NSTISSAM_INFOSEC_3-00

NSTISSAM_INFOSEC_3-00 - UNCLASSIFIED NSTISSAM INFOSEC 3-00...

Info iconThis preview shows pages 1–4. Sign up to view the full content.

View Full Document Right Arrow Icon
UNCLASSIFIED UNCLASSIFIED NSTISSAM INFOSEC 3-00 August 2000 Advisory Memorandum on Web Browser Security Vulnerabilities THIS DOCUMENT PROVIDES MINIMUM STANDARDS. FURTHER INFORMATION MAY BE REQUIRED BY YOUR DEPARTMENT OR AGENCY.
Background image of page 1

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
UNCLASSIFIED National Security Telecommunications and Information Systems Security Committee NSTISSC Secretariat (I42). National Security Agency.9800 Savage Road STE 6716. Ft Meade MD 20755-6716 (410) 854-6805.UFAX: (410) 854-6814 [email protected] UNCLASSIFIED FOREWORD 1. Virtually all major Web browsers have significant security flaws, making it possible for hackers to attack. These attacks run the gamut from simple denial of service, through theft of files and personal information, to full- fledged system penetration permitting the attacker to delete files, insert viruses, change information, and leave hidden monitoring programs. But Web browsers offer tremendous convenience and productivity advantages and their use will only accelerate in both industry and government. 2. This NSTISSAM outlines some of the steps you can take to lower your risk when browsing the Web and discusses the benefits and consequences of the security measures. 3. Representatives of the National Security Telecommunications and Information Systems Security Committee (NSTISSC) may obtain additional copies of this instruction at the address listed below. 4. Comments and suggestions regarding this NSTISSAM may be directed to the NSA Information Systems Security Policy and Doctrine Division, telephone (410) 854-6815 or DSN 244-6815. MICHAEL V. HAYDEN Lieutenant General, USAF National Manager
Background image of page 2
NSTISSAM INFOSEC 3-00 UNCLASSIFIED 1 UNCLASSIFIED SECTION I INTRODUCTION 1. Browsing the Web can be a dangerous proposition. Virtually all major Web browsers have significant security flaws, making it possible for hackers to attack you when you visit a Web page that contains malicious content. Despite the opportunities for attackers, the risks of browsing the Web are not as great as they might appear. For one thing, attackers cannot choose the time and place of the attack, but must wait for a victim to come to their Web page. This makes it difficult for attackers to target specific users unless they have information about the user's browsing habits. Also, despite the fact that almost all browsers have serious vulnerabilities, for the most part they are different vulnerabilities. So, attackers have to choose the attack that fits the browser, a task that requires a moderate level of sophistication on the attacker's part. Finally, since it is difficult to focus attacks narrowly, it is likely that serious attacks will get discovered relatively quickly. 2. Although the use of a Web browser puts the machine the browser is on at some risk, it also offers tremendous convenience and productivity advantages. Use of the Web as the standard interface to information sources and enterprise applications is a trend that will only accelerate in both industry and government. In
Background image of page 3

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
Image of page 4
This is the end of the preview. Sign up to access the rest of the document.

This note was uploaded on 11/14/2011 for the course COMP 6370 taught by Professor Staff during the Fall '08 term at Auburn University.

Page1 / 8

NSTISSAM_INFOSEC_3-00 - UNCLASSIFIED NSTISSAM INFOSEC 3-00...

This preview shows document pages 1 - 4. Sign up to view the full document.

View Full Document Right Arrow Icon
Ask a homework question - tutors are online