public addresses for every computer in an organization. Hiding the addresses of protected devices has become an increasingly important defense against network reconnaissance.




Download 7.78 Mb.

Share with your friends:
1   ...   37   38   39   40   41   42   43   44   ...   173




The database is protected by copyright ©ininet.org 2024
send message

    Main page