Firefox has long been considered one of, if not the, most reliable and adaptable browser available today, but that standing is easily undermined by insecure browser settings and user preferences. When running a Software-as-a-Service solution like Google Apps, lax browser security can prove fatal to a Google Apps domain, and to your business. Below are 10 steps you take to maximize Firefox’s defenses against online threats and keep your Google Apps domain safe and secure.
BROWSER SETTINGS
Firefox’s reputation as a highly customizable browser is well earned, so your Google Apps security measures should begin with the Firefox’s internal settings.
1. Disable Advanced JavaScript
For absolute maximum security, you should disable JavaScript altogether, as hackers can use it to execute a number of unscrupulous actions in your browser. However, JavaScript is necessary to operate the interactive features of many online applications, including portions of the Google Apps suite. The good news is Firefox can disable only the more dangerous elements of JavaScript. Under the Content Panel’s Advanced JavaScript Settings, deselect the options to Move Or Resize Existing Windows, Raise Or Lower Windows, and Disable Or Replace Context Menus. This will prevent websites from opening hidden browser windows you can’t easily dismiss or control.
2. Set Custom Browser History Configuration
Firefox offers a Private Browsing Mode that prevents it from recording any passwords, form autofill data, accepting cookies, or saving other history data. This is prudent, as it prevents hackers from targeting your browser to obtain this access information. You can permanently opt into Private Browsing mode by selecting the Never Remember History option in the Privacy Panel, but the smarter move is to configure a Custom History Setting. Within the Privacy Panel’s Custom Settings For History section, deselect every option except Remember Download History. This will ensure you have a record of any items downloaded — knowingly or otherwise — but that any other history data (notably login information) won’t be saved in the browser.
3. Show the Downloads Window When Downloading Files
Some hyperlinks disguise malicious software downloads. Selecting the Show The Downloads Window option in the General Options panel ensures that nothing gets dropped on your hard drive without your knowledge.
4. Enable Security Warnings
Firefox provides a number of defenses and security warnings by default, but you should be certain these options are enabled. Under the Security Panel, select the Warn Me When Sites Try To Install Add-Ons, which will prevent any malware disguised as video player plug-ins or game features from sneaking onto your browser. Then select Block Reported Attack Sites and Block Reported Web Forgeries, which are pretty self-explanatory.
5. Disable Password Storage
Storing passwords in your browser simply makes your passwords vulnerable to browser attacks, putting your Google Apps account and domain at risk. While less convenient, you should disable the password storage option.
6. Set Alerts For Offline Website Data Storage
Some websites will try to store data locally. Most of these requests are legitimate — Google Apps can occasionally make them in relation to its Offline Mode — but you should be aware when these requests are made. Under Firefox’s Advanced Panel’s Network tab, select the Tell Me When A Website Asks To Store Data For Offline Use option to ensure no offline data is saved without your knowledge and permission.
7. Automatically Install Updates
Keeping Firefox up to date means you’ll always have the latest security patches and defenses running on your browser. Under the Advanced Panel’s Update tab, select the Automatically Install Updates option and the related Warn Me If This Will Disable Any Of My Add-Ons option. The former will keep you running the latest version of Firefox; the latter will let you know if any of your security plug-ins are incompatible with the latest Firefox update.
8. Enable Encryption
While selecting the SSL version of any website is prudent, Firefox can enforce the use of the latest and most effective Secure Sockets Layer and related encryption protocols at any HTTPS web address. Under the Advanced Panel’s Encryption tab, select the Use SSL 3.0 and Use TLS 1.0 options.
BROWSER ADD-ONS
Above and beyond Firefox’s native security features, these add-ons impart some much-needed defensive measures into your browser.
9. HTTPS Everywhere
Virtually every reputable website and web application offers an SSL version to accommodate encrypted web communication, including Google Apps. This keeps any data you share with the website — especially passwords — away from prying eyes. The HTTPS Everywhere Firefox Add-On defaults you to the SSL version of any website, making sure you don’t accidentally opt for the less secure version.
10. NoScript
Even with Firefox’s advanced JavaScript settings, you’re still at risk from clickjacking attacks. The NoScript add-on only allows JavaScript from trusted sites to run on your browser. If they’re not on the safe list, the site’s script won’t run, keeping JavaScript fully at bay.
Pingback: Protecting Your Gmail Account From the IE Zero Day Exploit | Backupify