Part of the system admin gig is protecting the end users information. We have to make sure that they can safely do their work without worrying about their identity being stolen. We also have to take certain measures to make sure that the less savvy users are protected as well. In the previous articles I have talked about how to setup and configure Firefox on a computer that your average employee would use. In this article I would like to discuss how to configure a computer for a public setting. On a public computer the security needs to be a little tighter, things need to be more locked down. We have to make sure that the novice user and the expert are protected from others (and from themselves).

Securing Firefox:

There are a few things that I do to secure Firefox in public settings. Here they are:

Tools >> Options:

In a public setting it is important to make sure that user's information is kept secure. Because of this I use different settings when I configure Firefox. Here is how I tweak Firefox to be more secure in a public setting. Here is how to do it:

• Open Firefox and go to Tools >> Options
• Go to the Privacy section:
  

  Click to view.

  As you can see, it still lists the settings made in Part 1

• I uncheck "Keep history for at least..". If it is a public computer I don't want the history there. I don't want a user to know what web sites other users have visited on the computer
• Under "Private Data" I check the box next to "Always clear my private data when I close Firefox" and I uncheck the box next to "Ask me before clearing private data"
• Now, click on the "Settings" button on the far right:
  

  Click to view.

  I make sure that all of the boxes are checked and I click the "OK" button

• Now, click on the "Clear Now" to get all of the random settings that have accumulated while you have been preparing Firefox
• A new window will appear asking what data you want to clear. Everything should be checked, so press the "Clear Private Data Now" button
• Here is what the screen looks like before I hit the "OK" button:
  

  Click to view.

You may also want to check the following settings:

• Under Firefox Tools >> Options >> Security, uncheck the box next to "Remember passwords for sites"
• User Firefox Tools >> Options >> Advanced >> Update, uncheck all check boxes under "Automatically check for updates to:"

For other settings please refer to Part 1 & Part 2.

These settings help protect the less than average user. In Firefox when you enter your password it asks if you want to save it. Some people don't read the window and click the "Remember" button. When the next person comes along they get access to someone else's email or bank account. As you can imagine, this is not acceptable.

With these settings in place every time Firefox closes all possible personal information will be cleared. This is ideal for a public computer or a computer that you need to keep really secure. It may not work very well in other situations.

CSS?:

A few years back management told me that I had to figure out how to remove or disable the Tools >> Options menu item in Firefox. This is easily done with a registry key in Internet Explorer. After tons of research I eventually found a solution that surprised me. The look and feel of Firefox is controlled by CSS. You can actually changed how Firefox looks by adding a CSS into your profile. You can create and place a file called "userChrome.css" in your Firefox profile directory and it will tweak how Firefox looks. There are some great resources on how to do this out on the web. Here are a few links that got me started:

• http://www.mozilla.org/unix/customizing.html#userContent
• http://lifehacker.com/software/firefox/geek-to-live--consolidate-firefoxs-chrome-210542.php
• http://lifehacker.com/software/ask-the-readers/best-firefox-userchromecss-tweaks-301520.php
• http://www.linnhe2.free-online.co.uk/firefox/chrome.html

I after thinking about security and all of the different options that the menu has in Firefox, I decided that I would remove the following menu items on public computers:

• History: I did not want to chance users looking in the history to see what other websites people have been looking at
• Bookmarks: If it is a public computer people should not be creating bookmarks
• Tools: I removed this menu to make the computer more secure.
• Help: I figure that most people won't go to the help menu for help. Also, I did not want the users to check for updates, I want to control the update process.

Now that we know what we want to do, we can create the userChrome.css file and start tweaking:

• In My Computer go to "C:\Document and Settings\user account\Application Data\Firefox\Profiles\profile name\chrome"
• Create a text file and rename it to "userChrome.css"
• Edit that CSS file, and paste in the following:

  /* * Do not remove the @namespace line -- it's required for correct functioning */ /* set default namespace to XUL */ @namespace url("http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul");
  
  /* Remove Edit menu (if you already use all the keyboard shortcuts) */
  #helpMenu { display: none !important; }
  #tools-menu { display: none !important; }
  #editMenu { display: none !important; }
  #history-Menu { display: none !important; }
  #bookmarksMenu { display: none !important; }
  menu[label="History"] { display: none !important; }
  
  

• Click on File >> Save and you are good to go. The next time you open your browser you will notice that the menu items have been removed

The one problem with this method is that if the user is savvy they can simply delete the file and they will have full access to everything. I am not sure how to prevent the file deletion. Any ideas?

Add-ons:

The security that I talked about above covers most circumstances. It makes sure that the user does not get into most things that they shouldn't and it protects their information. Over time I have found one flaw in my security scheme. In Firefox, if you type "about:config" in your address bar (or the "Awesome Bar" in Firefox 3) you will see what I mean. It lists every setting in the browser. It allows you to change settings, add settings, and even delete settings. If a user really wanted to they could bypass all of my security. I have found a way to lock down the browser to prevent this problem.

I found this great Firefox Add-on: Public Fox 1.05. It allows you to prevent additional Add-ons from being installed, locks the user out of Tools >> Options, and locks the user out of "about:config". You can even block certain extensions from being downloaded and create a black list or white list of websites the user can access. It is a pretty powerful tool.

It is pretty easy to install and configure, here is how you do it:

• Open Firefox on your test computer
• Go to Tools >> Add-ons
• In the Add-ons window, click on the link in the corner titled "Get Extensions"
• A new tab will appear, in the search bar at the top type in "Public Fox"
• Once you have found the Add-on, click the "Add to Firefox" button
• A software installation window will appear, click on the "Install Now" button to install the Add-on
• Once it is done installing, the Add-ons window will appear again. It is informing you that the Add-on has been installed. You must restart Firefox for the Add-on to start working. Click the "Restart Firefox" button
• Because this is a vanilla copy of Firefox, when it re-opens the "Add-ons" window will appear informing you that a new Add-on has been installed
• From the list select "Public Fox" and click the "Options" button
  

  Click to view.

• This window will appear:
  

  Click to view.

  These are all of the different options you can set with this Add-on

• Let's configure this Add-on:
  • General
    • Lock Downloads: You can restrict what file types that your users download (see the text box below). This doesn't make sense for me, so I left it unchecked
    • Lock Add-ons windows: This prevents access to Tools >> Add-ons. If the user tries to access the Add-on screen they will be prompted to enter a password. Not allowing the user to install any Add-ons makes sense on public computers. It will keep the environment more secure and the same. I have never seen one, but there may be malicious or dangerous Add-ons.
    • Lock Firefox options: This will lock the user out of Tools >> Options screen. If they try to access this screen they will be prompted for a password. Checking this settings will ensure that all of the options that you configured will be left alone. This will also prevent the user from changing any settings to bypass a firewall or web filter
    • Lock 'about:config; settings page: As discussed earlier, if you type about:config in the address bar you get a listing of all Firefox settings. You can even delete or add settings. Allowing access to this in a public setting basically defeats all security measures that you may take. This is a great option. Checking this setting makes Firefox secure
    • Lock addition of Bookmarks: On a public computer the user should not need to Bookmakr a web page. This setting prevents them from saving their bookmarks
    • Lock History sidebar: I don't want the users to look at other users history, I like to lock the sidebar from appearing.
    • File Extensions that you don't want downloaded: Here you can list all of the file extentions that you don't want downloaded. I cleared the list so that all could be downloaded
    • Lock Password: You will need to enter a password in for all of the settings on this screen to take affect. The password is saved in the prefs.js file. It is not a clear text save, so even the savvy user won't bypass it
  • Enable Functions: In this section you can create a whitelist or blacklist (or both) of websites. In order to access these sites the user will have to provide the password

After I am done configuring everything, here is what my options look like:

Click to view.

All of the settings from this Add-on are saved in the prefs.js file. In order for these settings to be included in your install, you must configure it and include prefs.js as part of your Firefox install. You must also install this Add-on.

Conclusion:

There are a few things that you can do to secure Firefox in a public setting. The first is correctly configuring the Tools >> Options menu. Next, you can add some CSS to remove any unwanted menu items. Finally, you can install Add-ons to help lock down the browser. All of these things combined provide several layers of security. It also makes the browser more simple to use and operate. The most important result of these settings and tweaks is that the user's information is safe and secure. They don't need to worry about the next person logging into their email account (because they accidentally saved their password), or looking up what web pages they visited. In the next few articles we will talk about updating Firefox, creating a Firefox layer, and adding Firefox into SVS Pro.