Why are web browser security settings important?

Your web browser is your primary connection to the rest of the internet, and multiple applications may rely on your browser, or elements within your browser, to function.

This makes the security settings within your browser even more important.

Many web applications try to enhance your browsing experience by enabling different types of functionality, but this functionality might be unnecessary and may leave you susceptible to being attacked.

The safest policy is to disable the majority of those features unless you decide they are necessary.

If you determine that a site is trustworthy, you can choose to enable the functionality temporarily and then disable it once you are finished visiting the site.

Where can you find the web browser security settings?

Each web browser is different, so you may have to look around. For example, on Microsoft Edge and Google Chrome, you can find them by clicking the ellipses button (three dots) on the top right on the browser, selecting Settings..., choosing the Privacy and Security tab, and adjust settings accordingly.

However, in Firefox, depending on whether you have the menu bar or not, you click Tools on the menu bar and select Options, or click on the three bars on the top right of the browser window and select  Options or Settings (for newer versions of Firefox). Use the Privacy & Security tab to explore the security options of Standard, Strict, or Custom.

Browsers have different security options and configurations, so familiarize yourself with the menu options, check the help feature, or refer to the vendor’s web site.

Even with these guides, it is helpful to have an understanding of what the different terms mean so that you can evaluate the features to determine which settings are appropriate for you.

How do you know what your web browser security settings should be?

Ideally, you would set your security for the highest level possible. However, restricting certain features may limit some web pages from loading or functioning properly.

The best approach is to adopt the highest level of security and only enable features when you require their functionality.

What do the different terms mean?

Different browsers use different terms, but here are some terms and options you may find:

• Zones

  Your browser may give you the option of putting web sites into different segments, or zones, and allow you to define different security restrictions for each zone.For example, Internet Explorer identifies the following zones:

  • Internet – This is the general zone for all public web sites.
    To give you the best protection as you browse, you should set the security to the highest level; at the very least, you should maintain a medium level.
  • Local intranet – If you are in an office setting that has its own intranet, this zone contains those internal pages.
    This is an optional zone but may be useful if you personally maintain multiple web sites or if your organization has multiple sites.
    Even if you trust them, avoid applying low security levels to external sites—if they are attacked, you might also become a victim.
  • Restricted sites – If there are particular sites you think might not be safe, you can identify them and define heightened security settings.
    Because the security settings may not be enough to protect you, the best precaution is to avoid navigating to any sites that make you question whether or not they’re safe.

• JavaScript

  Some web sites rely on web scripts such as JavaScript to achieve a certain appearance or functionality, but these scripts may be used in attacks (see Browsing Safely: Understanding Active Content and Cookies for more information).

• Java and ActiveX controls

  These programs are used to develop or execute active content that provides some functionality, but they may put you at risk (see Browsing Safely: Understanding Active Content and Cookies for more information).

• The Right Plug-ins Can Boost Web Browser Security
  

  Sometimes browsers require the installation of additional software known as plug-ins to provide additional functionality.

You may also find options that allow you to take the following security measures:

• Manage cookies to enhance web browser security
  

  You can disable, restrict, or allow cookies as appropriate. Generally, it is best to disable cookies and then enable them if you visit a site you trust that requires them.

• Increase Web Browser Security By Blocking Pop-up Windows

  Although turning this feature on could restrict the functionality of certain web sites, it will also minimize the number of pop-up ads you receive, some of which may be malicious. Major web browsers like Firefox and Chrome have applications or add-ons like uBlock Origins, NoScript, Privacy Guard, etc. that you can install to help you lock down your web browser.

• Use different web browsers for specific needs
  

  One of the best ways to protect yourself from malicious Internet attacks is to use a different web browser with security settings configured for that purpose. For example, you can use one web browser with standard settings for banking and sensitive websites and use a more locked down browser for general Internet browsing and shopping.

Stay safe out there folks.

Authors:
Mindi McDowell and Jason Rafail

 Cybersecurity and Infrastructure Security Agency (CISA).

Tech Prognosis is a trusted IT Services provider in Round Rock, Texas that specializes in providing information technology (I.T.) support for small businesses.