10 Steps to Optimize Mozilla Firefox for Google Apps Security
1. TEN STEPS TO OPTIMIZE MOZILLA FIREFOX
FOR GOOGLE APPS SECURITY
BACKUPIFY – APRIL 2012
2. 10 STEPS TO OPTIMIZE MOZILLA FIREFOX FOR GOOGLE APPS SECURITY
Backupify, Inc. 2
INTRODUCTION
Firefox has long been considered one of, if not the, most reliable and adaptable
browser available today, but that standing is easily undermined by insecure
browser settings and user preferences. When running a Software-as-a-Service
solution like Google Apps, lax browser security can prove fatal to a Google Apps
domain, and to your business. Below are 10 steps you take to maximize Firefox's
defenses against online threats and keep your Google Apps domain safe and
secure.
BROWSER SETTINGS
Firefox's reputation as a highly customizable browser is well earned, so your
Google Apps security measures should begin with the Firefox's internal settings.
1. Disable Advanced JavaScript
For absolute maximum security, you should disable JavaScript altogether, as
hackers can use it to execute a number of unscrupulous actions in your browser.
However, JavaScript is necessary to operate the interactive features of many online
applications, including portions of the Google Apps suite. The good news is Firefox
can disable only the more dangerous elements of JavaScript. Under the Content
Panel's Advanced JavaScript Settings, deselect the options to Move Or Resize
Existing Windows, Raise Or Lower Windows, and Disable Or Replace Context
Menus. This will prevent websites from opening hidden browser windows you can't
easily dismiss or control.
2. Set Custom Browser History Configuration
Firefox offers a Private Browsing Mode that prevents it from recording any
passwords, form autofill data, accepting cookies, or saving other history data. This
is prudent, as it prevents hackers from targeting your browser to obtain this access
information. You can permanently opt into Private Browsing mode by selecting
the Never Remember History option in the Privacy Panel, but the smarter move is
to configure a Custom History Setting. Within the Privacy Panel's Custom Settings
3. 10 STEPS TO OPTIMIZE MOZILLA FIREFOX FOR GOOGLE APPS SECURITY
Backupify, Inc. 3
For History section, deselect every option except Remember Download History.
This will ensure you have a record of any items downloaded — knowingly or
otherwise — but that any other history data (notably login information) won't be
saved in the browser.
3. Show the Downloads Window When Downloading Files
Some hyperlinks disguise malicious software downloads. Selecting the Show The
Downloads Window option in the General Options panel ensures that nothing gets
dropped on your hard drive without your knowledge.
4. Enable Security Warnings
Firefox provides a number of defenses and security warnings by default, but you
should be certain these options are enabled. Under the Security Panel, select
the Warn Me When Sites Try To Install Add-Ons, which will prevent any malware
disguised as video player plug-ins or game features from sneaking onto your
browser. Then select Block Reported Attack Sites and Block Reported Web
Forgeries, which are pretty self-explanatory.
5. Disable Password Storage
Storing passwords in your browser simply makes your passwords vulnerable to
browser attacks, putting your Google Apps account and domain at risk. While less
convenient, you should disable the password storage option.
6. Set Alerts for Offline Website Data Storage
Some websites will try to store data locally. Most of these requests are legitimate
— Google Apps can occasionally make them in relation to its Offline Mode — but
you should be aware when these requests are made. Under Firefox's Advanced
Panel's Network tab, select the Tell Me When A Website Asks To Store Data For
Offline Use option to ensure no offline data is saved without your knowledge and
permission.
4. 10 STEPS TO OPTIMIZE MOZILLA FIREFOX FOR GOOGLE APPS SECURITY
Backupify, Inc. 4
7. Automatically Install Updates
Keeping Firefox up to date means you'll always have the latest security patches
and defenses running on your browser. Under the Advanced Panel's Update tab,
select the Automatically Install Updates option and the related Warn Me If This
Will Disable Any Of My Add-Ons option. The former will keep you running the
latest version of Firefox; the latter will let you know if any of your security plug-ins
are incompatible with the latest Firefox update.
8. Enable Encryption
While selecting the SSL version of any website is prudent, Firefox can enforce the
use of the latest and most effective Secure Sockets Layer and related encryption
protocols at any HTTPS web address. Under the Advanced Panel's Encryption tab,
select the Use SSL 3.0 and Use TLS 1.0 options.
BROWSER ADD-ONS
Above and beyond Firefox's native security features, these add-ons impart some
much-needed defensive measures into your browser.
9. HTTPS Everywhere
Virtually every reputable website and web application offers an SSL version to
accommodate encrypted web communication, including Google Apps. This keeps
any data you share with the website — especially passwords — away from prying
eyes. The HTTPS Everywhere Firefox Add-On defaults you to the SSL version of any
website, making sure you don't accidentally opt for the less secure version.
10. NoScript
Even with Firefox's advanced JavaScript settings, you're still at risk from clickjacking
attacks. The NoScript add-on only allows JavaScript from trusted sites to run on
your browser. If they're not on the safe list, the site's script won't run, keeping
JavaScript fully at bay.