Initial Core 2 study project

notes/SEC-11-browser-security.md

@@ -0,0 +1,314 @@
+# SEC-11: Browser Security
+
+Status: not started
+
+Domain:
+- 2.0 Security
+
+Objective alignment:
+- 2.11 Browser security
+
+## What You Need To Know
+
+Browsers are a major security target because users access email, banking, cloud apps, password resets, downloads, and work systems through them.
+
+The exam wants you to know how to secure:
+- Browser installation sources
+- Updates and patches
+- Extensions and plug-ins
+- Password storage
+- Certificates and secure connections
+- Pop-ups, ads, cache, cookies, and private browsing
+- Browser sync and proxy settings
+
+## Memory Trick
+
+Use **D-U-E-C-P**:
+
+- **D**ownload from trusted sources
+- **U**pdate the browser
+- **E**xtensions only from trusted stores
+- **C**ertificates must be valid
+- **P**rivacy data can be cleared
+
+Shortcut:
+- **Browser trust starts before install and continues with updates.**
+
+## Trusted Browser Downloads
+
+Safe browser installation:
+- Go directly to the vendor website or official app store.
+- Avoid links in email.
+- Avoid random third-party download sites.
+- Verify downloads with hashes or signatures when provided.
+
+Hash verification:
+- A hash is a fingerprint of a file.
+- If the downloaded file hash matches the posted hash, the file likely did not change.
+- If it does not match, do not install it.
+
+Exam clue:
+- If a user needs to install a browser safely, choose trusted source and hash/signature verification.
+
+## Browser Updates
+
+Browsers need frequent updates because browser vulnerabilities are heavily targeted.
+
+Updates may come from:
+- The browser itself
+- The operating system update process
+- An enterprise software management tool
+
+Best practice:
+- Keep automatic updates enabled when possible.
+- Restart the browser after updates if required.
+
+Exam clue:
+- If the browser has security vulnerabilities or degraded behavior from an old version, update it.
+
+## Extensions and Plug-ins
+
+Extensions add browser features, but they can also steal data.
+
+Trusted sources:
+- Official browser extension stores
+- Microsoft Store
+- Chrome Web Store
+- Known vendor websites
+
+Untrusted sources:
+- Random websites
+- Email links
+- Pop-up prompts
+- Extensions installed by malware
+
+Possible malicious extension behavior:
+- Credential theft
+- Screenshot capture
+- Keylogging
+- Redirecting searches
+- Data exfiltration
+
+Best practice:
+- Install only necessary extensions.
+- Remove unused extensions.
+- Review permissions before installing.
+
+## Password Managers
+
+Password managers store credentials in an encrypted vault.
+
+Benefits:
+- Unique passwords for each site
+- Strong generated passwords
+- Easier password hygiene
+- Sync across devices when configured
+
+Risk:
+- The vault must be protected with a strong master password.
+- Browser-saved passwords may be less controlled than enterprise password managers.
+
+Exam clue:
+- If the issue is password reuse across many websites, use a password manager.
+
+## Secure Connections and Certificates
+
+HTTPS uses certificates to prove the site identity and protect traffic.
+
+Browser certificate warnings may mean:
+- Certificate is expired
+- Certificate is for the wrong domain
+- Certificate is signed by an untrusted authority
+- System date/time is wrong
+- A captive portal or inspection device is interfering
+
+Best practice:
+- Do not ignore certificate warnings on sensitive sites.
+- Check certificate details.
+- Check the system date and time.
+
+Exam clue:
+- If a browser shows invalid certificate warnings, investigate before entering credentials.
+
+## Pop-Up Blockers and Notifications
+
+Pop-up blockers stop unwanted browser windows or prompts.
+
+Best practice:
+- Keep pop-up blocking enabled.
+- Allow pop-ups only for trusted sites that require them.
+- Disable only temporarily for troubleshooting.
+
+Browser notifications:
+- Websites may request permission to send notifications.
+- Malicious or low-quality sites can abuse notification prompts.
+- Disable unwanted site notifications.
+
+## Clearing Private Data
+
+Browser data can include:
+- History
+- Cookies
+- Cache
+- Download list
+- Saved form data
+- Saved passwords
+
+Cache:
+- Stores parts of websites locally.
+- Can speed up browsing.
+- Can cause stale-page or troubleshooting issues.
+
+Cookies:
+- Store session and site data.
+- Can keep users signed in.
+- Can also be used for tracking.
+
+Best practice:
+- Clear cache/cookies when troubleshooting site problems.
+- Be careful before clearing saved passwords.
+
+## Private Browsing Mode
+
+Private browsing does not save normal local session history after the window closes.
+
+It can remove:
+- Browsing history for that session
+- Download history list
+- Temporary cache/cookies for that private session
+
+It does not make you invisible to:
+- Websites
+- Employer/school networks
+- Internet provider
+- Network logging tools
+
+Exam clue:
+- Private browsing is local privacy, not full anonymity.
+
+## Browser Data Synchronization
+
+Browser sync can share data across devices.
+
+Synced items may include:
+- Bookmarks
+- History
+- Extensions
+- Passwords
+- Settings
+
+Risk:
+- A compromised browser account can expose synced data.
+- Unwanted extensions may appear on multiple devices.
+
+Best practice:
+- Protect sync accounts with MFA.
+- Disable sync for sensitive categories if policy requires it.
+
+## Ad Blockers and Proxies
+
+Ad blockers:
+- Can reduce ads and some malicious ad risks.
+- May break some websites.
+- Should come from trusted extension stores.
+
+Proxy:
+- Sits between the browser and the destination site.
+- Can cache content.
+- Can enforce access control.
+- Can filter traffic.
+- Can be configured manually or by policy.
+
+Exam clue:
+- If browsing must be filtered or logged centrally, think proxy or content filtering.
+
+## Commands To Enter
+
+Windows PowerShell:
+
+```powershell
+Get-FileHash "$env:USERPROFILE\Downloads\example.exe"
+```
+
+What it does:
+- Calculates a hash for a downloaded file.
+- Replace `example.exe` with a real file name only when you intentionally want to check it.
+
+```powershell
+start ms-settings:dateandtime
+```
+
+What it does:
+- Opens Windows date and time settings.
+- Wrong date/time can cause certificate warnings.
+
+```powershell
+start chrome://settings/privacy
+```
+
+What it does:
+- Opens Chrome privacy settings if Chrome is installed.
+
+Linux:
+
+```bash
+sha256sum ~/Downloads/example-file
+```
+
+What it does:
+- Calculates a SHA-256 hash for a downloaded file.
+- Replace `example-file` with a real file name only when checking a download.
+
+```bash
+date
+```
+
+What it does:
+- Shows the system date and time.
+- Incorrect date/time can cause certificate warnings.
+
+```bash
+xdg-open chrome://settings/privacy
+```
+
+What it does:
+- Attempts to open Chrome privacy settings.
+- Works only if a compatible browser handles the URL.
+
+macOS:
+
+```bash
+shasum -a 256 ~/Downloads/example-file
+```
+
+What it does:
+- Calculates a SHA-256 hash for a downloaded file.
+
+```bash
+date
+```
+
+What it does:
+- Shows the system date and time.
+
+```bash
+open -b com.apple.Safari
+```
+
+What it does:
+- Opens Safari.
+- Use Safari Settings to inspect privacy, extensions, passwords, and website permissions.
+
+Do not clear saved passwords, remove profiles, or reset browser settings during this section unless you intentionally want those changes.
+
+## Quick Checks
+
+You should be able to answer:
+- Why download browsers from trusted sources?
+- What does a file hash prove?
+- Why do browser updates matter?
+- Why are extensions risky?
+- What does a certificate warning mean?
+- What does private browsing protect, and what does it not protect?
+- Why protect browser sync with MFA?
+