Information Security 3 : SSL Search & Firefox Privacy Settings

ConorCork
   9 years ago
  0

<style type="text/css"> p { margin-bottom: 0.25cm; line-height: 120%; }a:link { } </style>

Tutorial Goal : Tips covering SSL search engines Firefox settings and extension add ons:

Secure Socket Layer SSL Search Bar; privacy add-ons Calomel, Better

Privacy, Empty Cache, Ref Control and Security add-on : No Script.

System : Linux Mint 17.1 Rebecca x86 / 64 bit Cinnamon, 2.4 Kernel 3.13.0 -24.

Call Out : DuckDuckGo (DDG) search words are given to point to a web site for detail on each

specific tool to first evaluate its applicability for your needs and system set up.

3(A) SSL SEARCH ENGINES

Search over Secure Socket Layer (SSL) aims to give a more secure search experience. Most of the search engines offer Secure Socket Layer (SSL) search. Two, Ixquick and DuckDuckGo add privacy as they advertise as not collect or share or track users personal (eg search words kept anonymous ) information. These search engines SSL version can be added as an add-on to your Firefox Search bar.

Open Firefox- Firefox Menu- Select Add On's – Search for “SSL Search Bar

There is also a useful add on called Calomel SSL Validation ( DDG Search: 'Calomel dot org') which gives a traffic light color coded icon in the firefox toolbar showing the strength of encryption from red (weak) to green (strong). The drop down window shows a detailed summary of the SSL connection.

Find/install Firefox add ons (like SSL Search bar and Calomel) is covered in more detail in 3(C) below.

 

3(B) FIREFOX PREFERENCE SETTINGS

DDG Search Words: Security in a box Org Firefox Privacy and Security

Firefox gives preferences options to configure browser settings.

Open Firefox, select Firefox Menu (Left click on three line box, top right hand side)

Select left click “Preferences” ( Gear Icon) and a menu of Preference Tabs appears:

General-Tabs-Search-Content-Applications-Privacy-Security-Sync-Advanced

Options to consider selecting are:

 

General - “Always Ask me where to save files”

 

Tabs - “Open new windows in a new tab”

“Warn me when closing multiple tabs”

“Warn me when opening multiple tabs”

“ When I open a link in a new tab, switch to it immediately”

 

Content - “ Block pop up windows”

Later you can white-list allow sites under 'exceptions 'to use pop up windows.

 

Privacy -For Tracking option -> “ Do not tell sites anything about my preferences”

- For Location option -> “ When using the location Bar, Suggest: “Nothing”

- For History option -> “ Never remember history (see alternate setting note below)

 

When select “Never remember history” you may find access to sites (that use cookies) that you frequently use is impacted, so an alternative setting here you might like to to consider is:-

Privacy-> History -> “Use custom settings for history

Then → 'Always use private browsing mode' and

Then → ' Accept cookies from Sites and Never accept third party cookies'

 

Security Select: “Warn me when sites try to install add-ons”

“Block reported attack sites”

“Block reported web forgeries”

 

Advanced This has sub panes of General-Data Choices-Network-Update-Certificates

General Pane->Accessibility : “Warn me when websites try to redirect”

General Pane-> Browsing : “Use smooth Scrolling”

“Use hardware acceleration when available”

“Check my spelling as I type”

Data Choices Pane - > Health Report : “Disable by de-select the x in tick box

Data Choices Pane - > Crash Reporter : “Disable” by de-select the x in tick box

Network Pane - > Cached Web Content : “Override auto cache management”

Then : “Limit cache to 0 MB of space”

 

Network Pane -> Offline user data : “Tell me when website asks to store data

for off-line use”

Certificates -> When server Requests my Cert : “Ask me every time”

 

3(C) FIREFOX PRIVACY ADD-ONS

DDG Search words: Mozilla dot org add-on {name}.

The Mozilla Foundation offers some add-ons for Firefox that can add some privacy. These include

{Empty Cache Button} = Cache clearing made easy

{BetterPrivacy} = Super/Flash Cookie safeguard

{RefControl} = Control referers sent on a per site basis

 

To find these 'extensions” open Firefox, Left click three bar icon top right hand corner of browser, to Open Menu in Firefox, Select left click “Add ons” and this opens the “Get Add-ons and extensions Manager” in Firefox.

Enter the extension add on {name} in the 'search all add-ons” search bar on top right hand side of your screen. From there you can download and install the add on. Most will require a Firefox close and restart to enable.

 

Empty Cache: After download this add-ons will display as a red barrel icon in your add on in the tool bar. It is a simple one left mouse click to empty cache periodically. Right click the icon to give settings options for Disk, Memory, Off line cache.

 

Better Privacy: after download, this add-on will display initially on the Firefox tool bar. It is designed to manage “Super tracking cookies” that your browser may not easily manage. Flash cookies are placed in central system folders on your computer by a flash plug-in. Better privacy gives option to manage them, for example Setting example- delete automatically on browser exit. With this setting the add on will disappear from the tool bar and work in the background – an install, configure and forget add-on

 

RefControl : after download this add on will display in your Firefox tool bar as at two page icon.

It controls your http referers generically and/ or on a site basis. The Referer request-header field allows the client to specify, for the server's you searching on benefit, the address of the resource from which the Request-address was obtained. The Referer request-header allows a server to generate lists of back-links to resources for interest, logging, optimized caching, etc.

 

Left click on the RefControl Firefox tool Icon to bring up the Ref Control Options Menu.

This gives Options to enable RefControl for generic normal setting example “Block” → Third Party requests only”. You can later configure individual web site URL s to allow third party sites from those individual sites.

 

3(D) NO SCRIPT – Firefox Security Add-on

Allow active content to run only from sites you trust, and protect yourself against XSS and Click-jacking attacks. Install from Firefox add on menu in similar process to add-on extensions in section 3(C) above. No Script will display in the Firefox tool bar as the blue capital letter S and smaller lower case S in Red if blocking scripts. On bottom of browser for page you viewing will see the scripts being blocked. Then from tool bar icon left click to get options to

(A) forbid /allow the script(s) individually or (B) temporarily allow all scripts on current Internet page.

For detailed information on configuration

DDG Search Words : No Script dot net and search the FAQ and Forum on that official site.

DDG Search Words : Security in a box org no script

 

Footnote: Versions used here are Firefox 34.0, Calomel SSL Validation 0.72, Empty Cache Button 2.7 , BetterPrivacy 1.68, RefControl 0.8.17, and No Script 2.6.9.9. Future versions may have nuances of difference. These Firefox extension add-ons can use “tight” checks that could generate false positive alerts on you particular system. Therefore use the Official sites for each tool and Linux forums to research any findings you are unsure of.

 

I hope you found this tutorial useful.

 

ConorCork, December 2014