Only a secure browser enables future-proof work

A secure browser for companies and public authorities

Without a secure browser solution, it will soon be impossible to use the Internet in companies and public authorities. Web browsers are among the most important applications in an organisation.
At first glance, browsers are easy to use; training is therefore usually dispensed with – also with regard to internet security. At the same time, web browsers today are very complex, powerful and feature-rich programmes, which can therefore always have vulnerabilities. As the gateway to the internet, web browsers can pose significant risks to an organisation’s information security and the availability, confidentiality and integrity of its data and systems.
This page provides an overview of the topic “Secure Browser”. To start with: unfortunately, there is no such thing as a 100 per cent secure browser. But there are ways in which companies and public authorities can nevertheless effectively secure the internet use of their employees.

The secure browser “TightGate-Pro” sets new standards in defending attacks from the Internet

Dangers while surfing

In principle, web browsers access potentially harmful data or websites on the internet even on workstations in secured networks. This is because I cannot know with absolute certainty that any resource on the public internet is harmless – even if it was yesterday.
Mostly, links on websites or in e-mails are clicked on without checking the URL behind them; the risks of unknown servers are accepted. But even known and normally trustworthy servers can deliver harmful files (scripts, viruses, Trojans, spyware, etc.) if they have been hacked. Even the DNS system is vulnerable; hacked DNS servers can redirect users to hacker websites unnoticed.
Thus, without appropriate protection, there is always the danger that malicious code will get onto the client computer. The browser is thus one of the most important gateways for attackers to penetrate the workplace computer and from there into the internal network. This is also how the currently most important cyber threat for organisations works: Extortion through ransomware attacks that encrypt (and usually also steal) critical data. Even if no ransom is paid, millions of dollars in damages quickly result from lost production, delays in the supply chain and impaired business relationships

Active content in the browser - problematic

The main problem in terms of security when surfing is active content. In modern web applications, more and more functions are realised through client-side scripting in order to be able to react faster to user interactions. Browsers therefore now provide powerful runtime environments for JavaScript and the newer WebAssembly, which can easily be abused to execute malicious code. This is a serious security problem, because content from the Internet must basically be regarded as untrustworthy.
Disabling or filtering active content is possible, but it restricts the use of many applications too much in terms of functionality and convenience. Therefore, secure browsers must enable the safe use of active content.

The TOP 8 attacks via the browser

This is the most serious type but also the rarest. Occasionally, attackers discover a vulnerability in the browser that allows arbitrary code to execute. The malicious code is executed in the browser when a user visits a compromised website. Browsers are complex software with many subsystems (HTML rendering, JavaScript engine, CSS parser, etc.) and a small programming flaw in them can provide just enough foothold for malicious code to execute. From there, the malicious code has many options – it can download other malicious packages, steal confidential data or wait unnoticed for further instructions from the attacker. The attacker does not even need to compromise a legitimate website to launch such an attack – ad networks have already been used to spread malicious code on otherwise secure websites.

Plug-ins are probably the most well-known vector for drive-by downloads (attacks where code is downloaded and executed on your system without your knowledge). From Flash to Java, even plug-ins from reputable vendors have been repeatedly exploited by malware attacks. As with browser exploits, such vulnerabilities are usually fixed by vendors after a short time, but the number of outdated copies of browser plug-ins is far higher than the number of updated ones.

Advanced persistent threats install malicious programs (e.g. keyloggers) on a computer unnoticed and then steal sensitive data such as access data or take entire screenshots. Sometimes these malicious programs remain undetected for years.
These types of attacks use a variety of methods to get users to install them. Most have nothing directly to do with the browser. For example, the malicious code enters the system via an infected USB stick or a malicious email attachment. However, because so many sensitive interactions occur via the browser, most of these types of attacks place great emphasis on stealing data via the browser.

Attackers who have access to any point in a network connection between a user and the website they are visiting (a “man-in-the-middle”) can observe and modify traffic between the browser and the web servers.
Websites that use TLS (addresses with “https”) make this type of attack more difficult. Encrypted connections make it difficult for attackers to eavesdrop on or change a connection. It is almost impossible for attackers to forge the cryptographic certificate that the server uses to authenticate itself to the browser.
However, attackers know that many users are conditioned to simply click away warnings when they appear. So they can use an invalid/forged certificate and in many cases users will ignore the browser’s warnings.

Attackers can alter/poison the DNS system (a kind of contact list that your browser uses to find the IP address of a website by its name) in several places. A computer caches DNS records and attackers can poison this cache. A special file on the computer can be modified to override DNS servers for certain web addresses. Malicious actors can even compromise DNS servers themselves, forcing them to provide false IP addresses for legitimate websites. Once the attack has occurred, the browser contacts the attacker’s server instead of the legitimate server. Attacks of this type usually target banks by tricking users into giving up their credentials. These are then used to empty the victims’ accounts.

SQL injections have been a known problem for over 10 years. The Open Web Application Security Project (OWASP) lists it in its top 10 threats list. With an SQL injection, attackers can insert SQL commands into a website to access and manipulate data on the server. Attackers can use web forms, cookies or HTTP posts to inject their malicious code into the browser. The goal of this type of attack is usually to steal, delete or manipulate data.

Like SQL injections, cross-site scripting (XSS) attacks use injections to send malicious code to other users. The recipient’s browser thinks the code is legitimate because it comes from a trusted source. Thus, it executes the script, giving the attacker access to cookies and other sensitive information that the browser has stored for use on that website. The attacker can then use this information to impersonate the victim or steal their credentials. The script can sometimes also rewrite the content of HTML pages, which can cause users to click on more malicious links. Websites that accept user-generated content are most vulnerable to this type of attack.

When a user logs into a website, they are given a unique session ID that the website continuously transmits between the user’s device and the server. If this session ID is not properly encrypted, an attacker can intercept it and misuse the session for their own purposes. Users who work in a public or unprotected WLAN are particularly vulnerable to this. Attackers could now carry out a brute force attack to obtain further access data. These brute force attempts become easier if the attacker has already intercepted several session IDs.

Attack via the web browser

The goal of an attack via the browser is either to execute malicious code on the workstation, to send malicious HTTP requests to vulnerable web applications or to induce the user to perform a desired action, such as revealing access data or downloading and executing a file with malicious code themselves.
A common attack option is to load the malicious code onto the workstation (hidden, for example, in an Office or PDF file) and execute it there. This happens, for example, via manipulated and disguised URLs on websites (clickjacking), links in emails or downloads from untrustworthy sources. Through security gaps in browsers, the download can also occur unintentionally simply by visiting a prepared website (drive-by download).
However, malicious code (such as JavaScript or WebAssembly bytecode) can also be executed by the web browser itself. This happens, for example, when visiting pages controlled by attackers (e.g. when clicking on links in fraudulent mails or using hacked web applications). Another danger is so-called cross-site scripting (XSS), when a vulnerable web application forwards data that can be manipulated by users (e.g. form data or prepared links with malicious code) to other users’ browsers without being checked.
If the malicious code is executed, this enables the attackers, for example, to spy on data, download further files (such as encryption software, backdoors or other hacking tools) or manipulate the displayed web content. If a non-secure browser is used or if a web application contains vulnerabilities, attackers can also take over web sessions unnoticed (session hijacking) or steal user data such as passwords and thus cause further damage.

What makes a secure browser?

A secure browser should prevent such attacks – and also new, as yet unknown attack methods – so that internal resources are not endangered by malicious code from the internet. Modern browsers offer a range of technical security mechanisms for this purpose, including encryption and the isolation of web pages, processing procedures and components from each other so that executed malicious code cannot have a major impact.
Nevertheless, hundreds of new security vulnerabilities are discovered in browsers every year, opening up multiple attack vectors. Among the top 30 products with the most vulnerabilities in the Vulnerability Database
CVE Details are all popular browsers, surpassed only by much more complex and extensive operating system software.
In addition, even if there were a browser without vulnerabilities, this would still not mitigate the majority of the attacks described above. If users click on a malware link or log on to a manipulated web application, even a bug-free browser would often not be able to avert the impending damage.
In short: there is no such thing as a “secure browser”, but only “more or less secure” – and unfortunately usually “less secure”. What does this mean for companies and authorities?

Secure Browser: Possible actions for companies and authorities

Browsers are therefore in principle vulnerable to attacks from the internet, but they usually have extensive access to the internal network and thus also to business-critical resources. Companies and public authorities must therefore analyse their concrete security requirements, the IT environment, the expected behaviour of their employees and known threats as part of an individual risk assessment and, on this basis, find the most suitable solution for the topic of “secure browser”.

The German Federal Office for Information Security (BSI) recommends a number of measures with which organisations – depending on their risk situation – can secure their internet use:

  • Low risk: Use a browser that meets the minimum security standard defined by the BSI

  • Medium risk: further measures according to IT-Grundschutz

  • Higher risk (increased need for protection): Running the browser in an isolated environment separate from the internal IT infrastructure.

Mandatory for public authorities: BSI minimum standard for browsers

The BSI has formulated a minimum standard so that browsers can be selected as secure browsers and used on workstations in the federal administration. The BSI explicitly emphasises that the security requirements stated in its minimum standards are also relevant for state administrations and commercial enterprises (source: Federal Government Minimum Standards brochure BSI 2021).

By taking the minimum standard into account, the risks described above are to be minimised. Specifically, the document, which is available as the current version 2.1.4 dated 06.07.2022, describes technical and organisational security requirements for browser products, their providers and their operation. Suitable browsers must therefore not only offer technical security functions, but must also be able to be configured in a secure and data protection-friendly manner – and this must also be enforced in the organisation. The current version can be found here: BSI minimum standard for web browsers.

How many security vulnerabilities did Google's Chrome browser have in 2021?

Too many !

In 2021, the Chrome browser had 308 security vulnerabilities. Considerably too many to surf the internet unprotected.
This is how you do it right

What was the name of the British cryptanalyst who was instrumental in cracking the Germans' ciphers during World War II?

Her name was Joan Clarkes

Her brilliant work as a code-breaker during the Second World War saved countless lives. Her life was filmed in the feature film "The Imitation Game".

What is "social engineering"?

"Social Engineering“

describes a procedure in which the human vulnerability is exploited in order to circumvent security precautions and obtain sensitive information.
More on this topic from the BSI

More than the minimum protection: IT-Grundschutz

In a series of publications entitled “IT-Grundschutz”, the BSI describes procedures with which organisations can achieve a level of protection for their information technology that is appropriate for their individual risks. Concrete instructions are offered in the IT-Grundschutz Compendium offers concrete instructions in numerous so-called “basic IT protection modules”, which are divided into ten “layers”, including applications (APP module), IT systems (SYS), networks and communication (NET), operations (OPS) or security management (ISMS).

The protection of web browsers is described in APP.1.2. Among other things, the security requirements of the minimum standard can be found here. However, suggestions are also given for requirements in the case of increased need for protection.

For example, the browser should check called URLs for potentially harmful content, warn the user of dangers and refuse to call up harmful connections. For increased confidentiality requirements, the browser should run in private mode (without permanent storage of information) and local content should be automatically deleted on exit.

In addition, the BSI recommends the so-called two-browser strategy: two alternative browsers on different platforms offer a fallback option in case of unsolved security problems (lack of patches).

Must in case of increased need for protection: Isolated browser environment

If there is an increased need for protection, the BSI recommends that web browsers should not be installed directly on the workstation, but should be run in an isolated environment (cf. APP.1.2.A9). Isolated systems can be virtualised systems (application or operating system virtualisation). On the other hand, the browser can also be run on a terminal server as a remote-controlled browser system (ReCoBS ) separate from the client workstation.

These possibilities are briefly characterised below. For a more detailed comparison of different internet security concepts, click on the button at the end of the respective box.

Application virtualisation

With application virtualisation, an application is provided with its own virtual runtime environment (sandbox). This makes Internet use more secure because executed malicious code cannot directly access the operating system of the workstation or data of other applications and cannot cause persistent changes. Examples of the technique are Citrix Virtual Apps or HP Wolf Security (formerly Bromium). However, depending on the configuration, the application in the sandbox still has to share certain resources (e.g. RAM, CPU, network) and memory for data exchange with other applications. If the sandbox has a gap, an attacker can directly access the system to be protected. A misconfiguration of the sandbox can also lead to attackers gaining unauthorised access to sensitive data, which then flows off in the direction of the Internet.

Operating system virtualisation

With operating system virtualisation, the virtual environment contains a complete guest operating system in a virtual machine (VM). The isolation of the guest system from the host is thus more comprehensive and the protection against successful attacks higher than with application virtualisation. One example is the virtual surfing environment BitBox ("Browser in the Box"). However, virtualisation techniques, whether sandbox or OS level, were not originally developed for security purposes, but for more efficient resource use. They are susceptible to attacks on lower system levels, for example on the processor architecture (Spectre, Meltdown) and also repeatedly have serious security vulnerabilities themselves. If an attacker succeeds in attacking the lower system level or compromising the virtualisation environment as such, the entire protection is invalidated.

Remote-Controlled Browser System (ReCoBS)

The best way to secure a secure browser is to have a dedicated environment for secure browsing. ReCoBS pursues such an approach by decoupling the browser from the workstation to be protected and running it on its own ReCoBS server, which is located outside the internal network in a DMZ. In this way, the workstation computers are better shielded from attacks than with operating system virtualisation or sandboxing. Attacks on the lower system level also come to nothing with a ReCoBS, since the data to be protected is not stored on the ReCoBS server or accessible from there. A professional ReCoBS such as TightGate-Pro thus sustainably protects large companies and authorities from all kinds of attacks via the browser. TightGate-Pro is much easier to administer than sandboxing solutions or solutions for operating system virtualisation.