kenpat/comptia-a-plus-core2
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
comptia-a-plus-core2/notes/SEC-11-browser-security.md

314 lines
7.3 KiB
Markdown
Raw Blame History

# SEC-11: Browser Security
Status: not started
Domain:
- 2.0 Security
Objective alignment:
- 2.11 Browser security
## What You Need To Know
Browsers are a major security target because users access email, banking, cloud apps, password resets, downloads, and work systems through them.
The exam wants you to know how to secure:
- Browser installation sources
- Updates and patches
- Extensions and plug-ins
- Password storage
- Certificates and secure connections
- Pop-ups, ads, cache, cookies, and private browsing
- Browser sync and proxy settings
## Memory Trick
Use **D-U-E-C-P**:
- **D**ownload from trusted sources
- **U**pdate the browser
- **E**xtensions only from trusted stores
- **C**ertificates must be valid
- **P**rivacy data can be cleared
Shortcut:
- **Browser trust starts before install and continues with updates.**
## Trusted Browser Downloads
Safe browser installation:
- Go directly to the vendor website or official app store.
- Avoid links in email.
- Avoid random third-party download sites.
- Verify downloads with hashes or signatures when provided.
Hash verification:
- A hash is a fingerprint of a file.
- If the downloaded file hash matches the posted hash, the file likely did not change.
- If it does not match, do not install it.
Exam clue:
- If a user needs to install a browser safely, choose trusted source and hash/signature verification.
## Browser Updates
Browsers need frequent updates because browser vulnerabilities are heavily targeted.
Updates may come from:
- The browser itself
- The operating system update process
- An enterprise software management tool
Best practice:
- Keep automatic updates enabled when possible.
- Restart the browser after updates if required.
Exam clue:
- If the browser has security vulnerabilities or degraded behavior from an old version, update it.
## Extensions and Plug-ins
Extensions add browser features, but they can also steal data.
Trusted sources:
- Official browser extension stores
- Microsoft Store
- Chrome Web Store
- Known vendor websites
Untrusted sources:
- Random websites
- Email links
- Pop-up prompts
- Extensions installed by malware
Possible malicious extension behavior:
- Credential theft
- Screenshot capture
- Keylogging
- Redirecting searches
- Data exfiltration
Best practice:
- Install only necessary extensions.
- Remove unused extensions.
- Review permissions before installing.
## Password Managers
Password managers store credentials in an encrypted vault.
Benefits:
- Unique passwords for each site
- Strong generated passwords
- Easier password hygiene
- Sync across devices when configured
Risk:
- The vault must be protected with a strong master password.
- Browser-saved passwords may be less controlled than enterprise password managers.
Exam clue:
- If the issue is password reuse across many websites, use a password manager.
## Secure Connections and Certificates
HTTPS uses certificates to prove the site identity and protect traffic.
Browser certificate warnings may mean:
- Certificate is expired
- Certificate is for the wrong domain
- Certificate is signed by an untrusted authority
- System date/time is wrong
- A captive portal or inspection device is interfering
Best practice:
- Do not ignore certificate warnings on sensitive sites.
- Check certificate details.
- Check the system date and time.
Exam clue:
- If a browser shows invalid certificate warnings, investigate before entering credentials.
## Pop-Up Blockers and Notifications
Pop-up blockers stop unwanted browser windows or prompts.
Best practice:
- Keep pop-up blocking enabled.
- Allow pop-ups only for trusted sites that require them.
- Disable only temporarily for troubleshooting.
Browser notifications:
- Websites may request permission to send notifications.
- Malicious or low-quality sites can abuse notification prompts.
- Disable unwanted site notifications.
## Clearing Private Data
Browser data can include:
- History
- Cookies
- Cache
- Download list
- Saved form data
- Saved passwords
Cache:
- Stores parts of websites locally.
- Can speed up browsing.
- Can cause stale-page or troubleshooting issues.
Cookies:
- Store session and site data.
- Can keep users signed in.
- Can also be used for tracking.
Best practice:
- Clear cache/cookies when troubleshooting site problems.
- Be careful before clearing saved passwords.
## Private Browsing Mode
Private browsing does not save normal local session history after the window closes.
It can remove:
- Browsing history for that session
- Download history list
- Temporary cache/cookies for that private session
It does not make you invisible to:
- Websites
- Employer/school networks
- Internet provider
- Network logging tools
Exam clue:
- Private browsing is local privacy, not full anonymity.
## Browser Data Synchronization
Browser sync can share data across devices.
Synced items may include:
- Bookmarks
- History
- Extensions
- Passwords
- Settings
Risk:
- A compromised browser account can expose synced data.
- Unwanted extensions may appear on multiple devices.
Best practice:
- Protect sync accounts with MFA.
- Disable sync for sensitive categories if policy requires it.
## Ad Blockers and Proxies
Ad blockers:
- Can reduce ads and some malicious ad risks.
- May break some websites.
- Should come from trusted extension stores.
Proxy:
- Sits between the browser and the destination site.
- Can cache content.
- Can enforce access control.
- Can filter traffic.
- Can be configured manually or by policy.
Exam clue:
- If browsing must be filtered or logged centrally, think proxy or content filtering.
## Commands To Enter
Windows PowerShell:
```powershell
Get-FileHash "$env:USERPROFILE\Downloads\example.exe"
```
What it does:
- Calculates a hash for a downloaded file.
- Replace `example.exe` with a real file name only when you intentionally want to check it.
```powershell
start ms-settings:dateandtime
```
What it does:
- Opens Windows date and time settings.
- Wrong date/time can cause certificate warnings.
```powershell
start chrome://settings/privacy
```
What it does:
- Opens Chrome privacy settings if Chrome is installed.
Linux:
```bash
sha256sum ~/Downloads/example-file
```
What it does:
- Calculates a SHA-256 hash for a downloaded file.
- Replace `example-file` with a real file name only when checking a download.
```bash
date
```
What it does:
- Shows the system date and time.
- Incorrect date/time can cause certificate warnings.
```bash
xdg-open chrome://settings/privacy
```
What it does:
- Attempts to open Chrome privacy settings.
- Works only if a compatible browser handles the URL.
macOS:
```bash
shasum -a 256 ~/Downloads/example-file
```
What it does:
- Calculates a SHA-256 hash for a downloaded file.
```bash
date
```
What it does:
- Shows the system date and time.
```bash
open -b com.apple.Safari
```
What it does:
- Opens Safari.
- Use Safari Settings to inspect privacy, extensions, passwords, and website permissions.
Do not clear saved passwords, remove profiles, or reset browser settings during this section unless you intentionally want those changes.
## Quick Checks
You should be able to answer:
- Why download browsers from trusted sources?
- What does a file hash prove?
- Why do browser updates matter?
- Why are extensions risky?
- What does a certificate warning mean?
- What does private browsing protect, and what does it not protect?
- Why protect browser sync with MFA?
Reference in a new issue View git blame Copy permalink