Cyber Security Awareness Month - Day 5 - Sites you should stay away from

Published: 2010-10-05. Last Updated: 2010-10-11 17:44:01 UTC
by Rick Wanner (Version: 1)
13 comment(s)

As we wander down this path that is Cyber Security Awareness month it reinforces that on one hand the Internet is a source of an unimaginable wealth of  information and knowledge and on the other hand is a scary place where evil lurks in dark corners.  The question for the day is how can you explore the Internet while avoiding nasty sites.

As a security practitioner I am often taken off the beaten path of the Internet to do research, so it is important that I have some help avoiding nefarious sites. Here are a few tools that  I use:

  • I use Firefox and the Web-of-Trust add-on to help me identify potentially naughty sites.  Web of Trust adds colored circles after all links, green for good, yellow for questionable, and red for bad.  McAfee SiteAdvisor and other products do very similar things.
  •  I use OpenDNS and utilize the Web Content Filtering capability to provide a layer of protection.

 If you have other tips on how to avoid nasty sites, please feel free to comment below or contact us via our contact form.

 Update from the contact form:

There are a number of websites that can be used to verify the reputation and safety of websites:

Locking down the host file is also an alternative.  The MVPs hosts project provides a good method to avoid ads and some troublesome sites.

If you still run Windows XP or earlier and must run as an administrator there is an intriguing way to browse the web as a non-administrator

 

-- Rick Wanner - rwanner at isc dot sans dot org - http://namedeplume.blogspot.com/ - Twitter:namedeplume (Protected)

13 comment(s)

Comments

I am a firm believer of prevention being better than cure.

Whenever I'm recommending security for home users, I recommend the following as a minimun on top of the standard AV and firewalls etc:

K9 Web Protection from Bluecoat (www.k9webprotection.com) - highly recommended (very low profile and extremely quick). I did put my parents on the OpenDNS filter once, but as their ISP used dynamic IP's which refreshed quite quickly, the filter became redundant because it bases the filter profile on the IP address you're using.


AVG Link scanner - This tool actually scans sites within a search result for malware rather than rely on a database of "user experience"

Using a modifed hosts file via Spybot and Hostman also helps.

Alban
I run Firefox with adblocker and noscript. I also run spybot search and destroy and symantec AV.

All in all, it's a pretty client safe setup!
amilroy, to solve the OpenDNS issue with quickly rotating dynamic addresses you just need to install the OpenDNS updater on one of their computers. It will keep OpenDNS up to date.
Comments through the contact page are recommending Firefox plug-ins like NoScript, AdBlock Plus, FlashBlock. Personally I use NoScript, but when I have subjected my non-computer literate relatives to it it rapidly becomes a case of "Allow all from..." repetitively. Perhaps I just need to be more patient explaining.
i'll take a pass on opendns... they hijack dns requests that return a nxdomain.
@joeblow; Yes, OpenDNS hijacks nxdomain. It's how they pay for the free service, and they're up-front about it. That would be a real pain to me and you investigating networking and connectivity issues and general internet things. But it's fine for my mother or my kids. I'm a qualified fan of OpenDNS and have my iptables firewall ensure that *all* the kids' DNS requests go there via DNAT regardless of how the individual systems are (mis)configured.

For my part, a while ago I started using Immunet, which is a cloud-based AV (yeah, right!!) Their solution co-exists with other AV's, mine is Avast. (Not the best, I know, but it's free)

The reason I mention it, is that recently Immunet blocked two nasties on my system and I thought that was really good, since it was seemingly coming from my browser.

And I use Firefox with noscript, but that does not end all threats. Don't forget to mention no-admin-rights on the browser.

If only FF could run with low integrity level...
There are huge caveats with a "sites to stay away from" methodology - namely, you're in fact teaching that there are sites that can be trusted.

Obviously, this is patently false. q.v. any adstream injection, the SeattleSeahawks, CNN, whatever - none of these were "sites to avoid".

As for defense-in-depth - combination of Firefox+noscript and/or SandboxIE.
@Steven: While most of us will agree that no sites can be really trusted, there are clearly some sites that should be avoided as they contain known bad content (for some definition of "bad content")

I also use K9 on my kids' machines, and OpenDNS for the home network (with the OpenDNS updater). Also using Avast for AV duties.
My home network is set up to require web browsing via a proxy server (Squid), and I automatically update the proxy's domain block list from malwaredomains.com

At the client end, FireFox + NoScript.

Diary Archives