220-1202 Security Study Guide for the CompTIA A+ Core Series Exam

Social Engineering Attacks

For this test, you should be able to compare and contrast different types of social engineering attacks, threats and related vulnerabilities. In the following section, we will cover the essential details about these issues.

Social Engineering

Social engineering is the act of manipulating individuals into giving unauthorized access to a building or room or disclosing private information.

Phishing

Phishing is the most common type of social engineering. In a phishing attack, the attacker sends a fraudulent email pretending to be from a legitimate source, such as a colleague, vendor, or even a user’s bank. The goal of a phishing attempt is to trick the unsuspecting user into divulging their private information. There are various subtypes of phishing:

• vishing—Vishing is phishing through voice over Internet Protocol (VoIP) calls. Vishing calls may attempt to elicit information from the recipient using social engineering techniques. For example, a caller may claim to be from the IRS and claim that the recipient needs to make a back tax payment or risk further financial or legal penalties.

• smishing—Smishing (or SMS phishing) is phishing through text messaging. Smishing attempts may be directed toward sensitive data directly from the target or through an embedded link in the message.

• QR code phishing—QR code phishing, also known as quishing, is phishing via the use of QR codes. A QR code is provided to a target, which, when scanned, redirects the target to a malicious site, often in an attempt to steal sensitive information, including user credentials, passwords, or financial information.

• spear phishing—Spear phishing is a phishing attempt aimed at a specific group of individuals or organizations. Spear phishing is increasingly honed to target particular demographics, making them appear more genuine and believable. For example, if a spear phishing attempt was made on an animal rights organization, the attempt may include photos and wording related to animal abuse or exploitation.

• whaling—Whaling is phishing that targets explicitly individuals high up in a company’s hierarchy, such as CEOs and CFOs or other high-value targets.

Shoulder Surfing

Shoulder surfing is the act of stealing a person’s data by literally looking over their shoulder as they type private information on a computer or enter a code into a door or ATM.

Tailgating

Social engineers will sometimes tailgate or follow another person into a building. This involves sneaking through an otherwise secure door right behind a person who has permission to enter. Sometimes, the social engineer may carry boxes so that an individual, who is just trying to be polite, will unlock and hold the door open for them.

Impersonation

Another common social engineering tactic is impersonation. Attackers will often pretend to be someone else to gain access to what they are looking for. One example of this is an attacker pretending to be from your internet provider and asking for access to your network closet.

Dumpster Diving

Businesses and individuals discard a significant amount of valuable information that attackers can exploit. When an attacker digs through the trash in search of private information that hasn’t been shredded or otherwise destroyed, this is known as dumpster diving.

Threats

Threats are potential hazards to a network that can be either physically or logically based. A threat is an attack designed to interrupt, intercept, or damage data from a target. Threats can come from a single threat actor or numerous threat actors acting in coordination with one another, such as a nation state. There are a number of threats and attack types you should know:

• denial-of-service (DoS) attack—A DoS attack is one in which a large amount of meaningless traffic is directed toward a device or network in an attempt to overburden and bring it down.

• distributed-denial-of-service (DDoS) attack—A DDOS attack is a DoS attack in which multiple computers (often a botnet) are used to send an overabundance of traffic in an attempt to bring down a network’s resources.

• evil twin—An evil twin is an imposter access point (AP) that impersonates a legitimate AP to intercept data. For example, a user could connect to an AP at their local cafe that provides free Wi-Fi access under the name “Cafe Guest.” The evil twin will create an imposter AP, also named “Cafe Guest,” and intercept data when the user connects to the evil twin.

• zero-day attack—A zero-day attack is one that targets a vulnerability that developers have not identified yet or for which they have not had time to release a patch or fix.

• spoofing—Spoofing is an impersonation attack. Some commonly spoofed items include source IP addresses, source MAC addresses, source email addresses, and usernames.

• on-path attack—An on-path attack, also known as a man-in-the-middle (MITM) attack, is an eavesdropping attack. The attacker will try to plant themself between two systems and intercept the traffic.

• brute-force attack—In a brute-force attack, the attacker attempts to guess as many of the possible values as they can. Brute force is generally used as a method of password cracking, but it can also be applied in other scenarios.

• dictionary attack—One form of brute-force attack is known as a dictionary attack. Rather than the attacker trying to come up with passwords to guess themselves, they can use a list of all leaked passwords online (known as a dictionary).

• insider threat—An insider threat is a threat from within an organization itself and may be perpetrated by disgruntled employees or for personal gain. Insider threats are more common than external threats and can expose the organization to significant levels of damage, as the threat has access to the network. An internal threat can be more difficult to detect since the attacker is often expected to be present on the network.

• Structured Query Language (SQL) injection—A SQL injection is an attack in which the threat enters a series of malicious code with a SQL query to gain access to SQL databases.

• cross-site scripting (XSS)—Cross-site scripting (XSS) embeds malicious scripts into a legitimate web page and is commonly used to hijack web pages to coax the end user to install malware.

• business email compromise (BEC)—BEC refers to when a threat impersonates a legitimate user or entity within a business to compromise a target. BEC attacks may use spoofing, fake emails, or malware to compromise business email accounts and extract sensitive data. For example, a threat actor may send a money transfer request to an employee while posing as the organization’s CEO.

• supply chain/pipeline attack—A supply chain attack attempts to reach a larger target by compromising an entity along their supply chain, which may be easier to infiltrate. For example, a threat actor may embed malware into a payroll company, which then interacts with another company, transferring the malware to the larger company through the trusted payroll company. A pipeline attack is one that commonly targets the continuous integration and continuous delivery (CI/CD) pipeline to deliver malicious code into a system. For example, a threat actor may place code into a testing platform that interacts with the code during development, passing the malicious code on into the live deployment.

Vulnerabilities

Vulnerabilities in cybersecurity are weaknesses in the OS or network that can be exploited for access. Threat actors leverage vulnerabilities to gain access to a network. While zero-day threats do occur, the majority of vulnerabilities have been previously identified and addressed through released patches. It is easier for a threat actor to try known vulnerabilities against a target to gain access to the network than to attempt to discover a new vulnerability.

Non-Compliant Systems

A non-compliant system is a system or device that fails to adhere to the standard security precautions as specified by the system administrator. Non-compliant software or systems can pose a threat to an organization’s network. It’s essential to fix non-compliant devices as soon as you notice them.

Unpatched Systems

Patches protect systems, software, or networks from known vulnerabilities. Unpatched systems leave the network or device open to exploitation through these known vulnerabilities.

Unprotected Systems

An unprotected system is a system that lacks the necessary security measures, such as a device without an antivirus or anti-malware program installed, or a system without a properly configured firewall.

End-of-Life (EOL)

An EOL operating system is an OS that the vendor no longer supports. This means that no new patches or updates will be released to address vulnerabilities, leaving the OS vulnerable to exploitation.

Bring Your Own Device (BYOD)

The prevalence of BYOD policies in networks complicates network security. BYOD policies allow users to bring their own devices onto a network, making them difficult to police and posing both data leakage and data portability vulnerabilities. These devices are often not adequately secured, both physically and logically, making them targets for threat actors.

Malware in Small-Office/Home-Office (SOHO) Systems

For the CompTIA A+ 1202 test, you will also be expected to know how to manage malware in a SOHO environment and devise best practice security measures for removal from that environment, whether it is wired or wireless. Questions of this type will be scenario-based.

This process involves a series of steps that we will discuss in detail in this section.

1. Investigate and verify.

Malware is not often as obvious as strange error messages and odd security warnings. It may be as subtle as a slight slowdown of the system or the appearance of unexplained files. If malware is suspected, the first step is to identify the type of malware being used. Antivirus and anti-malware software can be used to identify known threats. During your investigation, you can also use various online resources to identify malware types and their signatures.

2. Quarantine the system.

Any system suspected of being infected with malware should be quarantined immediately. This prevents the malware from spreading across the network to other devices. The easiest way to quarantine a device is to simply pull out the network cord or disconnect it from Wi-Fi. Maintain all the files on the machine, and don’t attempt to move them to another system.

3. Disable System Restore.

The next step after quarantine is disabling System Restore in Windows. You do not want the virus to infect your restore points.

4. Remediate infected systems.

When you have identified the type of malware and ensured that it can’t spread to other devices, you can begin remediation. The process of remediation involves deleting temporary files and resetting browser settings to remove malicious extensions or affected settings. Remediation should be performed on all potentially infected devices and systems.

5. Update antivirus/anti-malware software.

You’ll want to be sure that you have an updated antivirus and/or anti-malware application with a new engine and signature files. This will ensure your scans are as thorough as possible.

6. Scan and remove.

Once the antivirus software is updated, restart the system in Safe Mode, the pre-installation environment, and run a virus scan. While some viruses are more complex and may require additional remediation techniques, this tool will be able to remove most basic malware infections.

7. Reimage/reinstall the operating system.

The most secure method of removing malware is to completely wipe the device and reimage or reinstall the operating system onto the base hardware. Boot from the installation media or image and choose a clean install, which removes all data and remnants of the malware from the drive prior to reinstallation.

8. Schedule scans and run updates.

When a virus is removed, set your antivirus software to automatically update its signature files and schedule regular scans to prevent future infections.

9. Enable System Restore.

The next step is to re-enable System Restore and create a clean restore point in Windows Home. When creating a new restore point, provide a name that is easily identifiable for future use.

10. Educate the end user.

Users are the last line of defense when it comes to computer security. There is no antivirus or spam filter program that is 100% accurate, so even with these items in place, users should be educated on proper email and internet usage to avoid malware infections on their devices.

Workstation Security and Hardening

During the test, you will need to be able to take a given scenario about a workstation and develop appropriate security measures on a “best practice” level to secure that workstation optimally. This section discusses tools for hardening workstation security.

Data-at-Rest Encryption

For comprehensive security, it is recommended to encrypt data at all times, even when data is at rest. This protects data within the network in the event of a breach.

Password Considerations

Passwords are one of the first lines of defense against an attacker. It’s important to set strong and memorable passwords. There are a few considerations that determine the strength of a password.

Length

Setting longer password length requirements increases the security of the passwords. Most security experts believe that a 12-character minimum should be established, although many organizations currently use an eight-character length requirement.

Character Types

Requiring multiple character types in a password increases its security. These character types may include digits, upper and lowercase letters, or special characters, such as % or @.

Uniqueness

Uniqueness in passwords refers to the concept of using a distinct and individual password for each different credential used across various platforms and services.

Complexity

Password best practices should include complexity requirements that deter users from creating short, simple, and easily cracked passwords.

Expiration

Users should be required to change their password at regular intervals. This is enforced using a password-expiration policy. Typical intervals are every 30, 60, or 90 days.

Basic Input/Output System (BIOS)/Unified Extensible Firmware Interface (UEFI) Passwords

BIOS and UEFI passwords can be set to prevent unauthorized access to their configurations.

End-User Best Practices

Educating the end user about cybersecurity best practices is critical to network security. It is essential that all users receive education about the following strategies:

• Use screensaver locks.—For individuals who use screensavers, it’s a good idea to set a screensaver lock. A lock requires a password to re-enter the computer after the screensaver has appeared. The screensaver then works similarly to locking the computer.

• Log off when not in use.—Cybersecurity best practices include training end users to log off of network-connected devices when they aren’t using them.

• Secure and protect critical hardware.—Critical hardware (e.g., laptops) should be equipped with multiple security measures, such as logon time restrictions, time-out policies, and failed-login lockouts.

• Secure passwords and personally identifiable information (PII).—Passwords and PII can be easily extracted through end-user negligence, such as writing a password on a sticky note or leaving printouts with PII on printers in an easily accessible area. Users should be instructed not to do these things.

• Use password managers.—A password manager is an application or software that stores username/password combinations in a single secure location, often protected by a master password with multifactor authentication. Using password managers to store credential information enables users to create complex and unique passwords without requiring memorization.

Account Management

Administrators are responsible for ensuring the security of workstations through various policies. They define these policies and monitor and enforce them. The following are essential considerations regarding account management.

• Restrict user permissions.—Organizations should always use the principle of least privilege. This means that users should only be given access to the resources they need to complete their jobs, and no more. Having strong permissions helps to prevent unauthorized access, whether intentional or accidental.

• Restrict logon times.—If your organization only has users working between specific hours of the day (e.g., between 9 a.m. and 5 p.m.), one effective security measure to implement is logon time restrictions. It’s possible to put policies in place that restrict users from logging on to a computer outside their regular working hours.

• Disable the guest account.—The Guest account on Windows machines is a low-privilege account for guest users. If this account is not in use, it’s best to disable it. Even though it is a low-privilege account, attackers can still escalate privileges if they gain access to a machine.

• Use failed-login lockout.—A common way to combat brute-force password attacks is to implement a lockout policy. After a specified number of failed login attempts, the account will be locked, and an administrator will need to unlock it.

• Use timeout/screen lock.—Leaving a computer unlocked while you are away is a security risk. Anyone can come up and start working on your computer without your knowledge. For this reason, organizations should implement a screen lock or screen timeout policy to prevent unauthorized access. This policy ensures computers lock after a specified period of inactivity.

• Apply account expiration dates.—Account expiration dates secure user accounts, especially for accounts that only require temporary access, such as guest users, temporary employees, or contractors. An account expiration will automatically disable the account once the expiration date is reached.

• Change the default administrator’s user account/password.—Default passwords should never be used in any circumstances. It’s best to immediately change default passwords or disable default accounts altogether and create new accounts.

• Disable AutoRun.—Specific programs or discs will run immediately when put into the computer. It is best practice to disable the AutoRun and AutoPlay features on the operating system. This gives you time to evaluate the item before allowing it to run on the PC.

• Disable unused services.—Many computing devices come pre-installed with services designed to run automatically unless configured otherwise. To secure a device, identify and disable any unused services.

Mobile Device Security

Mobile devices have become an integral part of modern business. Employees are expected to be available at all times via their phones. However, with the emergence of new mobile devices in the business world, organizations must also consider the associated risks. You must be able to identify and apply standard methods for securing mobile devices.

Hardening Techniques

Hardening is the process of enhancing a device’s security posture by applying multiple security methods, both software and hardware, to reduce device vulnerability. Hardening techniques that can be applied to mobile devices are similar to those for consoles, with a greater focus on protecting initial device access.

Device Encryption

Like other endpoint devices, mobile devices can be encrypted to protect the data stored on them. This adds another layer of protection in case the device is lost or stolen.

Screen Locks

When a user has access to business resources via a mobile device, it’s necessary to ensure that the mobile device is just as secure as a workstation. This means having a lock on the screen so that if the phone is lost or stolen, attackers don’t have access to the business resources. Other useful mechanisms include:

• facial recognition—Screen locks can be enabled with facial recognition that uses biometric facial features to unlock a screen. Facial recognition is commonly used on mobile devices but is prone to false negatives and, less frequently, false positives.

• personal identification number (PIN) codes—A PIN can be set that must be entered correctly to gain access to the mobile device. A PIN code is often used in conjunction with a biometric authentication method for MFA to provide added security to a device.

• fingerprint—Some devices may use a fingerprint scan as authentication for mobile device access. Fingerprint scans are trending downward in mobile devices, driven by advancements in facial recognition and the increasing use of front-facing cameras.

• pattern lock—A pattern lock is a method of authentication that requires the user to draw a specified pattern in a three-by-three matrix of dots for access to the mobile device. A pattern lock, like a PIN, can be used in conjunction with biometric authentication for MFA. Some users, however, may opt for a simple pattern to make accessing the device easier, which can be easily discovered, similar to using the word “password” as their password.

• swipe lock—A swipe lock is not an actual locking method. The swipe merely requires the user to swipe the screen to gain access and should not be used as a security measure for mobile devices.

Configuration Profiles

Configuration profiles are a predefined set of configuration settings stored under a specific profile that can be used to streamline and automate the configuration of mobile devices. Configuration profiles can include configuration settings for passcode requirements, network connection requirements, email settings, certificate requirements, and usage and application restrictions.

Patch Management

Patch management as it pertains to mobile devices is the identification, acquisition, application, deployment, and testing of relevant released patches. Patch management can be automated through mobile device management (MDM) systems to ensure patches are applied across multiple connected devices.

OS Updates

Whenever an update is available for a mobile device, it should be installed. Applications on the phone should also be kept up to date. When vulnerabilities are found, developers will put out updates to fix the vulnerabilities. This is why devices must be kept up to date.

Application Updates

As with OS updates, applications often release updates to address identified vulnerabilities and bugs found within an application. Application updates should be installed in a timely manner on all affected devices.

Endpoint Security Software

Endpoint security software can be installed on mobile devices to enhance security and protect against device infiltration. Endpoint security software can provide threat protection, policy enforcement, visibility, and control, among other safeguards.

Antivirus/Anti-Malware

In the same way that you should protect your computer from viruses and malware using antivirus and anti-malware software, you can download mobile antivirus and anti-malware applications. There are fewer providers for mobile antivirus and anti-malware software than for computers, but the market is growing.

Content Filtering

Content filtering is the ability to restrict access to any data deemed to be a potential threat to the device or connected network. Content filtering can restrict website access to inappropriate content, enforce both enterprise-based and legally required policies, and increase productivity by blocking access to distracting content.

Locator Applications

Locator applications can help individuals find their devices if they have been lost or stolen. These applications use GPS technology. The location services on the device must be enabled for these applications to function correctly.

Remote Wipes

Organizations are able to wipe devices after they are given remote administration control. This is useful if a user reports that their phone has been lost or stolen.

Remote Backups

Some organizations may choose to remotely back up the mobile devices that store data. Because mobile devices are typically used during travel, they are more likely to be lost or stolen.

Failed Login Restrictions

In the same way that you can lock a user’s account on a computer, you can lock an account on a mobile device. Mobile devices should lock the ability to log in after a specified number of failed attempts.

Policies and Procedures

An organization should establish policies to ensure that users understand how to use mobile devices on the organization’s network.

Mobile Device Management (MDM)

MDM is software that allows for the monitoring and management of connected mobile devices. MDM can be used for configuration deployment and policy enforcement, and can be applied to both BYOD and corporate-owned devices.

Corporate-Owned vs. Bring Your Own Device (BYOD)

Corporate-owned devices are entirely under the control of an organization. In such scenarios, the organization specifies policies regarding which applications can be installed, as well as the device’s intended use. However, many organizations are moving to a BYOD environment. BYOD environments are more complicated to manage because, while policies can be put in place for accessing corporate resources, ultimately, the device is owned by the end user.

Profile Security Requirements

When accessing an organization’s resources, users must meet all profile security requirements set forth by the organization.

Data Destruction and Disposal

As discussed earlier in this guide, dumpster diving is a method of obtaining private information or data from the trash. Let’s look at the best practices for properly disposing of computer equipment. You must be able to compare and contrast standard methods.

Physical Destruction of Hard Drives

One of the only ways to ensure that data is no longer accessible is to destroy the device on which the data is stored. Physical destruction is used when the data on the device needs to be completely removed or destroyed. There are various methods of destruction:

• drilling—Drilling is a destruction method where a drill is used to physically put a hole into the device, destroying the internal components of the device.

• shredding—To prevent dumpster divers from stealing private information, organizations should have a shredding policy in place to shred all documents before throwing them in the trash.

• degaussing—Using an electromagnet is one way to wipe a hard drive. However, it’s often still possible for individuals to pull data off of a hard drive even though it’s been wiped. A single wipe with a magnet is not enough. This process, known as degaussing, must be repeated multiple times.

• incineration—Some organizations may choose to completely incinerate, or burn, their devices to ensure that data cannot be pulled off the devices.

Recycling or Repurposing Best Practices

Rather than destroying the devices, many organizations opt for recycling or repurposing them. Best practices should be followed to ensure the security and integrity of data on repurposed or recycled devices.

Erasing/Wiping

Before recycling or reusing, all data should be wiped entirely or erased to prevent data breaches. However, standard wiping or erasing of a drive does not actually remove the data from the drive or device; it merely marks the space being wiped or erased as available for overwriting. Data may still be recovered before it is actually overwritten. To entirely wipe or erase a drive, the data needs to be overwritten with zeros or nonsense before being marked as available.

Low-Level Formatting

Low-level formatting can be used to completely wipe a disk. This formatting method resets the drive to its initial state, prior to the drive controller chip and drive interaction, and occurs before partitioning.

Standard Formatting

Standard formatting does not erase the data on the disk but marks the space the data occupies as available for use. Standard formatting is not a secure way of wiping a drive.

Outsourcing Concepts

Outsourcing data and device destruction is a valid method of data destruction, but it comes with its own considerations:

• third-party vendor—A third-party vendor can be contracted to destroy or recycle a device or drive. When using third-party vendors, be aware that there is a potential for data leakage, either through mismanaged data wiping or insider threats within the vendor.

• certification of destruction/recycling—When an organization uses a third-party vendor to dispose of and destroy their devices, they should receive a certificate of destruction stating that the items have been recycled and all data storage components have been wiped or destroyed pursuant to all applicable laws, including environmental and waste-management regulations.

Regulatory and Environmental Requirements

When disposing of a computing device, various federal, state, and industry-related regulations can affect disposal requirements. Based on the type of data contained, sensitive data destruction must meet regulations from various laws and regulatory bodies, including the Health Insurance Portability and Accountability Act (HIPAA), National Institute of Standards and Technology (NIST), and Payment Card Industry Data Security Standard (PCI DSS), to ensure proper data destruction and sanitization.

Computing components, such as batteries, must also meet environmental requirements to minimize potential contamination and environmental impacts, as specified by the US Environmental Protection Agency (EPA) and the Resource Conservation and Recovery Act (RCRA).

Small-Office/Home-Office (SOHO) Networks

It will also be essential for you to manage a scenario related to a SOHO situation and devise best practice security measures for that environment, whether it is wired or wireless. Questions related to this topic will be scenario-based.

Router Settings

Routers used in the home can be configured for security, and best practices should be followed. While most home routers are considered to be plug-and-play, it is recommended to access the router to change the default password and manage updates and other security settings before use.

Changing Default Passwords

It is easy to do an online search and find the default usernames and passwords of wireless devices. When setting up a wireless network, ensure that the default passwords are not being used.

IP Filtering

IP filtering, also referred to as firewall rules, should be used on a home router to secure the internal network from an external network, such as the internet.

Firmware Updates

Just like any other device we’ve talked about, the firmware on a wireless device should be kept up to date. When the latest updates are not installed on a device, that device becomes susceptible to attacks.

Content Filtering

Some wireless routers come with built-in content filtering and parental controls. These can be used to block users from navigating to sites that could contain malware.

Physical Placement/Secure Locations

Ideally, when setting up a wireless network, you want the network to span your entire building or workspace, without leaking outside of your organization. It’s a challenging task to do perfectly, but it can be achieved by conducting wireless network surveys and ensuring that your antennas and access points are placed in optimal locations.

Universal Plug and Play (UPnP)

UPnP is designed to simplify the connection of devices to a network. To protect a SOHO, UPnP should require that a user receives permission before connecting to the SOHO network or network-connected device.

Screened Subnet

A screened subnet, also referred to as a demilitarized zone (DMZ), creates a separation between the exterior and interior of a network where communication can take place without placing the interior of the network at risk.

Configuring Secure Management Access

When creating a SOHO, secure configurations need to be applied to management access, such as requiring MFA, restricting access to management interfaces, and using encryption for remote access to management connections.

Wireless Specific

There are specific security measures for wireless networks. This section covers some of the most important ones.

Changing the Service Set Identifier (SSID)

Keeping the default SSID can provide a potential attacker with the information they need to target you. For example, the default SSID may show exactly what type of wireless device you are using. It’s best to change the SSID before you begin using the wireless network.

Disabling SSID Broadcast

Disabling the SSID is one way to prevent attackers from finding your wireless network. It requires a few extra steps to get yourself and other users connected to the network, but it does add that additional layer of protection. Experienced hackers will still be able to locate hidden networks; however, generally, attackers target the low-hanging fruit.

Establishing Encryption Settings

Setting wireless encryption secures your wireless network with an authentication protocol. Wireless encryption requires both a password and an encrypted key when you establish a connection. The encryption key can typically be found on the setup page of a wireless router.

Configuring Guest Access

Guest access should be disabled on the wireless network. While guest access is designed to allow minimal permissions, it can easily be exploited for privilege escalation.

Firewall Settings

As with other network-connected devices, firewalls should be configured to provide the highest security possible for wireless networks.

Disabling Unused Ports

Disabling unused ports on the wireless router can prevent unauthorized parties from plugging in and gaining access to the entire network.

Port Forwarding/Mapping

Port forwarding, also known as port mapping, is the process of configuring ports on a device to allow or block access to specific ports. Port forwarding can be configured on a wireless device in the same way that it is on a wired network.

Browser Security

Web browsers are among the most widely used tools on the internet and require their own set of security considerations and best practices. You must be able to configure relevant security settings in a web browser. Questions in this section will be scenario-based.

Browser Download/Installation

Browsers can be downloaded either online or offline.

• An online browser download is an online link that installs a smaller installation application on a device. The installation application then pulls the needed data for the rest of the browser from the internet via a live internet connection.

• An offline browser download is a single-file download of the complete installation package. The initial offline installation download does require an active internet connection. However, once the download is complete, it can be used to install the browser on additional devices without requiring an internet connection.

With either method, care must be taken to install a clean version of the browser.

Trusted Sources

Browsers should be downloaded and installed only from trusted sources, preferably through the official distributor.

Hashing

Hashing is one method of verifying the integrity of a downloaded browser installation. This method creates a secure hash algorithm of the executable stored in a separate location, which can then be compared to the executable if the browser needs to be reinstalled.

Untrusted Sources

Untrusted or unverified sources should not be used for browser installation or download. To ensure a verified installation, go directly to the vendor page for the browser you wish to install. Do not follow links on non-vendor pages for installation.

Browser Patching

Browsers, like OSs and applications, also require patching to remediate identified vulnerabilities and fix bugs. Browser patches should only be installed directly from the browser provider or other trusted source.

Extensions and Plug-Ins

Extensions and plug-ins are designed to enhance a browser’s functionality for the end user. However, care must be taken when installing extensions and plug-ins, especially from third-party sources.

Trusted Sources

As with browser installation, trusted sources should be used when downloading and installing extensions and plug-ins.

Untrusted Sources

Untrusted sources, such as third-party links, should not be used for installing extensions or plug-ins. Verify the source prior to installation.

Password Managers

Many browsers offer a password or credential manager to store credentials and passwords. Only use a password manager on a private and secure device.

Valid Certificates

Web browsers identify secure connections and websites through certificate validation. Try to avoid connections or sites with invalid certificates.

Settings

Like firewall settings, a web browser has browser-specific security settings that can be configured to provide the highest level of security.

• pop-up blocker—A pop-up blocker is designed to prevent pop-ups and pop-unders from appearing. Pop-ups are blocked by default on most browsers, but they may need to be allowed for specific websites that require pop-ups for functionality.

• clearing browsing data—Clearing browser data removes the data that was stored during browsing and should be used to maintain data privacy. The frequency with which you clear browser data depends on the device’s usage. For example, if the browser is on a home computer that only you have access to, it is not as vital to clear browser data after browsing. However, if you are using a public browser, such as one at the library, the browser history should be removed with each use.

• clearing cache—The browser cache is where data is placed when rendering a website for quick retrieval. The cache should be cleared frequently to maintain browser security.

• private-browsing mode—Private-browsing mode does not store any web browsing data and can be used for security as well as privacy. However, private-browsing mode is not completely private. Private-browsing mode merely keeps the browsing data on a device secret for that particular device. All visited websites will still receive any information that was collected by the website.

• sign-in/browser data synchronization—Browser synchronization allows a user’s browser to be synchronized across multiple devices. Caution should be used when synchronizing browsers. Do not synchronize on public devices. If synchronization is required, remember to log off and delete the history and cache before leaving the browser.

• ad blockers—Ad blockers are designed to prevent spam advertisements in browsers. Ad blockers work by comparing a URL to a set list of blacklisted or whitelisted URLs. If the URL is blacklisted, it is denied access in the browser. URLs can be whitelisted by users to bypass the ad blocker. For example, an ad blocker may ask the browser if it wants to see advertisements from ABC Company. If the user agrees, the URL for ABC Company is whitelisted and allowed access.

• proxy—Proxy settings on a browser are used to identify how a browser connects to the internet. Instead of connecting directly to a website, the request is routed through a proxy to establish the connection.

• secure Domain Name System (DNS)—Using secure DNS on a web browser applies encryption to DNS queries, protecting requests and associated data from interception.

Browser Feature Management

Browser feature management refers to the ability to control the visibility and behavior of various features or capabilities within a web browser. Browser feature management is typically controlled with a toggle for simplistic control.

Enable/Disable

The toggle is used within a browser to enable or disable various features within the web browser. Enabling or disabling features depends on the organization’s security requirements.

• plug-ins—Plug-ins are designed to enhance the capabilities of a web browser and commonly allow for the interaction between the browser and different types of files, such as PDF or video files.

• extensions—Browser extensions are small software files, similar to miniature applications, that provide increased capabilities to the web browser.

• features—Browser features are additional capabilities and functionalities included within the browser itself. Unlike extensions and plug-ins, features are inherent to the browser.