User:Viveksingh9616
INTRODUCTION
The initial design of internet and web protocols assumed an environment where Servers, clients, and routers cooperate and follow standard protocols except for unintentional Errors. However, as the amount sensitivity of usage increased, concerns about security, fraud and attacks became important. In particular, since currently internet access is widely available, It is very easy for attackers to obtain many client (and even host) connections and addresses, and use them to launch different attacks, both on the networking itself and on other hosts and Clients. Today's attackers are more likely to host their malicious files on the web.
They may even update those files constantly using automated tools. When you are surfing the Internet, it is easy to visit sites you think are safe but are not. These sites can introduce malware when you click the site itself, when you download a file from the site manually and install it, or worse, when you are conned into believing the site you are visiting is a real site, but in fact is nothing More than a fake used to garner your personal information.
From a network security perspective, a browser is essentially a somewhat controlled Hole in your organization’s firewall that leads to the heart of what it is you are trying to protect. While browser designers do try to limit what attackers can do from within a browser, much of the security relies far too heavily on the browser user, who often has other interests besides security. There are limits to what a browser developer can compensate for, and Browser users will not always accept the constraints of security that a browser establishes.
Web Browser:
Web browsers, often referred to just as browsers, are software applications used toLocate and display Web pages on the World Wide Web. While this is the most popular usage,browsers can also be used to access and view content on a private or local network as well.
Most, but not all browsers are graphical browsers, which mean that they can display graphicsas well as text. In addition, most modern browsers can present multimedia information,including sound and video, though they require plug-ins for some formats.
The primary purpose of a web browser is to retrieve information resources and todisplay the information to the user. The major web browsers are Windows Internet Explorer,Mozilla Firefox, Apple Safari, Google Chrome, and Opera.
HOW WEB BROWSERS WORK?
The World Wide Web is a system of Internet servers that support specially formatted documents. Web browsers are used to make it easy to access the World Wide Web. Browsers are able to display Web pages largely in part to an underlying Web protocol called Hyper Text Transfer Protocol. HTTP defines how messages are formatted and transmitted, and what actions Web servers and browsers should take in response to various commands. It is what allows Web clients and Web servers to communicate with
Each other. When you enter a Web address (URL) in your browser, this actually sends an HTTP command to the Web server directing it to fetch and transmit the requested Web page and display the information in your browser. All Web servers serving Web sites and pages support the HTTP protocol.
Open Browser Engineering Issues
Other than the general design of HTTP, HTML, and related mechanisms discussed previously, a handful of browser engineering decisions tend to contribute to a disproportional of day-to-day security woes. Understanding these properties is sometimes important for properly assessing the likelihood and maximum impact of security breaches, and hence determining the safety of user data. Some of the pivotal, open-ended issues include:
· Relatively unsafe core programming languages
· No security compartmentalization
· Inconsistent and haphazard data storage practices
· Web technologies are used in browser chrome
· Inconsistent and overly complex security UIs
WHY BROWSER SECURITY?
The web browser is the primary connection to the rest of the internet, and multipleapplications may rely on the browser, or elements within the browser, to function. This makesthe security settings within the browser even more important. Many web applications try toenhance the browsing experience by enabling different types of functionality, but thisfunctionality might be unnecessary and may leave you susceptible to being attacked. Thesafest policy is to disable the majority of those features unless you decide they are necessary.
If you determine that a siteis trustworthy, you can choose to enable the functionalitytemporarily and then disable it once you are finished visiting the site. While every applicationhas settings that are selected by default, you may discover that the browser also has predefinedsecurity levels that you can select. For example, Internet Explorer offers custom settings thatallow you to select a particular level of security; features are enabled or disabled based on theselection. Even with these guides, it is helpful to have an understanding of what the differentterms mean so that you can evaluate the features to determine which settings are appropriatefor you.
Key features of early browsers included encryption and cookies, which were fine forthe simple uses of the day. These techniques enabled the start of e-commerce, andmonetizing the Web was what brought in the rest of the problems. Attackers who want moneygo where the money is, and there is money to be had on the Web. Today, users expect far morefrom a browser. It should be able to handle sophisticated banking and shopping systems,display a wide variety of media, including video, audio, and animation, interact with thenetwork on a micro scale (such as what happens when you move the cursor over a DVDselection in Netfix and see a summary of the movie), and update in as close to real time as
possible all without divulging sensitive information to bad guys or opening the door forattackers.
Consider AJAX, also known as Asynchronous JavaScript and XML.
A Web page cancontain code that establishes a network connection back to a server and conducts a conversation with that server that might bypass any number of security mechanisms integrated into the browser. The growing popularity of AJAX as a user-interface technique means an enterprise network often allows these connections, so that popular sites can function correctly.
· Ajax is built on Dynamic HTML (DHTML) technologies, including these most common ones:
· JavaScript: JavaScript is a scripting language commonly used in client-slide Web applications.
· Document Object Model (DOM): DOM is a standard object model for representing HTML or XML documents. Most of today's browsers support DOM and allow JavaScript code to read and modify the HTML content dynamically.
· Cascading Style Sheets (CSS): CSS is a style sheet language used to describe the presentation of HTML documents. JavaScript can modify the style sheet at run time, allowing the presentation of the Web page to update dynamically.
WEB BROWSER THREAT
Threat is an indication of impending danger or harm. Today's attackers are more likelyto host their malicious files on the web. They may even update those files constantly usingAutomated tools.
Zero-day exploit: A zero-day (or zero-hour) attack or threat is a computer threat that tries to exploitcomputer application vulnerabilities that are unknown to others, undisclosed to thesoftware vendor, or for which no security fix is available. Zero-day exploits (actual codethat can use a security hole to carry out an attack) are used or shared by attackers beforethe software vendor knows about the vulnerability. The term derives from the age of theexploit. When a vendor becomes aware of a security hole, there is a race to close it beforeattackers discover it or the vulnerability becomes public. A "zero day" attack occurs on orbefore the first or "zeroth" day of vendor awareness, meaning the vendor has not had anyopportunity to disseminate a security fix to users of the software. (In computer science,numbering often starts at zero instead of one.)
Click Jacking :- Click jacking is a malicious technique of tricking Web users into revealing confidential information or taking control of their computer while clicking on seemingly innocuous Web pages. A vulnerability across a variety of browsers and platforms, a clickjacking takes the form of embedded code or script that can execute without the user's knowledge, such as clicking on a button that appears to perform another function. Clickjacking (a term coined by Jeremiah Grossman and Robert Hansen in 2008) can be understood as an instance of the confused deputy problem. Clickjacking, also known as UI redressing, is possible not because of a software bug, but because seemingly harmless features of Web pages can perform unexpected actions. A clickjacked page tricks a user into performing undesired actions by clicking on a concealed link. On a clickjacked page, the attackers show a set of dummy buttons.
The users think that they are clicking the visible buttons, while they are actually performing actions on the hidden page. The hidden page may be an authentic page, and therefore the attackers can trick users into performing actions which the users never intended to do and there is no way of tracing such actions later, as the user was genuinely authenticated on the other page. For example, a user might play a game in which they have to click on some buttons, but another authentic page like a Webmail site from a popular service is loaded in a hidden iframe on top of the game. The iframe will load only if the user has saved the password for its respective site. The buttons in the game are placed such that their positions coincide exactly with the "select all" mail button and then the "delete mail" button. The consequence is that the user unknowingly deleted all the mail in their folder while playing a simple game. Other known exploits have been tricking users to enable their Webcam and microphone through Flash (which has since been corrected by Adobe), tricking users to make their social networking profile information public, making users follow someone on Twitter, etc .
Cross-site Scripting (XSS) : - XSS is a common attack in which an attacker injects a malicious piece of code intoan otherwise benign site. The two basic types of XSS attacks are:
Reflected XSS
Stored XSS
Reflected XSS attack exploits vulnerable Web applications that display input parameters back to the browser without checking for the presence of active content in them.
Stored XSS attack has become more important with the prevalence of Web 2.0. The key of Web 2.0 is sharing, interaction, and collaboration among people, so users have more chance of seeing other (potentially malicious) users' input through services such as social network services (SNS), wikis, or blogs.
Cross-site reference forgery (CSRF ) :- Cross-site request forgery, also known as a one-click attack or session riding and abbreviated as CSRF ("sea-surf") or XSRF, is a type of malicious exploit of a website whereby unauthorized commands are transmitted from a user that the website trusts. Unlike cross-site scripting (XSS), which exploits the trust a user has for a particular site, CSRF exploits the trust that a site has in a user's browser.
The attack works by including a link or script in a page that accesses a site to which the user is known or is supposed) to have authenticated with an credentials scheme provided by server. The following characteristics are common to CSRF:
Involve sites that rely on a user's identityExploit the site's trust in that identityTrick the user's browser into sending HTTP requests to a target site
Where CSRF Target to Get Maximum Success Rate:
The attacker must target either a site that doesn't check the Referrer header (which is common) or a victim with a browser or plugin bug that allows Referrer spoofing (which is rare).
The attacker must target either a site that doesn't check the Referrer header (which is common) or a victim with a browser or plugin bug that allows Referrer spoofing (which is rare).
The attacker must find a form submission at the target site that does something useful to him (e.g., transfers money, or changes the victim's e-mail address or password).
The attacker must determine the right values for all the form inputs: if any of them are required to be secret authentication values or IDs that the attacker can't guess, the attack will fail.
Phishing Attack :-Most methods of phishing use some form of technical deception designed to make a link in an e-mail (and the spoofed website it leads to) appear to belong to the spoofed organization. Misspelled URLs or the use of subdomains are common tricks used by phishers. In the following example URL, http://www.yourbank.example.com/, it appears as though the URL will take you to the example section of the yourbank website; actually this URL points to the "yourbank" (i.e. phishing) section of the example website. Another common trick is to make the anchor text for a link appear to be valid, when the link actually goes to the phishers' site. The following example link, http://en.wikipedia.org/wiki/Genuine, appears to take you to an article entitled "Genuine"; clicking on it will in fact take you to the article entitled "Deception". In the lower left hand corner of most browsers you can preview and verify where the link is going to take you.
What A Browser Designer Should Do?
Proactive and
reactive developers can generate an endless series of software updates. As a
responsible defender, your dilemma is that allowing these updates in to your
users without testing may break applications or even introduce security holes,
but not allowing them may leave your enterprise open to even more serious
attacks. Distributed management provides some help in this area, but all major
browsers are weaker than many defenders would like them to be.
Microsoft provides the free Internet Explorer Administration Kit, which sets
the bar for enterprise browser deployment and management tools, but that bar is
lower than many would care for. FirefoxADM, an open source project for managing
collections of Firefox browsers, is far more limited but a step in the right
direction.
FrontMotion provides a Webbased tool that allows a defender to create packages
with approved software, configuration, and plug-ins for Firefox. All are
available for Windows platforms only. Firefox and Google's Chrome browser have implemented
sandboxes, in which the browser runs code (such as JavaScript or Flash) in a
compartmentalized area of the program that provides only limited resources for
the program and whose design is heavily scrutinized for security flaws.
Internet Explorer uses a zone-based security model, in which securely features
are enabled or disabled depending on the site being accessed. Under Vista,
Internet Explorer runs in what is known as Protected Mode, which limits the operating-system privileges the browser program can exercise.
Open source developers especially must be very careful about designing and implementing sandbox systems, because their sandbox source code is available to the attacker for study and testing. This is, of course, no surprise to the sandbox developers and one reason why open source sandboxes tend to improve quickly. Browser developers have come up with several ways to combat phishing attacks as well, primarily heuristics to detect an attempted visit to a fraudulent site, techniques to aggregate lists of and warn about known phishing sites, and augmentation of login security.
HOW CAN BROWSER MAKERS KEEP USERS AND PROTECT THEM?
There needs to be another control in the browser (in which), for important sites--banking or payment--it refuses to let the users do something, if the certificate is not valid. For simple sites, maybe you give the users the control to continue. We don't do that differentiation these days--there is no difference between an important site...and a site (where you are)looking for information.
The browser does certain checks when the certificate comes in--(it) will check(whether) the name of the certificate and the URL matches or not. The checks are not enough,as there are certain cases where somebody can fool the browser into thinking that this is theright URL. You can design sessions where that check is very tight--where the connection willnot happen--but the general browser basically allows the user to trust things and the userdoesn't understand what that means, of course, so the user will
always say yes.
The current security issues are finally bringing up things that we knew about in the security world a long time ago...because (now) the size of the economy of the Internet is growing. The industry needs to deal with this in a better way. All security protocols allow the use of multiple algorithms because we have to
(design) the protocol (for use) over a long period of time.
Features Of Good Browser :-
Have security features to protect users from common threats of the Internet :
The infamous Internet Explorer from Microsoft included an extremely dangerous feature into the software back in 1996 called ―Active-X‖, which is a specification to enable the execution of software inside the browser. This made it possible for Microsoft to run applications like Excel inside the browser, which gave them an incredible advantage comparing to other browsers. The sad side of things is that also they enabled malware to execute within the browser, opening a horrible opportunity for crackers all over the world, which could exploit the smallest error in the program to enable their own software into the browser. If that happens, you can forget about your privacy because all what you type will be
seen, maybe by a dangerous cracker at Russia.
Be free of charge :
All browsers are now free of charge, so it will be very difficult for someone to charge for this type of software. I have seen people charging for giving people more tools in one place, but not charging ethically for this kind of software.
Respond rapidly to fix any problem of the software :
Open source browsers have a community of programmers devoted to keep
their preferred browser free of errors. These people don’t work for the money
(there isn’t) but for the sake of being in the community that is helping people
to feel secure on the Internet. These people respond very fast to any security
alert, faster than any company could.
Security Implementation & Browser Security
SSL is the protocol between two points, usually browser and server. The weaknesses in the system usually are due to the browser, not the protocol. The protocol says (servers) would identify themselves to each other, and it's up to both sites to accept whether this is a good site or not. Unfortunately, the browser trust model...allows end users to accept things without actually understanding what they are accepting, unrelated to the protocol as it stands. Man-in-the-middle attacks are not actually part of SSL; (they) are network design issues where somebody designs the network and puts in a proxy that makes the browser believe that the server is a different place and then substitutes a different certificate to both sides. All of these problems have to do with browser design rather than security or protocol. It's interesting because SSL gets blamed for all the stuff, but (they are) actually not even related to SSL. (The issue is) which certificate the browser should trust or should not trust. The cookie (incident) has nothing to do with SSL.
The cookie is something that is associated with an HTTP session--it's actually a Web standard. The cookie idea was invented to make sure that you can have a long session on the Web, before SSL (came into the picture). It also turns out that the secure sessions also use same cookie design to maintain sessions. Some cookies are well-designed, and people cannot hijack the sessions. Some cookies are really badly designed. This has nothing to do with the SSL protocol at all. We know very well (which) cookies are good and which cookies are bad, and there are ways to design cookies so that people cannot actually hijack the session.A security researcher has also pointed out that users still log on to sites that have expired SSL certificates, and that poses a problem. Accepting the expired certificate is a browser problem.
Security professionals always struggle with the general public because usability always wins. When you get an expired certificate, the site owner or organization would always prefer to allow the user to do things rather than disallow. This is just an unfortunate fact. From a technical standpoint, (however), it should be the case that the certificate would warn the Web server owner that (it will) expire in seven days (and to) go and get the certificate renewed. There should be a process to do that better, but the automation hasn't happened yet.
Hypertext Transfer Protocol Secure (HTTPS) is a combination of the Hypertext Transfer Protocol and a cryptographic protocol. HTTPS connections are often used for payment transactions on the World Wide Web and for sensitive transactions in corporate information systems.The main idea of HTTPS is to create a secure channel over an insecure network. This ensures reasonable protection from eavesdroppers and man-in-the-middle attacks, provided that adequate cipher suites are used and that the server certificate is verified and trusted.The trust inherent in HTTPS is based on major certificate authorities which come preinstalled in browser software (this is equivalent to saying "I trust certificate authority (e.g.VeriSign/Microsoft/etc.) to tell me who I should trust"). Therefore an HTTPS connection to a website can be trusted if and only if all of the following are true:
1. The user trusts the certificate authority to vouch only for legitimate websites without misleading names. 2. The website provides a valid certificate (an invalid certificate shows a warning in most browsers), which means it was signed by a trusted authority.
3. The certificate correctly identifies the website (e.g. visiting
https://somesite/ and receiving a certificate for "Somesite Inc." and
not "Shomesite Inc." [see #2]).
4. Either the intervening hops on the internet are trustworthy (if so, why are you using HTTPS?), or the user trusts the protocol's encryption layer (TLS or SSL) is unbreakable by an eavesdropper
CONCLUSION
Browsers are at the heart of the Internet experience, and as such they are also at the heart of many of the security problems that plague users and developers alike. As the sensitivity of internet usage increased concerns about security, fraud and attacks became important. There are limits to what a browser developer can compensate for, and browser users will not always accept the constraints of security that a browser establishes. Attack and defense strategies are coevolving, as are the use and threat models. As always, anybody can break into anything if they have sufficient skill, motivation and opportunity. The job of browser developers, network administrators, and browser users is to modulate those three quantities to minimize the number of successful attacks.