Your Mac systems and software might be safe – until they connect to the Internet. Here are some tips for Firefox hardening in OS X.
While many enterprises and end-users turn to Apple over Windows based on Apple’s reputation for security, there is little doubt that the web is the primary point of infection for most Macs. Just a few years ago, using a Mac might have helped users avoid being targeted. But today, with the emergence of advanced persistent threats and highly-skilled, well-funded attack teams, the OS X environment is no longer safer than any other endpoint, especially through its browser.
Most enterprises have strong endpoint security strategy, but the traditional antivirus tools and routine security patching can’t stop custom malware and zero-day attacks that have not been previously detected. These types of attacks are increasingly becoming the norm and companies can’t train users to simply stay away from them - many infections are being carried by well-known, legitimate websites, and some don’t require users to open an attachment when they are compromised.
If enterprises are going to prevent – or at least mitigate – the threats posed by today’s attackers, careful consideration should be given to hardening the browser itself to reduce the likelihood of compromise from web-based attacks. Bishop Fox researchers have recently published a guide for hardening the Firefox browser for Mac users. This guide outlines experience-based advice designed to reduce your browser’s attack surface and lessen the effects of zero-day exploits.
Here are a few key points to keep in mind when considering OS X browser security:
1. Reduce your attack surface.
No matter which browser you choose, it will come with some vulnerabilities out of the box. Consider disabling plugins that users don’t need along with advertising networks that might carry malware.
2. Use browser extensions.
Some extensions can greatly improve device security. Some can even reconfigure the browser to report itself as a different version of OS, causing attackers to deploy the wrong exploit.
3. Limit the scope of potential damage.
Consider using sandboxing tools to isolate the browser from the rest of the OS X operating environment so that if an infection does occur, it will be kept in quarantine.
4. Train users to change their browsing habits.
Once you’ve hardened your browser, ensure that users only enter the web through the hardened version at all times. Teaching your Mac users to keep their passwords safe, and avoid using public Wi-Fi networks without a VPN can also reduce your risk of being infected.