locked
Web Browser Security RRS feed

  • Question

  • Hi All,

    We are looking for the solution on the Web Browser security mainly for Internet explorer , Mozilla Firefox and Google Chrome using of Group policy. I have tried to implement the browser security using Administrative templates (ADMX files) of respective browsers. 

    But i am not sure which options should be disable or enable for making  my web browsers more secure. 

    Kindly suggest. 

    Thanks in advance. 

    Thanks & Regards,

    Ashwini Meshram


    Thanks & Regards, Ashwini Meshram

    Wednesday, October 29, 2014 11:24 AM

All replies

  • the most secure web browser is the one that cannot access the web.All access that is allowed, should be supported by a requirement. At least, that is the theory.

    In practice most environments do not want to limit functionality (too much) but still want to retain security. Most important guidelines are in my opinion:

    • to keep the software (OS and browser) up-to-date
    • to configure the browser not to accept plugins, toolbars, extensions,... configured by the user
    • to configure the browser to not run scripts, activeX,
    • to not install flash/java if possible
    • to limit websites the user can visit (proxy, content filter,...)

    Internet explorer comes with "security zones" concept. You can configure the internet zone to High security level (or medium high) this will configure all settigns in a recommended way (from point of security, not usability) You can tune down to improve usability if needed.

    I would also like to stress security recommendations do change, and in most cases Microsoft follows these in patches/new versions (of guidance and software). Configuring a gpo with detailed settings now and forgetting about it for the upcoming years will surely be a security issue.

    Also, keep in mind malware evolves, you should have multiple lines of defense to protect the end-user computer: a proxy server with security filter, a secure browser and client applications like antivirus, antimalware and EMET.

    To find security guidance for specific GPO settings, I would like to refer to the security techcenter and security guidance. Microsoft distributes security baselines, which are sort of best practices for configuration of devices in differnt roles. Also take a look at security guidance that is published by third parties like NIST, NSA, CIS,...

    For security guidance for third party browsers the same principle applies: do not cook your own security, but rely on recommendations of the vendor(s) and of security experts.


    MCP/MCSA/MCTS/MCITP

    Wednesday, October 29, 2014 12:03 PM