Task 7.13: Using Force-TLS to Add Security to Web Browsing

Sidejacking and sniffing are two big attack vectors that mobile Internet users must worry about. Most people think little about the security implications of checking the Internet at a coffee shop, airport, or even their favorite restaurant. As a security professional, you must understand the differences in secure and insecure protocols such as HTTP and TLS and be able to explain the dangers of using insecure protocols.

Scenario

Your organization is looking for low-cost solutions to help secure mobile users’ browsers. You have been asked to provide some potential security solutions.

Scope of Task

Duration

This task should take about 10 minutes.

Setup

For this task, you’ll need a Windows computer, access to the Administrator account, and an Internet connection.

Caveat

While encryption adds an addition layer of protection, there is a small cost in performance as additional overhead has been added.

Procedure

In this task, you will learn how to use the Force-TLS application.

Equipment Used

For this task, you must have:

  • A Windows XP, Windows Vista, or Windows 7 computer
  • Access to the Administrator account
  • An Internet connection
  • The Firefox web browser

Details

This task will show you how to install Force-TLS.

Using Hashing Algorithms

1. Download Force-TLS from https://addons.mozilla.org/en-US/firefox/addon/force-tls/. It is a browser add-on that can be installed into Firefox.

image

TLS and SSL both perform the same basic function; however, there are technical differences. While similar, TLS uses somewhat stronger encryption algorithms and has additional support for ports not found in SSL.

2. After clicking the Install Now button, you will be prompted to install Force-TLS.

image

3. After installation, you will be prompted to restart Firefox to finish the install process. Once the browser has been restarted, you can configure Force-TLS by choosing Tools ⇒ Force-TLS Configuration. For this example, the site www.facebook.com has been added.

image

4. Redirect your browser to www.twitter.com and then to www.facebook.com. Notice the extension for Twitter is HTTP while Facebook is now HTTPS.

image
image

Not all websites offer HTTPS as an option. Personal information, credit card numbers, or other sensitive information should never be entered on sites that are not HTTPS.

Criteria for Completion

You have completed this task when you have installed and configured Force-TLS.

..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.
Reset
18.224.51.77