Results 1 to 10 of 62

Thread: How to Secure Firefox

Threaded View

  1. #1
    Join Date
    Apr 2006
    Location
    Montana
    Beans
    Hidden!
    Distro
    Kubuntu Development Release

    Thumbs down How to Secure Firefox

    How to Secure Firefox



    Intro: What we are going to do is secure Firefox by blocking cookies and Java, then adding only trusted sites via a "White List" (White list = exceptions).

    bodhi.zazen: Updated 1/12/1010

    Contents:
    1. Adblock.
    2. Cookies.
    3. Customize Google.
    4. Java/Flash (NoScript).
    5. Phishing.
    6. Secure private data.
    7. Write an Apparmor Profile.
    8. Using Firefox, ie how to generate white lists.


    Appendix:
    • Surf Anonymously ~ Privoxy/TOR
    • Other Privacy issues



    Adblock

    We have three options here, Hosts file, Firefox extensions, or proxy servers.

    1. Hosts file. I prefer a hosts file as it protects more then just Firefox.

      Here is how I do a hosts file : http://ubuntuforums.org/showthread.php?t=241460#2

      Direct link to hosts file
    2. Firefox extension : Adblock Plus
    3. Proxy servers. Proxy servers may be used to increase privacy as well (see TOR) and come in several flavors, caching and non-caching. In general, caching is not needed as Firefox uses it's own cache. Configuration of each and every proxy server and configuring a firewall so that a proxy as "transparent" is beyond this post (transparent means you have configured your network so that users do not have to manually configure Firefox and in general involve a hardware firewall + a squid server).

      As an example See here

      IMHO, for single user desktops, I advise Adblock Plus.
      IMHO, in a multi user environment or on a LAN, I advise a proxy server.
      1. Privoxy is a very popular option.
        Code:
        sudo apt-get install privoxy
        Privoxy is fast, light, and has adblocking "built in". See "bfilter" below for how to configure Firefox to use a proxy.
      2. Bfilter. As of Ubuntu 9.10 bfilter is no longer supported in the ubuntu repositories. You may still install bfilter using Autopackage. Autopackage installs the bfilter-gui.

        Bfilter runs on windows as well (portable, nice when you are using a guest computer).

        Bfilter is easy to install and configure.
        Code:
        sudo apt-get install bfilter
        To configure, open Firefox preferences -> Advanced tab -> Network tab -> now click the "settings" box. Use 127.0.0.1 port 8080 as a proxy (see screen shot)

      3. Squid. Squid can be used for adblocking and has several advanced features. See also DansGuardian.



    If you need a few pointers on Dansguardian or configuring an invisible proxy, see also :

    How to transparent proxy

    Web content filtering made easy


    Cookies

    Go to your Firefox menu -> Preferences -> Privacy Tab

    UNSELECT "Accept cookies from sites"

    All cookies are now blocked.

    Flash manages cookies directly. To manage flash cookies : http://www.macromedia.com/support/do...manager02.html

    ~ Thanks benny bronx


    Javascript/Flash

    Javascript/Flash are a cross platform programing languages commonly used on the web. They add functionality, but also allow browser hijacks.

    Install NoScript

    To configure, right click on the NoScript icon (lower right) and select options.


    Optimize Google

    That's right, google is feeding you adds

    Install this extension.

    Optimize Google

    Then :

    Tools -> Optimize Google Options

    Go through each category on the Left and tic off "Remove Adds" (and anything else you might like).

    Another great extension (IMO) is googleefree . This is not really an extension, it is a google search bar that excludes Expert Exchange (that annoying service you have to join to see solutions).


    Phishing

    Phishing is, in a nut shell, spoofing a web site or an attempt to fool users to divulge personal information.

    Wikipedia Phishing

    There are several Firefox extensions to consider, Web of Trust is one example.

    Web of Trust


    Secure Private Data

    1. Go to your Firefox menu -> Preferences -> Security Tab

      Set a "Master Password". This will protect others from displaying your passwords. If you have a sensitive password like to the Ubuntu Forums or your Bank, BEST NOT TO STORE IT AT ALL.

      Hey, while you are there, check out the password strength meter.
    2. Install SafeHistory.

      Safe History functionality is built into Firefox 3.5.x and is configured under Options -> Privacy tab -> use custom settings (select this option from the pull down menu).

      You may also configure Firefox , in about:config, to disable the use of an offline cache.

      browser.cache.offline.capacity 0
      browser.cache.offline.enable false
    3. Install SafeCache to be safer against CSRF attacks.
    4. As of Firefox 3.5 there is an option for Private browsing


    ~ Thanks FaBi3ttO


    How to Whitelist

    OK, now you will likely find Firefox somewhat restrictive. The goal here is to allow "normal" functioning. In order to log into forums or your banking sites we need to allow Cookies and Java. We will do this ONLY for specific sites we trust via white lists.

    1. Cookies - Firefox options -> Privacy tab

      Copy the Ubuntu url from your browser : http://ubuntuforums.org/

      Go to "Cookies" -> click the "Exceptions" button -> paste ubuntu url -> click "Allow for session"

      For secure sites like Banking you will need to allow multiple url (https), usually one from the home page, then one from the log in page, and sometimes from the next page as well. So if you are having problems, keep adding url to the white list.
    2. Java - Right click on the NoScript icon -> Allow Ubuntu.com


    Repeat these steps until you have added your sites and have the functionality you need.


    Use Apparmor Profile

    As of Ubuntu 9.10 there is now a profile for Firefox. It is disabled by default, to enable it use the command :

    Code:
    sudo aa-enforce /etc/apparmor.d/usr.bin.firefox-3.5
    The default profile may be a bit too permissive in allowing access to home directories so I advise you review it.

    Firefox profiles for older versions of Ubuntu can be found here

    Apparmor is beyond this thread, but see these two threads :

    [all variants] Introduction to AppArmor - Ubuntu Forums

    Share your AppArmor Profiles


    How to Surf Anonymously ~ Privoxy/TOR

    Privoxy / TOR can significantly increase your privacy, but at a cost of reduced speed. Please note however, that these services DO NOT offer complete anonymity.

    Ubuntu wiki TOR

    http://wiki.noreply.org/noreply/TheO...er/TorOnDebian

    If you use TOR and have the capacity, consider contributing a TOR server (a few more servers would speed things up for everyone).

    http://en.linuxreviews.org/HOWTO_setup_a_Tor-server

    Tor is not the only option, there are other privacy proxies available to a google search.

    Privacy

    Privacy is a separate but related issue and I added a page on my blog to get you stared:

    Internet Privacy



    Peace be with you,

    bodhi.zazen
    Last edited by bodhi.zazen; January 6th, 2011 at 08:25 PM.
    There are two mistakes one can make along the road to truth...not going all the way, and not starting.
    --Prince Gautama Siddharta

    #ubuntuforums web interface

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •