Today, web browsers are a major avenue for cyber-compromise and data breaches. Web browser hardening, through high-granularity and least privilege tailored configurations, can help prevent or mitigate many of these attack avenues. For example, on a classic client desktop infrastructure, an enforced configuration that enables users to use one browser to connect to critical and trusted websites and a different browser for un-trusted sites, with the former restricted to trusted sites and the latter with JavaScript and Plugins disabled by default, may help prevent most JavaScript and Plugin-based attacks to critical enterprise sites. However, most organizations, today, still allow web browsers to run with their default configurations and allow users to use the same browser to connect to trusted and un-trusted sites alike. In this article, we present detailed steps for remotely hardening multiple web browsers in a Windows-based enterprise, for Internet Explorer and Google Chrome. We hope that system administrators use this guide to jump-start an enterprise-wide strategy for implementing high-granularity and least privilege browser hardening. This will help secure enterprise systems at the front-end in addition to the network perimeter.
[1]
Christopher J. Novak,et al.
2009 Data Breach Investigations Report
,
2009
.
[2]
Frederick T. Sheldon,et al.
HERMES: A high-level policy language for high-granularity enterprise-wide secure browser configuration management
,
2016,
2016 IEEE Symposium Series on Computational Intelligence (SSCI).
[3]
Ananth A. Jillepalli,et al.
An Architecture for a Policy-Oriented Web Browser Management System: HiFiPol: Browser
,
2016,
2016 IEEE 40th Annual Computer Software and Applications Conference (COMPSAC).
[4]
Jeremy Moskowitz.
Group Policy: Fundamentals, Security, and the Managed Desktop
,
2010
.
[5]
Frederick T. Sheldon,et al.
Using a knowledge-based security orchestration tool to reduce the risk of browser compromise
,
2016,
2016 IEEE Symposium Series on Computational Intelligence (SSCI).