Everyone in the enterprise loves the web browser when it’s delivering news, email, documentation, and sales leads. With the shift to web apps, it’s arguably the most important installed software on any corporate desktop. But the internet is filled with people who aren’t nice — sometimes even dangerous — and the same browser can also bring viruses, rootkits, and worse. Even if the browser sits on a little-used desktop in a dusty corner with no access to sensitive information, an attacker can use the seemingly unimportant machine as a stepping stone.
Keeping your users’ browsers secure is essential. The browser companies work hard to block the attackers by sealing the back doors, side doors, and cracks in between, but that isn’t always enough. Some useful features have dark sides, and enterprises can increase security dramatically by shutting down or tightly limiting access to these options.
The freedom to download arbitrary files, for instance, is essential for installing new software, but it’s also a dangerous vector for attacks. If the users in your office don’t need to add new software on their own, blocking all downloads is a harsh but simple way to stop many attacks.
Most of the job is making tough decisions about whether the people in the office (and which ones) need access to various features, both their good and bad sides. No one likes to have their freedom curtailed, but the dangers of an attack are so great that locking down the machines and shutting down options is often a prudent decision.
Here are nine important steps that IT can take to keep users’ browsers running smoothly and securely.