• Skip to primary navigation
  • Skip to main content
  • Skip to footer

Cisco Umbrella

Enterprise network security

  • Free Trial
  • Contact us
  • Blog
  • Login
    • Umbrella Login
    • Cloudlock Login
  • Products
    • Product
      • Cisco Umbrella Cloud Security Service
      • Cisco Umbrella Investigate
      • Product Packages
      • Support Packages
    • Functionality
      • DNS-Layer Security
      • Secure Web Gateway
      • Cloud Access Security Broker (CASB)
      • Interactive Intelligence
      • Cloud-Delivered Firewall
    •  
    • Webinar signup
  • Solutions
    • By Need
      • Protect Mobile Users
      • Fast Incident Response
      • Web Content Filtering
      • Shadow IT Discovery & App Blocking
      • Unified Threat Enforcement
      • Reduce Security Infections
      • Secure Direct Internet Access
      • Securing Remote and Roaming Users
    • By Network
      • Protect Guest Wi-Fi
      • SD-WAN Security
      • Off-Network Endpoint Security
    • By Industry
      • Higher Education Security
      • K-12 Schools Security
      • Healthcare, Retail and Hospitality Security
      • Enterprise Cloud Security
      • Small Business Cybersecurity
      • Our Customers
      • Customer Stories
    • Ransomware Defense for Dummies book
  • Why Us
    • Fast Reliable Cloud
      • Cloud Security Infrastructure
      • Cloud Network Status
      • Cloud Network Activity
      • Recursive DNS Services
      • Top Reasons to Trial
      • Getting Started
    • Unmatched Intelligence
      • Cyber Attack Prevention
      • Interactive Intelligence
    • Extensive Integrations
      • IT Security Integrations
      • Hardware Integrations
      • Meraki Integration
      • Cisco SD-WAN
    • Navigation-dropdown-promo-free-trial_102820
  • Resources
    • Content Library
      • Top Resources
      • Analyst Reports
      • Case Studies
      • Customer Videos
      • Datasheets
      • eBooks
      • Infographics
      • Solution Briefs
    • International Documents
      • Deutsch/German
      • Español/Spanish
      • Français/French
      • Italiano/Italian
      • 日本語/Japanese
    • Cisco Umbrella Blog
      • Latest Posts
      • Security Posts
      • Research Posts
      • Threats Posts
      • Product Posts
      • Spotlight
    • For Customers
      • Support
      • Customer Success Hub
      • Umbrella Deployment Hub
      • Customer Success Webinars
      • What’s New
      • Cisco Umbrella Studio
  • Trends & Threats
    • Market Trends
      • Rise of Remote Workers
      • Secure Internet Gateway (SIG)
      • Secure Access Service Edge (SASE)
    • Security Threats
      • Ransomware
      • Cryptomining Malware Protection
      • Cybersecurity Threat Landscape
    •  
    • 2020 Cybersecurity trends
  • Partners
    • Channel Partners
      • Partner Program
      • Become a Partner
    • Service Providers
      • Secure Connectivity
      • Managed Security for MSSPs
      • Managed IT for MSPs
    •  
    • Become a partner
  • Free Trial Signup
  • Umbrella Login
  • Cloudlock Login
  • Contact Us
Security

3 Simple Steps towards Safer Browsing

By Kevin Bottomley
Posted on November 21, 2014
Updated on March 5, 2020

Share

Facebook0Tweet0LinkedIn0

Security in layersss

This blog was going to be a continuation of my last blog, “Does Your Domain Have Bad Neighbors?“, but instead I would like to take a few minutes to cover something else that people have been asking me about recently.  Often times I get questions along the lines of ‘What are some things I can do to help protect myself even more from security threats?”.
Security should be thought of in terms of layers. The more layers you add, the more you help to isolate yourself and mitigate potential attack vectors. With the recent uptick of malware using different means for delivery, including Malvertising (malicious advertising), drive-by downloads, and the use of TOR, it might be overwhelming to think of ways to protect yourself. There are a few small, simple tricks that I feel can help you focus your efforts to be most effective:

Ad-Block Pluslogo-adblock-plus

As you may have heard, the use of advertisements as a means for delivering malware has been increasing rapidly. The methods have slightly changed, however; while it is still highly recommended to avoid clicking away on random links, especially from unknown email senders, users can now be infected even without clicking recklessly.
Malvertising works by running malicious code when the advertisement loads in your browser, gathering all of the information it can and sending it back to a Command and Control server, where any number of exploit kits can be used to leverage a compromise of the client machine. Ad-Block does exactly as its name implies, blocking ads that are shown to visitors of web sites. While the vast majority of ads are safe, it’s that small percentile that causes the most headaches for users and System Administrators alike. OpenDNS took the stance of removing ads from its site back in June, which you can read more about here.

N0-Script722-64

Another extension I like to use is No-Script. No-Script is an extension for Firefox, but you can use JavaScript Blocker for Safari, and ScriptSafe for Chrome. All of these work in basically the same way—they only allow scripts, including JavaScript, Java, and Flash (all of which are common in leveraging compromises) to be executed with express permission from the user.
How does this help? Some compromised web pages will attempt to deliver what is known as a ‘drive-by download‘, which will attempt to look for possible vulnerabilities in a clients machine, deliver that information back to a server, and download the exploit kit, much in the same way that Malvertising works, minus the ads.
At first you might feel like your Internet experience is not the same, especially with so many sites that employ scripting to enhance user experience. No-Script offers you the option to allow sites you wholly trust to run, without having to allow the scripts every time. Globally allowing all scripts is highly discouraged.

Blocking TORv1_3126_Tor_project_logo

TOR is used by many people all over the world to add anonymity to their web browsing. This is especially helpful in places where the Internet is heavily censored, regimes that might be monitoring dissidents trying to get the word out about repressive actions taking place, and others who just want to keep their surfing habits private. Recently, however, certain variants of malware have started using TOR as a means to call out to the Command and Control servers to download more badness (read: CryptoWall 2.0). It does not seem to be that far fetched to think that other malware families might soon follow suit. Sometimes I come across rumors that TOR (The Onion Router) cannot be blocked. To a small extent, this is true. To a larger extent, it is not. Below are two simple curl commands you can use that download the IPs used by TOR. These IPs are updated daily, so setting a cronjob to run and download the lists is pretty easy. After downloading the IPs, they are written to two CSV files, one for all the IPs and the other for the exit nodes. These lists can then be added into your firewall rules. I would like to point out that this is by no means a cure-all to blocking TOR based sites, but does reduce the means for connection by dropping the attempts from either coming into or going out of the client system.

curl http://torstatus.blutmagie.de/ip_list_exit.php/Tor_ip_list_EXIT.csv > Tor_ip_list_EXIT.csv
curl http://torstatus.blutmagie.de/ip_list_all.php/Tor_ip_list_ALL.csv > Tor_ip_list_ALL.csv

The output will create these two files:

  • Tor_ip_list_EXIT.csv
  • Tor_ip_list_ALL.csv

Essentially what you are doing at this point is cutting off the call-out from a machine to the first entry point in the TOR relay circuits, preventing connections to be established. I should mention that while this will block malicious connections that use the TOR network, it will also cut off any legitimate web site that might be hosted on the same IP that is not a hidden service AND will prevent you from using TOR altogether.
Hopefully you find these three, yet significant, steps helpful to mitigating risk during your Internet experience.

Previous Post:

Previous Article

Next Post:

Next Article

Follow Us

  • Twitter
  • Facebook
  • LinkedIn
  • YouTube

Footer Sections

What we make

  • Cloud Security Service
  • DNS-Layer Network Security
  • Secure Web Gateway
  • Security Packages

Who we are

  • Cisco Umbrella Blog
  • Cloud Network Status
  • Cloud Network Activity
  • OpenDNS is now Cisco Umbrella

Learn more

  • Events
  • Careers
  • Support
  • Cisco Umbrella Live Demo
  • Contact Sales
Umbrella by Cisco
208.67.222.222+208.67.220.220
2620:119:35::35+2620:119:53::53
Sign up for a Free Trial
  • Cisco Online Privacy Statement
  • Terms of Service
  • Sitemap

© 2021 Cisco Umbrella