Welcome to “Safe Browsing Practices: Plug-ins, Extensions, and Toolbars.” After watching this video, you will be able to: configure a browser for a secure browsing experience, identify secure and insecure websites, and explain how to manage plug-ins, extensions, and toolbars. In today’s remote and cloud-based world, the browser has become an important tool in our daily lives. Google Chrome, Microsoft Edge, Mozilla Firefox, and Apple Safari are the most common. Browsers are often pre-installed, but are not typically set up in the most secure way. The Internet has many risks, so it is vital to configure and maintain browser security so you can protect against those risks. Security zones are a feature of older browsers. They block or allow websites and confine them to different zones such as the local network, Internet, or intranet. For each zone, you could apply different security levels. For example, medium, high, or custom. Security zones can also be configured to allow ActiveX and Java for added website interactivity or functionality. But this can introduce risk. Modern browsers do not use zones. But older web apps may require you to enable ActiveX in order to run properly. Browser add-ons have evolved over the years. Toolbars were designed to add functionality to the browser like spellcheck, autofill, yellow pages, and dictionaries. But most toolbars were considered nuisance-ware. Some would show sponsored results instead of what you originally searched for, or they’d impede system performance. Some even installed malware, tracked browsing habits, and collected user data. Toolbars used to be forcibly installed on user devices during software installation processes. Fortunately, toolbars are a thing of the past. Plug-ins are site-specific browser add-ons that you click on to install. They are not supported in today’s modern browsers, in favor of extensions. A browser extension is a small piece of source code that adds a function or feature to a browser. Ad-blockers and in-browser PDF readers are extensions. Since extensions are given special authorizations within the browser, they are attractive targets for attackers. Cookies are text files with small pieces of data. When you visit a site, the server creates a cookie and saves it on your browser to track you. Cookies let websites remember your logins, shopping carts, and more. This creates an easier, more personalized online experience. Most cookies are safe, but some are designed to track without consent. Even legitimate cookies can be harmful if you get hacked. Let’s look at some different types. Session cookies are used only for one session. They are stored in RAM and are automatically deleted when the browsing session ends. Persistent cookies remain on a computer indefinitely. But, some have expiration dates. Authentication cookies save logins, usernames, and passwords so you don’t have to remember them. Tracking cookies track multiple visits to the same site over time. Online stores use these to see how you shop and send targeted ads. First-party cookies are from the site you are on. These are safer on reputable sites. Third-party cookies are from sites you are not on. These track you across the web. Ads can generate cookies, even if you never click on them. Zombie cookies are third-party cookies that don’t follow normal cookie protocols. They can store their code directly on your device to recreate themselves even after deletion. They are extremely difficult to remove. Websites may also use zombie cookies to ban specific users. Security certificates, or secure sockets layer (SSL) certificates, authenticate a website’s identity and enable an encrypted connection between a web server and a browser. SSL certificates come from organizations called root certificate stores or Certificates of Authority, commonly called a CA. The major root certificate stores are Apple, Microsoft, Mozilla, and Google. Which CA your device uses depends on the operating system it’s running. When you browse a website using HTTPS, you’re trusting the CA to validate the information submitted by the business who has requested an SSL certificate. Businesses need SSL security certificates for their websites so they can keep user data secure, verify their ownership of the site, prevent attackers from creating fake versions of their site, and to convey trust to users. They also need them if they want to have an HTTPS web address. When you see a lock icon in the address bar of a URL you visited, then you know that website is using HTTPS. Because browsers are a favorite target for hackers, keeping them updated is very important. Browsers, by default, automatically update themselves. The updates are installed and applied when you restart your browser. If your desktop or laptop is part of a corporate network, your IT department may be managing the configuration and manually applying updates to the browsers installed on your system. On mobile devices, you may enable or disable updates occurring over metered (or cellular) connections and apply them upon the restart of your browser. Updating over a cellular connection can incur charges. Otherwise, they will update automatically when connected to Wi-Fi. In this video, you learned that: Hackers target browsers because they are the gateway between your device and the outside world. Updating browsers and properly managing cookies and extensions helps keep your data secure. SSL Security Certificates and Certificates of Authority prove a website is who it says it is. And HTTPS can guarantee an encrypted connection but cannot guarantee that a site is not compromised.
