• Skip to primary navigation
  • Skip to main content
  • Skip to footer

Cisco Umbrella

Enterprise network security

  • Contact Sales
  • Login
    • Umbrella Login
    • Cloudlock Login
  • Why Us
    • Why Cisco Umbrella
      • Why Try Umbrella
      • Why DNS Security
      • Why Umbrella SASE
      • Our Customers
      • Customer Stories
      • Why Cisco Secure
    • Fast Reliable Cloud
      • Global Cloud Architecture
      • Cloud Network Status
      • Global Cloud Network Activity
    • Unmatched Intelligence
      • A New Approach to Cybersecurity
      • Interactive Intelligence
      • Cyber Attack Prevention
      • Umbrella and Cisco Talos Threat Intelligence
    • Extensive Integrations
      • IT Security Integrations
      • Hardware Integrations
      • Meraki Integration
      • Cisco Umbrella and SecureX
  • Products
    • Cisco Umbrella Products
      • Cisco Umbrella Cloud Security Service
      • Recursive DNS Services
      • Cisco Umbrella SIG
      • Umbrella Investigate
      • What’s New
    • Product Packages
      • Cisco Umbrella Package Comparison
      • – DNS Security Essentials Package
      • – DNS Security Advantage Package
      • – SIG Essentials Package
      • – SIG Advantage Package
      • Umbrella Support Packages
    • Functionality
      • DNS-Layer Security
      • Secure Web Gateway
      • Cloud Access Security Broker (CASB)
      • Cloud Data Loss Prevention (DLP)
      • Cloud-Delivered Firewall
      • Cloud Malware Protection
      • Remote Browser Isolation (RBI)
    • Man on a laptop with headphones on. He is attending a Cisco Umbrella Live Demo
  • Solutions
    • SASE & SSE Solutions
      • Cisco Umbrella SASE
      • Secure Access Service Edge (SASE)
      • What is SASE
      • What is Security Service Edge (SSE)
    • Functionality Solutions
      • Web Content Filtering
      • Secure Direct Internet Access
      • Shadow IT Discovery & App Blocking
      • Fast Incident Response
      • Unified Threat Management
      • Protect Mobile Users
      • Securing Remote and Roaming Users
    • Network Solutions
      • Guest Wi-Fi Security
      • SD-WAN Security
      • Off-Network Endpoint Security
    • Industry Solutions
      • Government and Public Sector Cybersecurity
      • Financial Services Security
      • Cybersecurity for Manufacturing
      • Higher Education Security
      • K-12 Schools Security
      • Healthcare, Retail and Hospitality Security
      • Enterprise Cloud Security
      • Small Business Cybersecurity
  • Resources
    • Content Library
      • Top Resources
      • Cybersecurity Webinars
      • Events
      • Research Reports
      • Case Studies
      • Videos
      • Datasheets
      • eBooks
      • Solution Briefs
    • International Documents
      • Deutsch/German
      • Español/Spanish
      • Français/French
      • Italiano/Italian
      • 日本語/Japanese
    • Security Definitions
      • What is Secure Access Service Edge (SASE)
      • What is Security Service Edge (SSE)
      • What is a Cloud Access Security Broker (CASB)
      • Cyber Threat Categories and Definitions
    • For Customers
      • Support
      • Customer Success Webinars
      • Cisco Umbrella Studio
  • Trends & Threats
    • Market Trends
      • Hybrid Workforce
      • Rise of Remote Workers
      • Secure Internet Gateway (SIG)
    • Security Threats
      • How to Stop Phishing Attacks
      • Malware Detection and Protection
      • Ransomware is on the Rise
      • Cryptomining Malware Protection
      • Cybersecurity Threat Landscape
      • Global Cyber Threat Intelligence
    •  
    • Woman connecting confidently to any device anywhere
  • Partners
    • Channel Partners
      • Partner Program
      • Become a Partner
    • Service Providers
      • Secure Connectivity
      • Managed Security for MSSPs
      • Managed IT for MSPs
    •  
    • Person looking down at laptop. They are connecting and working securely
  • Blog
    • News & Product Posts
      • Latest Posts
      • Products & Services
      • Customer Focus
      • Feature Spotlight
    • Cybersecurity Posts
      • Security
      • Threats
      • Cybersecurity Threat Spotlight
      • Research
    •  
    • Register for a webinar - with illustration of connecting securely to the cloud
  • Contact Us
  • Umbrella Login
  • Cloudlock Login
  • Free Trial
Security

3 Simple Steps towards Safer Browsing

Author avatar of Kevin BottomleyKevin Bottomley
Updated — March 5, 2020 • 4 minute read
View blog >

Security in layersss

This blog was going to be a continuation of my last blog, “Does Your Domain Have Bad Neighbors?“, but instead I would like to take a few minutes to cover something else that people have been asking me about recently.  Often times I get questions along the lines of ‘What are some things I can do to help protect myself even more from security threats?”.
Security should be thought of in terms of layers. The more layers you add, the more you help to isolate yourself and mitigate potential attack vectors. With the recent uptick of malware using different means for delivery, including Malvertising (malicious advertising), drive-by downloads, and the use of TOR, it might be overwhelming to think of ways to protect yourself. There are a few small, simple tricks that I feel can help you focus your efforts to be most effective:

Ad-Block Pluslogo-adblock-plus

As you may have heard, the use of advertisements as a means for delivering malware has been increasing rapidly. The methods have slightly changed, however; while it is still highly recommended to avoid clicking away on random links, especially from unknown email senders, users can now be infected even without clicking recklessly.
Malvertising works by running malicious code when the advertisement loads in your browser, gathering all of the information it can and sending it back to a Command and Control server, where any number of exploit kits can be used to leverage a compromise of the client machine. Ad-Block does exactly as its name implies, blocking ads that are shown to visitors of web sites. While the vast majority of ads are safe, it’s that small percentile that causes the most headaches for users and System Administrators alike. OpenDNS took the stance of removing ads from its site back in June, which you can read more about here.

N0-Script722-64

Another extension I like to use is No-Script. No-Script is an extension for Firefox, but you can use JavaScript Blocker for Safari, and ScriptSafe for Chrome. All of these work in basically the same way—they only allow scripts, including JavaScript, Java, and Flash (all of which are common in leveraging compromises) to be executed with express permission from the user.
How does this help? Some compromised web pages will attempt to deliver what is known as a ‘drive-by download‘, which will attempt to look for possible vulnerabilities in a clients machine, deliver that information back to a server, and download the exploit kit, much in the same way that Malvertising works, minus the ads.
At first you might feel like your Internet experience is not the same, especially with so many sites that employ scripting to enhance user experience. No-Script offers you the option to allow sites you wholly trust to run, without having to allow the scripts every time. Globally allowing all scripts is highly discouraged.

Blocking TORv1_3126_Tor_project_logo

TOR is used by many people all over the world to add anonymity to their web browsing. This is especially helpful in places where the Internet is heavily censored, regimes that might be monitoring dissidents trying to get the word out about repressive actions taking place, and others who just want to keep their surfing habits private. Recently, however, certain variants of malware have started using TOR as a means to call out to the Command and Control servers to download more badness (read: CryptoWall 2.0). It does not seem to be that far fetched to think that other malware families might soon follow suit. Sometimes I come across rumors that TOR (The Onion Router) cannot be blocked. To a small extent, this is true. To a larger extent, it is not. Below are two simple curl commands you can use that download the IPs used by TOR. These IPs are updated daily, so setting a cronjob to run and download the lists is pretty easy. After downloading the IPs, they are written to two CSV files, one for all the IPs and the other for the exit nodes. These lists can then be added into your firewall rules. I would like to point out that this is by no means a cure-all to blocking TOR based sites, but does reduce the means for connection by dropping the attempts from either coming into or going out of the client system.

curl http://torstatus.blutmagie.de/ip_list_exit.php/Tor_ip_list_EXIT.csv > Tor_ip_list_EXIT.csv
curl http://torstatus.blutmagie.de/ip_list_all.php/Tor_ip_list_ALL.csv > Tor_ip_list_ALL.csv

The output will create these two files:

  • Tor_ip_list_EXIT.csv
  • Tor_ip_list_ALL.csv

Essentially what you are doing at this point is cutting off the call-out from a machine to the first entry point in the TOR relay circuits, preventing connections to be established. I should mention that while this will block malicious connections that use the TOR network, it will also cut off any legitimate web site that might be hosted on the same IP that is not a hidden service AND will prevent you from using TOR altogether.
Hopefully you find these three, yet significant, steps helpful to mitigating risk during your Internet experience.

Suggested Blogs

  • Cisco Umbrella Delivered Better Cybersecurity and 231% ROI February 21, 2023 2 minute read
  • Cisco Listed as a Representative Vendor in Gartner® Market Guide for Single-Vendor SASE January 26, 2023 3 minute read
  • How to Evaluate SSE Vendors: Questions to Ask, Pitfalls to Avoid June 23, 2022 5 minute read

Share this blog

FacebookTweetLinkedIn

Follow Us

  • Twitter
  • Facebook
  • LinkedIn
  • YouTube

Footer Sections

What we make

  • Cloud Security Service
  • DNS-Layer Network Security
  • Secure Web Gateway
  • Security Packages

Who we are

  • Global Cloud Architecture
  • Cloud Network Status
  • Cloud Network Activity
  • OpenDNS is now Umbrella
  • Cisco Umbrella Blog

Learn more

  • Webinars
  • Careers
  • Support
  • Cisco Umbrella Live Demo
  • Contact Sales
Umbrella by Cisco
208.67.222.222+208.67.220.220
2620:119:35::35+2620:119:53::53
Sign up for a Free Trial
  • Cisco Online Privacy Statement
  • Terms of Service
  • Sitemap

© 2023 Cisco Umbrella