Securing your home banking session

View previous topic View next topic Go down

Securing your home banking session

Post by Guest on 25/2/2012, 05:54

A while ago, I started this thread at ssj100 Security Forums: http://ssj100.fullsubject.com/t427-windows-vista-windows-7-sandboxie-integrity-levels

In that same thread, I mentioned something about Google Chrome/Chromium web browser command-line switch --host-rules.

Moments ago, after reading something at Wilders Security Forum, where someone asking what alternative would there be to protect against XSS attacks, without extensions, I decided to test something with --host-rules, which I know could be done for the loopback (IPv4/IPv6).

This is the part of post that matters (I've changed the forum name, for the example):

m00nbl00d wrote:
2. If you don't like the firewall approach, I'd use either Google Chrome or Chromium web browsers, and make use of the command-line switch --host-rules.

Imagine that you want to restrict communications to ssj100 Security Forums. I'll give an example with Chromium being in Program Files directory.

"C:\Program Files\Chromium\Chromium - ssj100 Session\chrome.exe" --host-rules="MAP * 127.0.0.1, EXCLUDE ssj100.fullsubject.com"

What the above command does is map every communication to the loopback (127.0.0.1, which is your own system), except ssj100.fullsubject.com. So, only communication to ssj100 Security Forum is allowed. If there were any other sub-domains, then you could either add the following:

m00nbl00d wrote:
"C:\Program Files\Chromium\Chromium - ssj100 Session\chrome.exe" --host-rules="MAP * 127.0.0.1, EXCLUDE ssj100.fullsubject.com","MAP * 127.0.0.1, EXCLUDE somedomain.fullsubject.com"

or

"C:\Program Files\Chromium\Chromium - ssj100 Session\chrome.exe" --host-rules="MAP * 127.0.0.1, EXCLUDE *.fullsubject.com"

This last example would allow communication to fullsubject.com and any of its sub-domains.

######################

Besides what I quoted of myself above, you can also restrict the IP address of the forum (in my example) and the port (80 in my example, which for procotol http):

m00nbl00d wrote:
"C:\Program Files\Chromium\Chromium - ssj100 Session\chrome.exe" --host-rules="MAP * 127.0.0.1, EXCLUDE ssj100.fullsubject.com","MAP ssj100.fullsubject.com 67.228.47.103:80"

67.228.47.103 - current ssj100.fullsubject.com IP address. 80 - remote port (protocol http).

Note: You can achieve the same with a firewall, of course. But, following this approach, you can do it for other people who can't handle outbound protection. Laughing Also, without having to resort to extensions/add-ons.

Guest
Guest


Back to top Go down

Re: Securing your home banking session

Post by ssj100 on 25/2/2012, 06:56

Looks interesting. Might be a silly question, but can the same thing be done with Firefox?

_________________
Sandboxie + LUA + SRP + DEP + SuRun
Windows Firewall + NAT Router + IPSec (on-demand)
VirtualBox (on-demand)
Drive SnapShot (on-demand)
avatar
ssj100
Administrator
Administrator

Posts : 1389
Join date : 2010-04-14

View user profile http://ssj100.fullsubject.com

Back to top Go down

Re: Securing your home banking session

Post by Guest on 25/2/2012, 08:40

ssj100 wrote:Looks interesting. Might be a silly question, but can the same thing be done with Firefox?

Well, you could use a firewall, as I mentioned. Other than that, I don't know if you can achieve the same granularity with Firefox using an extension. I don't think Firefox itself allows you to apply that kind of restriction.

You could try and see if what user vasa1 mentions at WSF could allow that kind of restriction -http://www.wilderssecurity.com/showthread.php?&t=318299 (I don't know if it would allow you to achieve this kind of control, though.)

You'd still be relying on an extension, though. The nice thing of the Google Chrome/Chromium approach is that, you'd be using own methods. Smile

Guest
Guest


Back to top Go down

Re: Securing your home banking session

Post by Guest on 3/3/2012, 08:40

I've created a different profile for a relative of mine following this approach. Very Happy

Considering that outbound firewall control would be hard to deal with, this really comes in hand. cheers

Guest
Guest


Back to top Go down

Re: Securing your home banking session

Post by Sponsored content


Sponsored content


Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum