Web browser Security and Vulnerability Assessment
As a security architect, write a paper that addresses the questions below. Be sure to explain the process and steps you would use, as appropriate.
How would you minimize users clicking on links without considering the risks of their actions?
How would you address Web page addresses that are disguised or take you to an unexpected site?
How would you ensure that third-party software has a mechanism for receiving security updates?
How would you ensure users know how to configure their web browsers securely?
Deliverables:
Your paper should be 4-5 pages in length, not including the title and reference pages.
You must include a minimum of two credible sources and information from the module to support your writing. The Saudi Digital Library is a good source for resources.
Your paper must follow Saudi Electronic University academic writing standards and APA style guidelines, as appropriate.
Web Browser Security and Vulnerability Assessment
The fact that most enterprises today employ the use of the internet to carry out their businesses is the reason why web browser security and vulnerability assessments are the core of every security management team in organizations. Failure to match up to current security measures may result in businesses facing attacks and losing millions alongside a tarnished reputation. Most users need to feel safe when using platforms while at the same time organizations need to ensure that their employees can uphold relevant browser safety measures. There is a need to work on an all-round angle that incorporates the enterprise, third parties, and users as they work onboard any online platform to ensure positive results are delivered seamlessly.
As a security architect, creating awareness is the first step to minimizing users from clicking on links without considering the risks of their actions. Most people don’t understand the grave consequences that may arise alongside their efforts while using the internet. A majority of the same people don’t know how unsecure links look like or simple scams such as phishing attacks. Hence, taking time to train users on secured websites and scammers could help them refrain from falling into traps. On the issue of web browsers, most of them indicate secure sites with an icon on the URL bar (Caplinskas, 2015). How the address starts is also another indicator since “https” has an “s” for secure as opposed to “http”. Once users note these two indicators when browsing, they can be wary of their clicks and avoid unsecured pages if they land on them instead of proceeding further. Phishing attacks have been around for a very long time since the internet was invented. Phishing attacks often come as links in emails whereby those links when clicked prompt the user to enter their social security number, passwords, bank details, or more (Caplinskas, 2015). Users can be trained to avoid clicking on links sent to their emails but rather practice heading to the relevant company’s website and conduct business from there. It is possible to evade malicious people online who want to scam people into giving personal information.
Redirective Web Pages are an indicator of vulnerabilities in one’s web browser. Such redirects are inserted on a user’s website with the impression of an advertisement and can compromise sites DOM properties (Heiderich et al., 2011). As there are different kinds of attacks towards browsers, different techniques are employed to fight such threats. Most web browsers allow for users to configure their extensions and toolbars that may be causing interference when browsing. One can manage add-ons regardless of the browser they are using. It is also reasonable to consider options such as performing a full reset or going into safe mode. Such actions can disable the problematic plugins and get rid of such redirects. In some cases, reinstalling the browser can aid in removing undesired add-ons, whereas critical files are reset. On the other hand, the web browser may not be a problem. The system in itself is vulnerable to attacks that may not show up on the list of extensions within the browser. Conducting a thorough malware scan may help in removing threats and look for problems embedded in the system. It would also be wise to consider updating the current anti-malware software to remain up to date. The browser as well should have default settings that allow automatic updates whenever necessary. Redirect attacks against end-users can be minimized using the above techniques.
The biggest issue with organizations’ web security and vulnerabilities is with third-parties (Ricky & Magalhaes, 2014). For an extended period, organizations and third parties could not be distinguished apart, and most of the blame would fall on the organization. However, advances in technology have enabled enterprises to strengthen their Operating Systems, leaving third-parties to take liability over their flaws. Having a mechanism for receiving security updates is vital for each third-party working with an enterprise. To ensure they keep up with such demands requires constant checks and visibility between both parties. Going into software agreements can hold the third party responsible to meeting up to the requirements of the enterprise. One of the requirements may involve implementing specific security measures such as security update mechanisms. Policies will be out in place to ensure the third-parties conform and deliver the highest quality code. The enterprise should also get actively involved in the development phase of the mechanism and carry out relevant tests (Ricky & Magalhaes, 2014). Afterward, regular checks should take place to ensure the machine is up to date with the recent patches. This will enable the third-parties to match up with the organization. The more control an organization has over its third-parties, the better security they can offer third parties.
Understanding Virtual Private Network (VPN) is a way to ensure that users know how to configure their web browsers securely. VPNs ensure that not even an Internet Service Provider (ISP) can snoop on a user’s activities while online. The technique is an encrypted tunnel created between the user and the service by the VPN server. All the web traffic is steered through the passage, so the information is secure from prying eyes en route. Since the traffic is leaving the VPN server, the PC seems to have the IP address of the said server, concealing the personality and area (Caplinskas, 2015). Organizations can hire an expert to develop a private VPN, but there are also options for acquiring VPN services for workers who work offsite. Users are supposed to configure all their devices to the relevant company VPN before login into the office internet. Due to man-in-the-middle cases where malicious people spy on a network, a VPN is crucial as the traffic does not bear any signs. Setting up and login into a VPN is easy, and the users can be taken through the process as it takes a few minutes. Even with the latest updates, browsers are still vulnerable to several attacks (Jillepalli et al., 2018). A VPN is a way to ensure that privacy over the network is achieved despite other factors such as updates.
In conclusion, web browser security and vulnerability are achievable through measures that involve working with the users and third parties to avoid attacks. Understanding the need to keep off unsecure links that redirect users is one step to prevent phishing attacks by scammers. At the same time, organizations need to employ the use of security measures that can protect users from such threats. Third parties as well are an area to monitor to achieve holistic security across the services given to consumers. It is fair to consider these approaches as most of the business aspects are conducted online today.
References
Caplinskas, M. (2015). 8 Simple Ways to Minimize Online Risk. Entrepreneur. Retrieved from https://www.entrepreneur.com/article/243233
Heiderich, M., Frosch, T., & Holz, T. (2011). Iceshield: Detection and mitigation of malicious websites with a frozen dom. In International Workshop on Recent Advances in Intrusion Detection (pp. 281-300). Springer, Berlin, Heidelberg.
Jillepalli, A. A., Conte de Leon, D., Steiner, S., & Alves-Foss, J. (2018). Analysis of Web Browser Security Configuration Options. KSII Transactions on Internet & Information Systems, 12(12).
Ricky, M. & Magalhaes. (2014). Third-Party Software is a Security Threat. Retrieved from http://techgenix.com/third-party-software-security-threat-part1/