How to Secure Firefox

[bodhi.zazen]

How to Secure Firefox

Intro: What we are going to do is secure Firefox by blocking cookies and Java, then adding only trusted sites via a "White List" (White list = exceptions).

Contents:

1. Adblock.
2. Cookies.
3. Customize Google.
4. Java/Flash (NoScript).
5. Secure private data.
6. Write an Apparmor Profile.
7. Using Firefox, ie how to generate white lists.

Appendix:

• Surf Anonymously ~ Privoxy/TOR

Adblock

We have two options here, Firefox extensions OR hosts file.

1. Firefox extension : Adblock Plus
2. Hosts file. I prefer a hosts file as it protects more then just Firefox.
   
   Here is how I do a hosts file : http://ubuntuforums.org/showthread.php?t=241460#2
   
   Direct link to hosts file
3. bfilter. Home page . Bfilter is a proxy and runs on windows as well (portable, nice when you are using a guest computer).
   
   
   Quote:

   BFilter is a filtering web proxy. It was originally intended for removing banner ads only, but since then its capabilities have been greatly extended. Unlike most of the similar tools, it doesn't rely on blacklists (although it does support them). The problem with blacklists is that advertisers are always one step ahead. You see an ad slip through, you update your blacklist, and in case it didn't help, you add a new entry yourself. Once I got tired of that, I decided to write a proxy that would detect ads heuristically, much like modern anti-virus software manages to detect many viruses unknown to it.

   ~ Thanks to kerry_s
   
   bfilter is easy to install and configure.
   Code:

   sudo apt-get install bfilter

   To configure, open Firefox preferences -> Advanced tab -> Network tab -> now click the "settings" box. Use 127.0.0.1 port 8080 as a proxy (see screen shot)
   
   

You may further configure bfileter with bfilter-gui which is also in the Ubuntu repos

Code:

sudo apt-get install bfilter-gui

Cookies

Go to your Firefox menu -> Preferences -> Privacy Tab

UNSELECT "Accept cookies from sites"

All cookies are now blocked.

Flash manages cookies directly. To manage flash cookies : http://www.macromedia.com/support/do...manager02.html

~ Thanks benny bronx


Javascript/Flash

Javascript/Flash are a cross platform programing languages commonly used on the web. They add functionality, but also allow browser hijacks.

Install NoScript

To configure, right click on the NoScript icon (lower right) and select options.


Customize Google

That's right, google is feeding you adds

Install this extension.

Customize Google

Then :

Tools -> Customize Google Options

Go through each category on the Left and tic off "Remove Adds" (and anything wlse you might like).

Another great extension (IMO) is googleefree . This is not really an extension, it is a google search bar that excludes Expert Exchange (that annoying service you have to join to see solutions).

Secure Private Data

1. Go to your Firefox menu -> Preferences -> Security Tab
   
   Set a "Master Password". This will protect others from displaying your passwords. If you have a sensitive password like to the Ubuntu Forums or your Bank, BEST NOT TO STORE IT AT ALL.
   
   Hey, while you are there, check out the password strength meter.
2. Install SafeHistory. Safe History will clear your private information when you close Firefox.
3. Install SafeCache to be safer against CSRF attacks.

~ Thanks FaBi3ttO


How to Whitelist

OK, now you will likely find Firefox somewhat restrictive. The goal here is to allow "normal" functioning. In order to log into forums or your banking sites we need to allow Cookies and Java. We will do this ONLY for specific sites we trust via white lists.

1. Cookies - Firefox options -> Privacy tab
   
   Copy the Ubuntu url from your browser : http://ubuntuforums.org/
   
   Go to "Cookies" -> click the "Exceptions" button -> paste ubuntu url -> click "Allow for session"
   
   For secure sites like Banking you will need to allow multiple url (https), usually one from the home page, then one from the log in page, and sometimes from the next page as well. So if you are having problems, keep adding url to the white list.
2. Java - Right click on the NoScript icon -> Allow Ubuntu.com

Repeat these steps until you have added your sites and have the functionality you need.


Write an Apparmor Profile

Apparmor is beyond this thread, but see these two threads :

[all variants] Introduction to AppArmor - Ubuntu Forums

Share your AppArmor Profiles


How to Surf Anonymously ~ Privoxy/TOR

Privoxy / TOR can significantly increase your privacy, but at a cost of reduced speed. Please note however, that these services DO NOT offer complete anonymity.

Ubuntu wiki TOR

http://wiki.noreply.org/noreply/TheO...er/TorOnDebian

If you use TOR and have the capacity, consider contributing a TOR server (a few more servers would speed things up for everyone).

http://en.linuxreviews.org/HOWTO_setup_a_Tor-server



Peace be with you,

bodhi.zazen

[nikoPSK]

very nice. I like it. There a bunch of speed tweaks as well I'm planning on writing about.

[limac]

great post bodhi, sure is going to be helpful around here! Especially the "Secure Private data" part. really helpful

regards,
limac

[FaBi3ttO]

Really good post.
I also use SafeCache
to be safer against CSRF attacks.

[bodhi.zazen]

Quote:

Originally Posted by FaBi3ttO Really good post. I also use SafeCache to be safer against CSRF attacks.

Thanks I will add that link to the list.

[nowshining]

all safe cache does is disable cache - it makes it where each time u download something u'll have to re-download it..

as for others

u can also

about:config
find:

A: network.http.sendRefererHeader > set this to 0 to disable referell - note some sites may require it - but few sites do - if u get probs, just reset it, and keep the tab open, do what u need and re-set it to 0. What this does is keep sites from knowing what sites u last visited.

B: network.http.sendSecureXSiteReferrer > set to false

C: network.jar.open-unsafe-types > make sure this is set to false

D: Download Contrle de scripts from the add-on site, this allows easier acces to only allow certain pop-ups, clicks, etc.. in other words certain pop-up types, go into prefs of the program and set the following:

Under allow scripts to - uncheck all,

go to the popups tab

Under allowed events only the following should be: click. dblclick, submit

Then press ok.

E: in about:config find browser.preferences.advanced.selectedTabIndex > set this to 2

Determines which tab in the Advanced section of the preferences is visible.
0 (default): General
1: Update
2: Security

[bodhi.zazen]

Thanks nowshining , keep the tips coming

[SOULRiDER]

I especially liked the Tor part, i had been wondering how to use Tor for a while but never really bothered to look for info on how to do it

[nikoPSK]

Quote:

Originally Posted by SOULRiDER I especially liked the Tor part, i had been wondering how to use Tor for a while but never really bothered to look for info on how to do it

using tor seems a bit over the edge, but I guess that's how bad some things are... :[

[Pyre_Vulpimorph]

Concerning master passwords, how do you rate the FireFox Add-On, Password Maker, the one with the LotR-esque catchphrase "one password to rule them all"?

It claims to be uncrackable, but I'm sceptical about such claims.