IT Security Office

Version 1.1
March, 2021
Contents
1 Introduction ..................................................................................................................................................1
2 Purpose............................................................................................................................................................2
3 Scope ................................................................................................................................................................2
4 Guideline .........................................................................................................................................................2
1 Introduction

A web browser is a computer application used for retrieving, presenting and transmitting
information resources on the World Wide Web(Internet). It is also helpful in accessing
information provided by the web servers within private networks or files in file systems. The
most common web browsers in use are Windows Internet Explorer, Mozilla Firefox and Google
Chrome.

HTTP and HTTPS are the two protocols used to transmit data across the internet and between
websites. HTTP stands for Hypertext Transfer Protocol, while the addition of the 'S' in HTTPS
means it's a secure connection. Although it isn't a security provision in its own right, it
indicates that the transmission of data happens securely using a Secure Socket Layer (SSL)
(also known as a security certificate) so anything sent over the network is done so securely.

Understanding how your web browser works is very important. Sometimes enabling some
web browser features may have a negative effect on the security of the system. Very often,
vendors enable features by default to enhance browsing experience, but this may make the
computer more open to security risks. An attacker can create a malicious web page that will
install Trojans or spyware which can steal your data. A malicious web page that will install
Trojans or spyware which can steal your data. A malicious website can passively compromise
a system when a user clicks on the fake link. This type of attack does not actively target and
attack vulnerable systems. A malicious e-mail can also be sent to victims. This is commonly
known as “phishing”. In such cases, opening the e-mail or attachment can compromise the
system.

Software features such as ActiveX, Java12 , Scripting(JavaScript, VBScript, etc) add value to a
web browser, but can also introduce vulnerabilities to the computer system. This is usually
due to poor implementation, poor design, or bad configuration system. For these reasons, it
is vital that you know which browsers support which features and the risks they bring along.
Some web browsers offer the possibility to fully disable the use of these technologies, while
others may allow you to enable features on a per-site basis.

1
2 Purpose
The purpose of this guideline is to provide guidance on secure configuration and use of web
browsers.

3 Scope
The scope of this guideline is only on web browsers usage, the security risks associated with
them and the controls required to secure them.

4 Guideline
This guideline focus on secure configuration and use of browsers used commonly in BOA’s
environment, namely Microsoft Internet Explorer, Mozilla Firefox and Google Chrome

4.1 Microsoft Internet Explorer

Below are some steps to disable various features in Internet Explorer(IE). Note that menu
options may vary between versions of IE, so you should adapt the steps below as appropriate.

2
 Carefully applying these steps to disable risky features in the IE, you can control risky pieces of browser software called
Active, JavaScript, etc. , Also use the steps to ensure the update of Mozilla Firefox to the latest version
(See fig 4.1)
1. Open Internet Explorer and look for a Gear Icon;

This is the gear

icon

Figure 4.1 The “Gear icon” in IE

3
2. Click on the Gear Icon and go to Tools > Internet Options;( See fig 4.2)

This is internet
option

Figure 4.2 The “internet option” tab in IE

3. Go to security tab and select a zone [which is applicable for the type of connection you have] from four zones
named Internet, Local Intranet, Trusted Sites, Restricted Sites in the “Internet Options” (See fig 4.3); The
“Internet” zone is where all sites firstly start off. The security settings for this zone apply to all the websites that
are not listed in the other security zones. The “High” security setting for this zone means more security.

4
 These are the
zones

Figure 4.3 The “security” tab in IE

4. Increase the Security Level for the selected zone. For better security, set it to “High” (See fig 4.4);
To apply
 first click the internet option ( see number 1)
 then click the “Default Level” button and ( see number 2)
 then drag the slider control up to “High” ( see number 3)

5
 1

3
2

Figure 4.4 The “internet” zone in IE

5. To add or remove sites from the “Trusted sites” zone in internet explorer, (See fig 4.5);
 First click trusted zones ( see number 1)
 Next, click the “Sites” button ( see number 2)
 Next, type trusted sites web address ( see number 3)
 Next, click the “Add” button ( see number 4)

6
 Next, select the site that you want to remove ( see number 5)
 Then, click the “Remove” button( see number 6)
 Then, click “close” button( see number 7)
 Then drag the slider control up to “Medium-High” ( see number 8)

7
 4
3
1
2

5
8
6

Figure 4.5 The “Trusted sites” zone in IE

8
6. To configure cookies in internet explorer, follow the following steps (See fig 4.6);
 Click the “Privacy” tab( see number 1)
 Click the “Advanced” button( see number 2)
 Next, enable “override automatic cookie handling” check box( see
number 3)
 Then select “Prompt” for both first and third-party cookies( see number
4)
 The enable the checkbox “Always allow session cookies” ( see number
5)
 Then click “Ok” button( see number 6)
 Then drag the slider control up to “High” ( see number 7)

9
 1 2

4
6

5
Figure 4.6 The “Privacy” tab in IE

10
7. To configure enable/disable toolbars and Browser Helper Objects(BHOs) in internet
explorer, follow the following steps(See fig 4.7);
 Click the “Advanced” tab( see number 1)
 Next, drag the vertical slider down until you reach ”Enable third-party
browser extensions” option( see number 2)
 Then disable the “Enable third-party browser extensions” option by
clicking on it ( see number 3)
 Next, drag the vertical slider down until you reach “Always show encoded
addresses” and “Play sounds in webpages” option
 Then enable the “Always show encoded addresses” option and disable
“Play sounds in webpages” option
 Next, drag the vertical slider down until you reach ”Use SSL 2.0”, “Use
SSL 3.0” and “Use TLS 1.0” option
 Then disable both ”Use SSL 2.0”, “Use SSL 3.0” and “Use TLS 1.0” option
 Then click “Apply” button ( see number 4)
 Then click “Ok” button ( see number 5)

11
 1

2
3

5 4

Figure 4.7 The “Advanced” tab in IE

12
 8. To delete browser history in internet explorer, follow the following steps (See fig
4.8);
 Click the “General” tab( see number 1)
 Select by single clicking “Delete browsing history on exit” option( see
number 2)
 Then click “Apply” button ( see number 3)
 Then click “Ok” button ( see number 4)

2 4 3

Figure 4.8 The “General” tab in IE

13
4. To ensure the update of Internet Explorer to the latest version, follow the following steps (See fig 4.9);
 Open Internet Explorer browser
 Click the “Gear icon” ( see number 1)
 Click “About Internet Explorer” ( see number 2)
 Ensure the Version in the latest(i.e Version 11 and above) ( see number 3)

3
2

Figure 4.9 The “About Internet Explorer” tab in IE

14
4.2 Mozilla Firefox

 Carefully applying these steps to disable risky features in the Mozilla Firefox. Also use the steps to ensure the update
of Mozilla Firefox to the latest version

1. To edit the settings for Mozilla Firefox, , follow the following steps(See fig 4.10);
 select “Tools”, ( see number 1)
 then “Options...” ( see number 2)

Figure 4.10 The “ Tools ” tab in Mozilla Firefox

9

15
2. to configure security, cookies, Add-ons and browser history in Mozilla Firefox, follow the following
steps(See fig 4.11);
 select “Privacy and Security” tab ( see number 1)

 drag the slider down until you reach “Cookies and Site Data” ( see number 2)

 then enable by selecting the “Delete cookies and site data when firefox is closed” option by single
clicking on it( see number 3)

 Disable by deselecting the “Ask to save logins and passwords for websites” option ( see number 4)

 drag the slider down until you reach “History” ( see number 2)

 then enable by selecting the “Clear history when firefox closes” ( see number 5)

 drag the slider down until you reach “Permissions” ( see number 2)

 then enable by selecting the “Block pop-up windows” and “Warn you when websites try to install
addons” options

 drag the slider down until you reach “Security” ( see number 2)

 then enable by selecting the “Block dangerous and deceptive content”, “Block dangerous download”
and “Warn you about unwanted and uncommon software” options

16
 3

4
2

Figure 4.11 The “Privacy & Security” option in Mozilla Firefox

17
3 To Ensure the update of Mozilla Firefox to the latest version, follow the following steps (See fig 4.12);
 Open Mozilla Firefox browser
 Select “Help” ( see number 1)
 Click “About Firefox” ( see number 2)
 Ensure the Version in the latest(i.e Version 87 and above) ( see number 3)

Figure 4.12 The “About Firefox” tab in Mozilla Firefox

18
4.3 Google Chrome

 Carefully applying these steps to disable risky features in Google Chrome. Also use the steps to update the Google
Chrome

1. To edit the settings for Google Chrome, follow the following steps(See fig 4.13);
 Click the “customize and control google chrome” tab ( see number 1)
 Select “Settings” ( see number 2)
 Click “Setting” tab( see number 3)
 Click “Advanced” tab ( see number 4)
 Click “Privacy and Security” tab( see number 5)
 Then enable “Cookie in Content Settings”, “Safe Browsing” by dragging the slider( see number 6)
 Then enable “Help improve Safe browsing“ by dragging the slider( see number 7)

19
 1
3
2
4

6
5
7

Figure 4.13 The “Privacy & Security” option in Google Chrome

20
2. To edit the “Content Settings” dialog to manage the following settings: cookies, images, JavaScript, plug-ins, pop-ups
for Google Chrome, follow the following steps(See fig 4.14);
 Click the “customize and control google chrome” tab (see fig 4.13, number 1)
 Select “Settings” (see fig 4.13, number 2 )
 Click “Setting” tab(see fig 4.13, number 3)
 Click “Advanced” tab (see fig 4.13, number 4)
 Click “Privacy and Security” tab(see fig 4.13, number 5)
 Click the “Content settings” tab ( see fig 4.14, number 1)
 Then click “cookies” option ( see fig 4.14, number 2)
 Then disable the “blocked” option by dragging the slider ( see fig 4.14, number 3)
 Then Block third-party cookies ( see fig 4.14, number 4)

21
 2

1 3

Figure 4.14 The “content settings” in Google Chrome

22
3. To clear browsing data for Google Chrome, follow the following steps(See fig 4.15);
 Click the “Clear browsing data” tab ( see number 1)
 Then enable the ”Browsing history” option by clicking on it ( see number 2)
 Then enable the ”Download history” option by clicking on it ( see number 3)
 Then enable the ”Cookies and other site data” option by clicking on it ( see number 4)
 Then enable the ”Cached images and files” option by clicking on it ( see number 5)
 Then enable the ”Passwords and other sign-in data” option by clicking on it ( see number 6)

23
 2
3
4
5
6

Figure 4.15 The “clear browsing data” in Google Chrome

24
4. To ensure the update of Google Chrome to the latest version, follow the following steps (See fig 4.16);
 Open Google Chrome browser
 in the top right, click the Customize and control Google Chrome icon( ) ( see number 1)
 Select “Help” ( see number 2)
 Click “About Google Chrome” ( see number 3)
 Ensure the Version in the latest(i.e Version 91 and above) ( see number 4)

3
2
Fig 4.16 The “About Google Chrome” tab in Google Chrome

25