Chromium-based Edge gives enterprises the opportunity to standardize on one browser. Here are the key security settings you need to know. Credit: Urupong Getty / Microsoft I’m old enough to remember the screeching sound of a modem as it connected to the internet. Now we hold in our pockets more technology than I used with Netscape Navigator and Altavista to explore the World Wide Web, and web browsers have become the portal through which we access most of our critical apps and services. As we enter the era of cloud computing and the end of Adobe Flash, it’s time for enterprises to not only standardize on a web browser, but to ensure that your settings and deployments are secure as they can be.Standardizing on the Chromium-based Edge browserFor many years we’ve had to install multiple browsers because vendors did not support built-in browsers, or they targeted their applications for one browser. With Chrome-based Edge, it’s possible to go back to a single browser without your application ecosystem suffering ill effects.Microsoft has released a Security baseline for Microsoft Edge version 85. It has also provided the Microsoft Security Compliance Toolkit 1.0, which includes information and recommendations. With this kit you can use Group Policy or scripts to better harden your Edge browser against threats. End use of SHA-1 signed certificatesOne new setting in the Edge version 85 kit, “Allow certificates signed using SHA-1 when issued by local trust anchors”, is deprecated (no longer under active development) but is needed to assist in the migration from SHA-1 signed certificates. Microsoft will remove this setting from the browser in mid-2021 and there will be no way to support SHA-1 signed certificates using Edge. Migrate away from SHA-1 as soon as you can as all the major browsers have dropped support. NIST deprecated SHA-1 in 2011 and Microsoft dropped it from Edge and Internet Explorer in 2017 because the hashing algorithm is susceptible to collision attacks that allow the creation of spoofed certificates.Define which external apps to launchThe baseline documentation also includes guidance for IT professionals to define browser-based applications that can launch an external application. For example, if your organization uses online Word, Excel or Teams, you can ensure that your users do not get a prompt, but rather the application will open. Define allowed and blocked extensionsYou can download Group Policy files and templates to better control the browser. For example, you can set policies for extensions such as “ExtensionInstallAllowlist” and “ExtensionInstallBlcoklist”. They control what extensions can or cannot be installed, respectively. This is similar to the group policy supported by Google Chrome. A blocklist value of ‘*’ means all extensions are blocked unless they are explicitly listed in the allowlist.In the Windows registry these are located at: SOFTWAREPoliciesMicrosoftEdgeExtensionInstallBlocklistYou then set the value name as numbers such as 1, 2 or 3 and set the name of the extension you want to block as a REG_SZ value. I recommend reviewing what extensions you want to install in Edge browser. Attackers or malicious advertisements often wiggle into systems through extensions. I’ve also seen extensions used to take over the default search engine. Establish a baseline of extensions that are allowed in your firm. Vet and approve third-party coded software extensions in a secure environment. Use SmartScreen settingsAnother key browser setting is SmartScreen, a Microsoft technology that scans websites to determine if they are secure. Microsoft reviews content on websites and reputation. It automatically provides the following protections in your browser:Anti-phishing and anti-malware supportReputation-based URL and app protectionOperating system integrationImproved heuristics and diagnostic dataManagement through Group Policy and Microsoft IntuneBlocking URLs associated with potentially unwanted applicationsInvestigate browser isolationThe US Cybersecurity and Infrastructure Security Agency (CISA) recommends investigating the use of browser isolation. This browser barrier creates a block between the browser and the operating system. All web traffic is untrusted. Rather than securing the browser on the workstation with Group Policy and other settings as noted in the security baseline, browser isolation sets up the ability to browse the internet in a remote session on a cloud deployment or server.Isolation technology is not new; it’s been more used by larger enterprises and government entities. Two technologies support browser isolation: Client-side browser isolation may not be as robust as server side browser isolation given that it does not provide air gapped or physical isolation. Software vulnerabilities in the operating system or the client-side browser technology could lead to exposure.Server-side browser isolation—or these days cloud-based browser isolation—puts an ultimate air gap between you and the web. Companies such as Webgap and Authentic8 allow you to have a complete barrier between your users and their browsing experience, as do other vendors. Related content news CISA, FBI urge developers to patch path traversal bugs before shipping The advisory highlights how developers can follow best practices to fix these vulnerabilities during production. By Shweta Sharma May 03, 2024 3 mins Vulnerabilities news Microsoft continues to add, shuffle security execs in the wake of security incidents The company has appointed new product security chiefs as well as a customer-facing CISO as it continues to respond to high-profile attacks on its products and own network. By Elizabeth Montalbano May 03, 2024 4 mins CSO and CISO feature Malware explained: How to prevent, detect and recover from it What are the types of malware? How does malware spread? How do you know if you’re infected? We've got answers. By Josh Fruhlinger May 03, 2024 18 mins Ransomware Phishing Malware brandpost Sponsored by Cyber NewsWire LayerX Security Raises $26M for its Browser Security Platform, Enabling Employees to Work Securely from Any Browser, Anywhere Early adoption by Fortune 100 companies worldwide, LayerX already secures more users than any other browser security solution and enables unmatched security, performance and experience By Cyber NewsWire May 02, 2024 4 mins Cyberattacks Security PODCASTS VIDEOS RESOURCES EVENTS SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe