Page 1 of 3 123 LastLast
Results 1 to 10 of 23

Thread: Hardening Firefox

  1. #1
    Join Date
    Nov 2006
    Beans
    22

    Thumbs down Hardening Firefox

    Table of Contents:

    1. Cookie Filtering
    - Firefox Configuration
    - Cookie Monster
    (https://addons.mozilla.org/en-US/firefox/addon/4703/)
    - Better Privacy (https://addons.mozilla.org/en-US/firefox/addon/6623/)
    2. Active Content Filtering
    - NoScript (https://addons.mozilla.org/en-US/firefox/addon/722/)
    - RequestPolicy (https://addons.mozilla.org/en-US/firefox/addon/9727/)
    - Ghostery (https://addons.mozilla.org/en-US/firefox/addon/9609/)

    3. Privacy Enchanced Proxy
    - Privoxy (http://www.privoxy.org/)
    - Basic Configuration

    4. Ad Blocking
    - AdBlock Plus (https://addons.mozilla.org/en-US/firefox/addon/1865/)
    - Optimize Google (https://addons.mozilla.org/en-US/firefox/addon/52498/)
    - Hosts File (http://www.mvps.org/winhelp2002/hosts.htm)
    5. Phising Protection
    - Web of Trust (https://addons.mozilla.org/en-US/firefox/addon/3456/)
    6. App Armor

    7. Facebook Related
    - Facebook Beacon Blocker (https://addons.mozilla.org/en-US/firefox/addon/10497/)


    Cookie Filtering

    A cookie is a small piece of text that is created on a user's computer by a web browser. A cookie consists of varying name-value pairs that contain information such as, but not limited to: User preferences, server-based sessions, and so on. Most cookies are harmless and are used to enrich the overall experience of your web surfing. However, some types of cookies can be a privacy risk since they can be used to track what web sites that you visit and allow for annoying targeted advertisements that are often intrusive. Regular cookies are harmless, but tracking cookies, third-party cookies, super cookies, and flash cookies all have the potential to leak information about your browsing habits that may not wish to share with just anyone.

    Configuring Firefox:


    We will start by rejecting all cookies by default. This will allow you to decide which sites you trust enough to place cookies on your computer. These changes to Firefox will ensure that cookies from all web sites will be disallowed until you explicitly allow an individual site access to store cookies on your computer.

    Load Firefox and navigate to Edit -> Preferences and click on the Privacy tab. Now uncheck the option "Accept cookies from sites". When you have finished your options should look like:



    Tip: Please note that I have selected to automatically start Firefox in private browsing mode. You do not need to have this option selected. It is simply how my browser is configured.
    Tip: If you do not see options to modify cookie settings as described above then use the drop-down menu and change the value from Firefox will: Remember history to Firefox will: Use custom settings for history


    You can now install an addon called Cookie Monster (https://addons.mozilla.org/en-US/firefox/addon/4703) which will let you allow cookies and session cookies for web sites that you trust and need them to function properly. Once installed it will add a small icon to the bottom right of the browser. Click on this icon to see a list of options. From here you may temporarily allow cookies form a site, always allow cookies from a specific site, etc.

    There is also the threat of flash cookies, click-pings, and third-parties using data located within the DOMStorage file (super cookies) to track you across the Internet. Disallowing cookies in the manner above will not prevent these types of cookies from being installed on your computer alone. An addon called Better Privacy (https://addons.mozilla.org/en-US/firefox/addon/6623) can defend against these techniques without you having to manually remove files from your computer. It allows you to remove flash cookies at specific intervals, whenever you close Firefox, and much more. You can configure this addon by going to Tools and then selecting Better Privacy.

    Some sites may not function correctly until you allow cookies. This is completely up to the user of which sites he/she trusts enough to accept cookies from.

    Active Content Filtering:

    NoScript (https://addons.mozilla.org/en-US/firefox/addon/722) plays an important role in hardening your browser. It will allow you to filter active content such as; Java, JavaScript, Flash, and defend you against XSS attacks without losing functionality thanks to the way they filter content based on a default deny policy with a small whitelist of trusted sites to allow execution of active content from.

    NoScript will also defend against common web bugs, which are often embedded into a site or email to check if the user visited a specific page or viewed a particular electronic mail. This is possible due to the web bug being downloaded off a third-party server, thus notifying the server that you had to visit a page or open an email to initiate said download.

    Once installed you will see a large new panel at the bottom of your browser when you navigate to a web site. You may also notice a lot of the functionality of the site is missing. To correct this you simply click on the Options... button and allow sites that you trust. Once added, the page will reload and the site will load normally from now on.

    You may also choose allow one script on a specific page to load and nothing else, on a temporary basis. If you see a place on the site that is replaced by the NoScript icon, you may click on it to execute the content. This is great when you want to watch a video from a web site that might want you to also hear annoying flash-based ads while the video plays.

    Request Policy (https://addons.mozilla.org/en-US/firefox/addon/9727/) will enable you to control how cross-site requests are handled by websites. Cross-site requests are requests that your browser is told to make by a website you are visiting to a completely different website. It works by disallowing all cross-site requests by default. The user can then create a whitelist of trusted websites that may deploy cross-site requests for legitimate reasons.

    Ghostery (https://addons.mozilla.org/en-US/firefox/addon/9609/) will block over 200 web bugs and tracking services. You can use Ghostery to see a list of known web bugs/tracking services, and choose which ones to block.

    Privacy Enhanced Proxy:

    Privoxy (http://www.privoxy.org/) is a privacy enchanced proxy that will transparently filter out junk while you surf the web. By default it will filter out advertisements, web bugs, script abuse, html tag abuse, and much more! It is a wonderful way to ensure anything missed by your other layers of security will filtered through this proxy.

    Installing Privoxy:

    To install Privoxy simply issue this command inside of the terminal:
    Code:
    sudo apt-get install privoxy
    By default Privoxy is set to only listen on the localhost, so you do not have to worry about remote computers connecting to your proxy and using it to surf the web. It will only be available to your computer unless you configure it differently. You may verify the default functionality by checking the configuration file and ensuring the listen-address variable is set to localhost:8118

    Open the configuration file in GEdit:
    Code:
    sudo gedit /etc/privoxy/config
    Ensure the listen-address is set accordingly:
    Code:
    listen-address  localhost:8118
    Tip: listen-address 127.0.0.1:8118 is also acceptable

    Basic Configuration:

    Now direct all HTTP traffic through your local proxy by going to Edit -> Preferences -> Advanced and click on the Settings button. Now check the Manual proxy configuration option. Set the HTTP Proxy to 127.0.0.1 and Port to 8118. You may also do this for SSL traffic if you wish. Once finished, your configuration should look like:



    If you would like to configure Privoxy and use many of its great features then I would suggest checking out the online manual (http://www.privoxy.org/user-manual/index.html).

    Ad Blocking

    AdBlock Plus (https://addons.mozilla.org/en-US/firefox/addon/1865) uses an extentsive database of known advertisements and prevents them from loading. This will also help your favorite sites load faster, because you no longer have to wait on the ad servers before the page loads!

    Optimize Google (https://addons.mozilla.org/en-US/firefox/addon/52498/) can be used to enable or disable various site options for Google. This includes being able to disable advertisements, prevent spam, and just allows for a more complete Google experience in general.

    Another method for blocking known malicious sites and annoying ads is by using a hosts file (http://www.mvps.org/winhelp2002/hosts.htm). This will redirect all known bad sites to localhost or 0.0.0.0 and prevent them from loading. If you would like more information regarding the installation of a hosts file then please review: http://ubuntuforums.org/showthread.php?t=241460#2

    Phishing Protection

    Web of Trust (https://addons.mozilla.org/en-US/firefox/addon/3456) warns you about risky sites that cheat customers, deliver malware or send spam. Millions of members of the WOT community rate sites based on their experience, giving you an extra layer of protection when browsing or searching the Web.

    WOT will go a long way to help you identify web sites that have been known to be malicious in one way or another. It will simply add an icon next to your address bar that will indicate the web sites integrity by chaning colors. Green means it is trusted, orange means it is questionable and red means it is dangerous.

    App Armor

    In Ubuntu 9.10 and above, you can utilize an App Armor profile for Firefox to increase your security. You may enable this feature by opening a terminal an executing the following command:

    Code:
    sudo aa-enforce /etc/apparmor.d/usr.bin.firefox-3.5
    Facebook Related

    Facebook Beacon Blocker
    (https://addons.mozilla.org/en-US/firefox/addon/10497) will disable the infamous web bug that the company deploys to track user statistics and usage across the Internet. Many of us who value our privacy will find this addon very useful.
    Last edited by ooVoh9em; June 22nd, 2010 at 01:49 AM.

  2. #2
    Join Date
    Apr 2007
    Location
    @ ~/
    Beans
    Hidden!
    Distro
    Ubuntu 10.04 Lucid Lynx

    Re: Hardening Firefox

    Thank you very much for the tutorial. It adds nicely to the one in my sig by bodhi.zazen

    Do you mind if I add it to my sig also?

    Marco.

  3. #3
    Join Date
    Nov 2006
    Beans
    22

    Re: Hardening Firefox

    Feel free to add it to your signature. I do not mind at all.

  4. #4
    Join Date
    Apr 2007
    Location
    @ ~/
    Beans
    Hidden!
    Distro
    Ubuntu 10.04 Lucid Lynx

    Re: Hardening Firefox

    Thank you.

  5. #5
    Join Date
    Feb 2009
    Location
    England
    Beans
    645
    Distro
    Xubuntu 9.10 Karmic Koala

    Re: Hardening Firefox

    Hi,

    As regards Phishing I use WoT (Web of Trust) as recommended above. I also use OpenDNS. Additionally, my understanding is that IE8 and some versions of Firefox have settings to protect against Phishing.

    My regards

  6. #6
    Join Date
    Jan 2010
    Location
    Hyperborea
    Beans
    2,052
    Distro
    Ubuntu 16.04 Xenial Xerus

    Cool Re: Hardening Firefox

    What version of Firefox are you referring to? I just installed Ubuntu 9.10 and it has FireFox version 3.5.7 In the past I have disabled third party cookies but in this version it seems impossible. See the attached screenshot. Have I missed something?
    Attached Images Attached Images

  7. #7
    Join Date
    Nov 2006
    Beans
    22

    Re: Hardening Firefox

    Quote Originally Posted by coldraven View Post
    What version of Firefox are you referring to? I just installed Ubuntu 9.10 and it has FireFox version 3.5.7 In the past I have disabled third party cookies but in this version it seems impossible. See the attached screenshot. Have I missed something?
    Where it says: Firefox will: Remember history you want to change that to Firefox will: Use custom settings for history. You will then be able to modify cookie settings.

    Quote Originally Posted by Sir Jasper View Post
    Hi,

    As regards Phishing I use WoT (Web of Trust) as recommended above. I also use OpenDNS. Additionally, my understanding is that IE8 and some versions of Firefox have settings to protect against Phishing.

    My regards
    I forgot to mention OpenDNS. I will make sure to add it to the guide very soon. Thank you for reminding me.
    Last edited by ooVoh9em; January 10th, 2010 at 09:01 AM.

  8. #8
    Join Date
    Feb 2009
    Location
    England
    Beans
    645
    Distro
    Xubuntu 9.10 Karmic Koala

    Re: Hardening Firefox

    Hi again,

    After checking back on what I read some months ago: Firefox 3.5 (and above) > Tools > Options > Security > Block reported web forgeries; is (presumably) an anti-phishing option?

    As regards OpenDNS I used browser level protection but there is an alternative option to set it at router level. Also, there are numerous protection options (some of which gave[me]strange results) so I only use the anti-phishing option (which, from memory, does not even need free registration).

    My regards

  9. #9
    Join Date
    Jan 2008
    Location
    USA
    Beans
    971
    Distro
    Ubuntu 12.04 Precise Pangolin

    Re: Hardening Firefox

    You forgot AppArmor. It's probably the best hardening tool of all for Firefox (and for any network facing app).

  10. #10
    Join Date
    Jan 2010
    Beans
    190

    Re: Hardening Firefox

    Quote Originally Posted by rookcifer View Post
    You forgot AppArmor. It's probably the best hardening tool of all for Firefox (and for any network facing app).
    Not to detract from the momentum of this thread but how much protection does the default apparmor profile for firefox 3.5.5 provide?

Page 1 of 3 123 LastLast

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •