Only a secure browser enables future-proof work
A secure browser for companies and public authorities
Without a secure browser solution, it will soon be impossible to use the Internet in companies and public authorities. Web browsers are among the most important applications in an organisation.
At first glance, browsers are easy to use; training is therefore usually dispensed with – also with regard to internet security. At the same time, web browsers today are very complex, powerful and feature-rich programmes, which can therefore always have vulnerabilities. As the gateway to the internet, web browsers can pose significant risks to an organisation’s information security and the availability, confidentiality and integrity of its data and systems.
This page provides an overview of the topic “Secure Browser”. To start with: unfortunately, there is no such thing as a 100 per cent secure browser. But there are ways in which companies and public authorities can nevertheless effectively secure the internet use of their employees.
The secure browser “TightGate-Pro” sets new standards in defending attacks from the Internet
Dangers while surfing
In principle, web browsers access potentially harmful data or websites on the internet even on workstations in secured networks. This is because I cannot know with absolute certainty that any resource on the public internet is harmless – even if it was yesterday.
Mostly, links on websites or in e-mails are clicked on without checking the URL behind them; the risks of unknown servers are accepted. But even known and normally trustworthy servers can deliver harmful files (scripts, viruses, Trojans, spyware, etc.) if they have been hacked. Even the DNS system is vulnerable; hacked DNS servers can redirect users to hacker websites unnoticed.
Thus, without appropriate protection, there is always the danger that malicious code will get onto the client computer. The browser is thus one of the most important gateways for attackers to penetrate the workplace computer and from there into the internal network. This is also how the currently most important cyber threat for organisations works: Extortion through ransomware attacks that encrypt (and usually also steal) critical data. Even if no ransom is paid, millions of dollars in damages quickly result from lost production, delays in the supply chain and impaired business relationships
Active content in the browser - problematic
Disabling or filtering active content is possible, but it restricts the use of many applications too much in terms of functionality and convenience. Therefore, secure browsers must enable the safe use of active content.
The TOP 8 attacks via the browser
Plug-ins are probably the most well-known vector for drive-by downloads (attacks where code is downloaded and executed on your system without your knowledge). From Flash to Java, even plug-ins from reputable vendors have been repeatedly exploited by malware attacks. As with browser exploits, such vulnerabilities are usually fixed by vendors after a short time, but the number of outdated copies of browser plug-ins is far higher than the number of updated ones.
Advanced persistent threats install malicious programs (e.g. keyloggers) on a computer unnoticed and then steal sensitive data such as access data or take entire screenshots. Sometimes these malicious programs remain undetected for years.
These types of attacks use a variety of methods to get users to install them. Most have nothing directly to do with the browser. For example, the malicious code enters the system via an infected USB stick or a malicious email attachment. However, because so many sensitive interactions occur via the browser, most of these types of attacks place great emphasis on stealing data via the browser.
Attackers who have access to any point in a network connection between a user and the website they are visiting (a “man-in-the-middle”) can observe and modify traffic between the browser and the web servers.
Websites that use TLS (addresses with “https”) make this type of attack more difficult. Encrypted connections make it difficult for attackers to eavesdrop on or change a connection. It is almost impossible for attackers to forge the cryptographic certificate that the server uses to authenticate itself to the browser.
However, attackers know that many users are conditioned to simply click away warnings when they appear. So they can use an invalid/forged certificate and in many cases users will ignore the browser’s warnings.
Attackers can alter/poison the DNS system (a kind of contact list that your browser uses to find the IP address of a website by its name) in several places. A computer caches DNS records and attackers can poison this cache. A special file on the computer can be modified to override DNS servers for certain web addresses. Malicious actors can even compromise DNS servers themselves, forcing them to provide false IP addresses for legitimate websites. Once the attack has occurred, the browser contacts the attacker’s server instead of the legitimate server. Attacks of this type usually target banks by tricking users into giving up their credentials. These are then used to empty the victims’ accounts.
SQL injections have been a known problem for over 10 years. The Open Web Application Security Project (OWASP) lists it in its top 10 threats list. With an SQL injection, attackers can insert SQL commands into a website to access and manipulate data on the server. Attackers can use web forms, cookies or HTTP posts to inject their malicious code into the browser. The goal of this type of attack is usually to steal, delete or manipulate data.
Like SQL injections, cross-site scripting (XSS) attacks use injections to send malicious code to other users. The recipient’s browser thinks the code is legitimate because it comes from a trusted source. Thus, it executes the script, giving the attacker access to cookies and other sensitive information that the browser has stored for use on that website. The attacker can then use this information to impersonate the victim or steal their credentials. The script can sometimes also rewrite the content of HTML pages, which can cause users to click on more malicious links. Websites that accept user-generated content are most vulnerable to this type of attack.
When a user logs into a website, they are given a unique session ID that the website continuously transmits between the user’s device and the server. If this session ID is not properly encrypted, an attacker can intercept it and misuse the session for their own purposes. Users who work in a public or unprotected WLAN are particularly vulnerable to this. Attackers could now carry out a brute force attack to obtain further access data. These brute force attempts become easier if the attacker has already intercepted several session IDs.
Attack via the web browser
The goal of an attack via the browser is either to execute malicious code on the workstation, to send malicious HTTP requests to vulnerable web applications or to induce the user to perform a desired action, such as revealing access data or downloading and executing a file with malicious code themselves.
A common attack option is to load the malicious code onto the workstation (hidden, for example, in an Office or PDF file) and execute it there. This happens, for example, via manipulated and disguised URLs on websites (clickjacking), links in emails or downloads from untrustworthy sources. Through security gaps in browsers, the download can also occur unintentionally simply by visiting a prepared website (drive-by download).
If the malicious code is executed, this enables the attackers, for example, to spy on data, download further files (such as encryption software, backdoors or other hacking tools) or manipulate the displayed web content. If a non-secure browser is used or if a web application contains vulnerabilities, attackers can also take over web sessions unnoticed (session hijacking) or steal user data such as passwords and thus cause further damage.
What makes a secure browser?
A secure browser should prevent such attacks – and also new, as yet unknown attack methods – so that internal resources are not endangered by malicious code from the internet. Modern browsers offer a range of technical security mechanisms for this purpose, including encryption and the isolation of web pages, processing procedures and components from each other so that executed malicious code cannot have a major impact.
Nevertheless, hundreds of new security vulnerabilities are discovered in browsers every year, opening up multiple attack vectors. Among the top 30 products with the most vulnerabilities in the Vulnerability Database CVE Details are all popular browsers, surpassed only by much more complex and extensive operating system software.
In addition, even if there were a browser without vulnerabilities, this would still not mitigate the majority of the attacks described above. If users click on a malware link or log on to a manipulated web application, even a bug-free browser would often not be able to avert the impending damage.
In short: there is no such thing as a “secure browser”, but only “more or less secure” – and unfortunately usually “less secure”. What does this mean for companies and authorities?
Secure Browser: Possible actions for companies and authorities
Browsers are therefore in principle vulnerable to attacks from the internet, but they usually have extensive access to the internal network and thus also to business-critical resources. Companies and public authorities must therefore analyse their concrete security requirements, the IT environment, the expected behaviour of their employees and known threats as part of an individual risk assessment and, on this basis, find the most suitable solution for the topic of “secure browser”.
The German Federal Office for Information Security (BSI) recommends a number of measures with which organisations – depending on their risk situation – can secure their internet use:
Low risk: Use a browser that meets the minimum security standard defined by the BSI
Medium risk: further measures according to IT-Grundschutz
Higher risk (increased need for protection): Running the browser in an isolated environment separate from the internal IT infrastructure.
Mandatory for public authorities: BSI minimum standard for browsers
The BSI has formulated a minimum standard so that browsers can be selected as secure browsers and used on workstations in the federal administration. The BSI explicitly emphasises that the security requirements stated in its minimum standards are also relevant for state administrations and commercial enterprises (source: Federal Government Minimum Standards brochure BSI 2021).
By taking the minimum standard into account, the risks described above are to be minimised. Specifically, the document, which is available as the current version 2.1.4 dated 06.07.2022, describes technical and organisational security requirements for browser products, their providers and their operation. Suitable browsers must therefore not only offer technical security functions, but must also be able to be configured in a secure and data protection-friendly manner – and this must also be enforced in the organisation. The current version can be found here: BSI minimum standard for web browsers.
More than the minimum protection: IT-Grundschutz
In a series of publications entitled “IT-Grundschutz”, the BSI describes procedures with which organisations can achieve a level of protection for their information technology that is appropriate for their individual risks. Concrete instructions are offered in the IT-Grundschutz Compendium offers concrete instructions in numerous so-called “basic IT protection modules”, which are divided into ten “layers”, including applications (APP module), IT systems (SYS), networks and communication (NET), operations (OPS) or security management (ISMS).
The protection of web browsers is described in APP.1.2. Among other things, the security requirements of the minimum standard can be found here. However, suggestions are also given for requirements in the case of increased need for protection.
For example, the browser should check called URLs for potentially harmful content, warn the user of dangers and refuse to call up harmful connections. For increased confidentiality requirements, the browser should run in private mode (without permanent storage of information) and local content should be automatically deleted on exit.
In addition, the BSI recommends the so-called two-browser strategy: two alternative browsers on different platforms offer a fallback option in case of unsolved security problems (lack of patches).
Must in case of increased need for protection: Isolated browser environment
If there is an increased need for protection, the BSI recommends that web browsers should not be installed directly on the workstation, but should be run in an isolated environment (cf. APP.1.2.A9). Isolated systems can be virtualised systems (application or operating system virtualisation). On the other hand, the browser can also be run on a terminal server as a remote-controlled browser system (ReCoBS ) separate from the client workstation.
These possibilities are briefly characterised below. For a more detailed comparison of different internet security concepts, click on the button at the end of the respective box.