Secure Browsing: My Personal Journey
Infosec writer Miguel A. Calles shares his journey to secure web browsing and a review on a service that helped him achieve his browsing strategy with remote browser isolation.
A few years ago I was really paranoid about web browsing. I read about drive-by downloads, ransomware, viruses, cyber espionage, and more. The web seemed like a good neighborhood turned wrong with danger lurking every corner. I decided to come up with a strategy for browsing the internet securely.
Strict Security Principles in Practice
I have a friend who is very careful about his web browsing. He clears his cache after every web session, even on his own personal computer. He uses a web firewall plugin for Firefox to avoid turning on unneeded JavaScript plugins. He is an epitome of a security engineer who practices his skills even in his personal life. Although I too was a participant in the security field, I was not willing to invest as much time to extreme security in my own web browsing.
My Personal Strategy
I instead decided to purpose computers to do different things. I had a laptop for paying bills and doing my online banking. I used a virtual machine running a live Linux operating system to browse web sites. I had another with no personal files just to watch online videos. Of course, I had my work computer to do my work. This seemed a little annoying and a little costly, but it helped me mitigate risks as long as I stayed disciplined.
As time passed, I realized it become challenging to stay disciplined. I would need to wait until I got home from work to check the balance of my checking account. I could not use YouTube or Netflix while I grudgingly paid my bills. Sometimes I would review my online financial statements from the wrong machine. My good intentions went by the wayside.
Attempting to Build a Better Experience
I resolved to solve this by creating a more secure web browsing experience. I liked having a virtual machine which would retain nothing about the web browsing history and any files from the operating system itself. If only I could replicate this experience in a much easier to use version. Rather than having to spin up a virtual machine, wait for the live operating system to load, log in, install any necessary software packages not part of the default system, and, finally, open a web browser, I resolved to have the browser already be ready to run.
I explored using containers. A container is like a virtual machine running a live operating system. Right? I soon came to realize a container has no display and exporting the display would require a cumbersome setup to export the graphical display to a Windows machine. Why was it so complicated to have a secure web browsing experience?
The problem seemed more complicated than it was worth it. I decided it was easier just to stay disciplined in my web browsing habits.
My Ideal Solution Now Exists
Three years later I learned about a startup called WEBGAP who was building a better approach to secure web browsing. This company isolates the web browsing experience from the machine. That is what I was hoping to do with virtual machines and containers. They achieved a more ideal solution. It renders the web page on their servers, filters out any notorious content, and sends the rendering to your own web browser. Why did I not think about that?
I no longer have to wait for a virtual machine to boot or to connect to a container. I can simply open my web browser, use the service, and the web site loads as if I navigated to it directly. Neat!
This service allows me to improve my secure web browsing experience. I can use the native browser to log into my sensitive accounts, e.g., banking sites, and use this service for anything else. Now I can browse the web with greater confidence by having a potentially insecure web site in one tab while having my banking web site in another.
The remote browser isolation service provides benefits my own previous attempts failed to do:
- It allows for highlighting the text and copying it into the clipboard.
- It securely downloads files into my download folder.
- It prevents right-clicking (in the desktop version), which prevents me from opening another browser tab without the remote browser isolation service running.
- It stops any malicious files at their servers, which means malware will not spread to other computers on my network.
- It protected me from logging into a web site where the domain was different than the page where I entered my credentials.
This technology should have been invented decades ago.
Conclusion
I am excited about using a remote browser isolation service to secure my web browsing. Whether or not you decide to use this service, I advise you to define your own secure web browsing strategy. Consider using the Batman threat model to determine what needs protecting and how you will achieve it.
Disclosure: The company gave me a free trial, but did not ask me to write this post.
Before You Go
A Note from the Author
Join my mailing list to get updates on my writings, my short stories, my upcoming books, and cybersecurity news. Visit https://goo.gl/forms/mtdRcj3vDJF3qkGo1 to join.
Stay secure, Miguel