Visible to the public Hardening the Client-Side: A Guide to Enterprise-Level Hardening of Web Browsers

TitleHardening the Client-Side: A Guide to Enterprise-Level Hardening of Web Browsers
Publication TypeConference Paper
Year of Publication2017
AuthorsJillepalli, A. A., Leon, D. C. d, Steiner, S., Sheldon, F. T., Haney, M. A.
Conference Name2017 IEEE 15th Intl Conf on Dependable, Autonomic and Secure Computing, 15th Intl Conf on Pervasive Intelligence and Computing, 3rd Intl Conf on Big Data Intelligence and Computing and Cyber Science and Technology Congress(DASC/PiCom/DataCom/CyberSciTech)
Date Publishednov
Keywordsattack avenues, Browsers, business data processing, classic client desktop infrastructure, Computers, critical enterprise sites, critical trusted websites, cyber-compromise, cybersecurity, data breaches, default configurations, enforced configuration, enterprise-level hardening, enterprise-wide strategy, Google Chrome, Hardening, high-granularity tailored configurations, Internet, Internet Explorer, JavaScript attacks, least privilege, least privilege browser hardening, least privilege tailored configurations, multiple web browsers, online front-ends, Organizations, phishing, Plugin-based attacks, pubcrawl, Resiliency, Scalability, Secure Configuration, security, Security by Default, security of data, Servers, Tools, un-trusted sites, Vegetation, web browser hardening, Web browsers, Web sites, Windows-based enterprise
AbstractToday, web browsers are a major avenue for cyber-compromise and data breaches. Web browser hardening, through high-granularity and least privilege tailored configurations, can help prevent or mitigate many of these attack avenues. For example, on a classic client desktop infrastructure, an enforced configuration that enables users to use one browser to connect to critical and trusted websites and a different browser for un-trusted sites, with the former restricted to trusted sites and the latter with JavaScript and Plugins disabled by default, may help prevent most JavaScript and Plugin-based attacks to critical enterprise sites. However, most organizations, today, still allow web browsers to run with their default configurations and allow users to use the same browser to connect to trusted and un-trusted sites alike. In this article, we present detailed steps for remotely hardening multiple web browsers in a Windows-based enterprise, for Internet Explorer and Google Chrome. We hope that system administrators use this guide to jump-start an enterprise-wide strategy for implementing high-granularity and least privilege browser hardening. This will help secure enterprise systems at the front-end in addition to the network perimeter.
Citation Keyjillepalli_hardening_2017