Web Browser Secure Settings

ITS Recommended Secure Browser Settings

Note: These settings have not been tested with the Campus Business Systems. Please contact their support for assistance.

It is becoming increasingly popular for attackers to compromise computers through vulnerable web browsers. An insecure web browser can lead to spyware being installed on your computer without your knowledge, attackers taking control of your computer, stealing your information, or even using your computer to attack other computers.

The set-up configuration for many web browsers is not secure by default. UCSC's IT Security Team recommends the following steps to help make your web browser more secure. These settings are especially important if you use your browser to access campus business systems, or if you use your browser to access, send or receive sensitive information.

Quick List:
(Instructions for all these settings are in the table below.)

  • Keep your browsers up to date (ITS supported software list)
  • Enable automatic updates for your browser
  • Block pop-ups, plug-ins and phishing sites
  • Set your browser not to store passwords. If you do store passwords in your browser, use a master password that conforms to the UCSC Password Standards. Please see below for restrictions for passwords that provide access to P3 or P4 sensitive data.
  • Disable third-party cookies
  • Browser-specific settings:
    • Firefox: install the uBlock Origin add-on
    • Safari: disable Java
    • IE: set up security zones

Important note: While making your browser more secure helps reduce the risk that someone will be able to use it to compromise your computer, it is still important to have safe computing habits so attackers get fewer chances to try. Don't click on unknown or unsolicited links or open unexpected attachments. Don't download files, programs or tools unless you are positive they are safe. Additional browser safety tools...

---

Choose your browser: Firefox, Safari, Edge, Internet Explorer or Google Chrome.


Firefox

Setting the default browser - For both Mac and PC - go to Firefox menu > Preferences (Mac) Options (PC) > General tab. Check the box “Always check to see if Firefox is default browser on startup”.

Auto-install updates - For both Mac and PC - go to Firefox menu > Preferences (Mac) Options (PC) General tab > Firefox Updates section. Select "Automatically install updates (Recommended)".

Block unwanted pop-ups - For both Mac and PC - go to Firefox menu > Preferences (Mac) Options (PC) > Privacy & Security > Permissions section. Check "Block pop-up windows".

Block unwanted add-ons - For both Mac and PC - go to Firefox menu > Preferences (Mac) Options (PC) > Privacy & Security > Permissions section. Check "Warn you when websites try to insall add-ons".

Don't save passwords - For both Mac and PC - go to Firefox menu > Preferences (Mac) Options (PC) > Privacy & Security > Browser Privacy section. Uncheck the "Ask to save logins and passwords for websites" box.

Using a master password - If you do save passwords, set a Master password so they aren't easily accessible to anyone with access to the system. For both Mac and PC - go to Firefox menu > Preferences (Mac) Options (PC) > Privacy & Security > Browser Privacy section. Check "Use a master password". Set a master password that is compliant with campus Password Standards Note: The master password setting is not appropriate for passwords that provide access to P3 or P4 sensitive data.

Java/javascript - Java is now disabled by default in Firefox, but can be activated for trusted sites. More info here.

Cookies and Site Data - For both Mac and PC - go to Firefox menu > Preferences (Mac) Options (PC) > Privacy & Security > CContent Blocking. Select "Custom" and set Cookies to block "Third-party trackers". Also place checks to block Cryptominers and Fingerprinters.

Tracking Protection - For both Mac and PC - go to Firefox menu > Preferences (Mac) Options (PC) > Privacy & Security > Content Blocking. Check "Always" under "Send websites a “Do Not Track” signal that you don’t want to be tracked".

Deceptive Content and Dangerous Software Protection - For both Mac and PC - go to Firefox menu > Preferences (Mac) Options (PC) > Privacy & Security > Security section. Check "Block dangerous and deceptive content", "Block dangerous downloads" and "Warn you about unwanted and uncommon software".

Firefox Data Collection and Use - For both Mac and PC - go to Firefox menu > Preferences (Mac) Options (PC) > Privacy & Security > Firefox Data Collection and Use section. Uncheck "Allow Firefox to send technical and interaction data to Mozilla", "Allow Firefox to install and run studies" and "Allow Firefox to send backlogged crash reports on your behalf".

Install uBlock Origin (Ad-blocker) - Add-ons > “uBlock Origin” by Raymond Hill

Safari (Mac)

Setting the default browser - Go to Safari menu > Preferences > General tab and click the "Set Default..." button.

Auto-download updates - Updates for Safari are handled by System Preferences > Software Update located under the Apple menu. Set to Daily updates.

Block unwanted pop-ups - Go to Safari menu > Preferences > Websites tab, click "Pop-up Windows" from the left-hand pane and set "When visiting other websites:" to "Block and Notify".

Block unwanted plugins/phishing - Go to Safari menu > Preferences > Websites tab and uncheck undesired installed plug-ins in the left-hand pane.

Set your browser to not set passwords - Go to Safari menu > Preferences > AutoFill tab and uncheck the "User names and passwords" box.

Java/javascript and Fraudulent Websites - Go to Safari menu > Preferences > Security tab and place a check to enable "Warn when visiting a fraudulent website" and a check to "Enable JavaScript".

Privacy - Go to Safari menu > Preferences > Privacy tab and select "Prevent cross-site tracking".

Open "safe" files after downloading - Go to the Safari menu > Preferences > General tab. Uncheck the box that says "Open "safe" files after downloading".

Edge (PC & Mac)

Block Pop-ups - Settings > Site Permissions > Popups and redirects > Blocked

Turn off Flash - Settings > Site Permissions > Use Adobe Flash Player > OFF

Cookies - Settings > Site Permissions > Cookies and site data > Block third party cookies > ON

Passwords - Settings > Profiles > Passwords > Offer to save passwords > OFF

Payment Info - Settings > Profiles > Payment Info > Save and fill payment info > OFF

Autofill Forms - Settings > Profiles > Addresses and more > Save and fill addresses > OFF

Tracking Prevention - Settings > Privacy, search, and services > BALANCED

Search and Site Suggestions - Settings > Privacy, search, and services > Address bar and search > Show me search and site suggestions using my typed characters > OFF

Microsoft Defender Smartscreen - Settings > Privacy, search, and services > Microsoft Defender Smartscreen > ON

Internet Explorer (PC)

Setting the default browser - ITS recommends that IE is not used as the default browser. However, you can still use IE to connect to campus systems, without having it set as the default.

Auto-download updates - Updates for Internet Explorer are handled by Windows Update located in Control Panels. Set to Daily updates.

Block unwanted pop-ups - Go to Tools menu > Internet Options > Privacy tab and set the slider to MEDIUM. Check the "turn on pop-up blocker” box.

Block unwanted plugins - Go to Tools menu > Internet Options > Advanced tab and scroll down to Multimedia. Uncheck Play animations” and “Play sounds” in webpages if they are checked.

Set your browser to not set passwords - Go to Tools menu > Internet Options > Content tab and click the AutoComplete Settings button and uncheck the "user names and passwords..." box.

Using a master password - IE doesn't have a master password function, but you should disable the auto-complete function for passwords. See the section above. Note: The master password setting is not appropriate for passwords that provide access to P3 or P4 sensitive data. See the campus Password Standards for additional information and alternatives.

Java/javascript - Java is handled with Security Zones in IE. See the Additonal suggestions below.

Handling cookies* - Go to Tools menu > Internet Options > Privacy tab and click the “Advanced” button. Check the “Override” box and the “Accept” button for First-party cookies and “Prompt” button for Third-party cookies. The “Always allow…” button should not be checked. Click OK. When done, click the Apply button.

Disable ActiveX FilteringOpen IE, press the Alt key, open the Tools menu, and click ActiveX Filtering, if it isn’t already checked.

Additional suggestions - IE has security zones that can be set up for different levels of protection. In the Help menu, type"zones" and choose Change IE Security Settings. ITS recommends setting the Internet Security Zone to HIGH. You can also identify "trusted sites" and set those to MEDIUM-HIGH.

Google Chrome

Accessing Settings in Chrome - From the right-most menu, select Settings:

chrome-settings.png


Setting the default browser - Go to Settings and click the "Make Google Chrome My Default Browser" button.

Auto-download updatesTo make sure that you're protected by the latest security updates, Google Chrome automatically updates whenever it detects that a new version of the browser is available. The update process happens in the background and doesn't require any action on your part.

Block unwanted pop-ups - Go to Settings > Advanced > Content Settings > Pop-up and redirects and turn on "Blocked" under Pop-ups and redirects".

Block unwanted plugins - Go to Settings > Advanced > Content Settings > Unsandboxed plugin access and turn on "Ask when a site wants to use a plugin to access your computer (recommended)".

Do not save passwords - Go to Settings > Passwords and turn off "Offer to save passwords.

JavaScript - Go to Settings > Advanced > Content Settings > JavaScript and turn on "Allowed (recommended)".

Handling cookies* - Go to Settings > Advanced > Content Settings > Cookies > and turn on "Allow sites to save and read cookie data (recommended)", and "Block third-party cookies".

Make Flash ask for permission - Go to Settings > Advanced > Content Settings > Flash > and turn on "Ask first (recommended)".

Automatic Downloads - Go to Settings > Advanced > Content Settings > Automatic downloads and turn on "Ask when a a site tries to download files after the firest file (recommended)".

Camera Access - Go to Settings > Advanced > Content Settings > Camera and turn on "Ask before accessing (recommended)".

Microphone Access - Go to Settings > Advanced > Content Settings > Microphone and turn on "Ask before accessing (recommended)".

Install uBlock Origin (Ad blocking) - uBlock Origin by Raymond Hill

(*Cookies are little files that web sites leave on your computer to remember settings, login credentials or any other information that your computer needs to make the user experience a bit better. Cookies are generally harmless, but they can be used to track your Internet usage, which is a privacy issue. In general, you probably don't want Internet sites tracking everything you are doing, so it's a good idea to block cookies where appropriate to maintain privacy.)


How to install security add-ons for Firefox:

For both Mac and PC - click the "hamburger" menu icon hamburger.png and select "Add-ons". Click "Find more add-ons". Type in "uBlock Origin" and click "Add to Firefox". You will be prompted to grant the listed permissions to the add-on. Click "Add".

----

Google's Safe Browsing Tool: This tool lets you see whether Google has flagged a website as dangerous to visit. (more info...)

See Also