NSTISSAM_INFOSEC_3-00 - UNCLASSIFIED NSTISSAM INFOSEC 3-00...

Info icon This preview shows pages 1–4. Sign up to view the full content.

View Full Document Right Arrow Icon
UNCLASSIFIED UNCLASSIFIED NSTISSAM INFOSEC 3-00 August 2000 Advisory Memorandum on Web Browser Security Vulnerabilities THIS DOCUMENT PROVIDES MINIMUM STANDARDS. FURTHER INFORMATION MAY BE REQUIRED BY YOUR DEPARTMENT OR AGENCY.
Image of page 1

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full Document Right Arrow Icon
UNCLASSIFIED National Security Telecommunications and Information Systems Security Committee NSTISSC Secretariat (I42). National Security Agency.9800 Savage Road STE 6716. Ft Meade MD 20755-6716 (410) 854-6805.UFAX: (410) 854-6814 [email protected] UNCLASSIFIED FOREWORD 1. Virtually all major Web browsers have significant security flaws, making it possible for hackers to attack. These attacks run the gamut from simple denial of service, through theft of files and personal information, to full- fledged system penetration permitting the attacker to delete files, insert viruses, change information, and leave hidden monitoring programs. But Web browsers offer tremendous convenience and productivity advantages and their use will only accelerate in both industry and government. 2. This NSTISSAM outlines some of the steps you can take to lower your risk when browsing the Web and discusses the benefits and consequences of the security measures. 3. Representatives of the National Security Telecommunications and Information Systems Security Committee (NSTISSC) may obtain additional copies of this instruction at the address listed below. 4. Comments and suggestions regarding this NSTISSAM may be directed to the NSA Information Systems Security Policy and Doctrine Division, telephone (410) 854-6815 or DSN 244-6815. MICHAEL V. HAYDEN Lieutenant General, USAF National Manager
Image of page 2
NSTISSAM INFOSEC 3-00 UNCLASSIFIED 1 UNCLASSIFIED SECTION I – INTRODUCTION 1. Browsing the Web can be a dangerous proposition. Virtually all major Web browsers have significant security flaws, making it possible for hackers to attack you when you visit a Web page that contains malicious content. Despite the opportunities for attackers, the risks of browsing the Web are not as great as they might appear. For one thing, attackers cannot choose the time and place of the attack, but must wait for a victim to come to their Web page. This makes it difficult for attackers to target specific users unless they have information about the user's browsing habits. Also, despite the fact that almost all browsers have serious vulnerabilities, for the most part they are different vulnerabilities. So, attackers have to choose the attack that fits the browser, a task that requires a moderate level of sophistication on the attacker's part. Finally, since it is difficult to focus attacks narrowly, it is likely that serious attacks will get discovered relatively quickly. 2. Although the use of a Web browser puts the machine the browser is on at some risk, it also offers tremendous convenience and productivity advantages. Use of the Web as the standard interface to information sources and enterprise applications is a trend that will only accelerate in both industry and government. In most environments, it is simply not reasonable to say "security at all costs" and give up the huge advantages that the Web offers.
Image of page 3

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full Document Right Arrow Icon
Image of page 4
This is the end of the preview. Sign up to access the rest of the document.

{[ snackBarMessage ]}

What students are saying

  • Left Quote Icon

    As a current student on this bumpy collegiate pathway, I stumbled upon Course Hero, where I can find study resources for nearly all my courses, get online help from tutors 24/7, and even share my old projects, papers, and lecture notes with other students.

    Student Picture

    Kiran Temple University Fox School of Business ‘17, Course Hero Intern

  • Left Quote Icon

    I cannot even describe how much Course Hero helped me this summer. It’s truly become something I can always rely on and help me. In the end, I was not only able to survive summer classes, but I was able to thrive thanks to Course Hero.

    Student Picture

    Dana University of Pennsylvania ‘17, Course Hero Intern

  • Left Quote Icon

    The ability to access any university’s resources through Course Hero proved invaluable in my case. I was behind on Tulane coursework and actually used UCLA’s materials to help me move forward and get everything together on time.

    Student Picture

    Jill Tulane University ‘16, Course Hero Intern