Part of the system admin gig is protecting the end users information. We have to make sure that they can safely do their work without worrying about their identity being stolen. We also have to take certain measures to make sure that the less savvy users are protected as well. In the previous articles I have talked about how to setup and configure Firefox on a computer that your average employee would use. In this article I would like to discuss how to configure a computer for a public setting. On a public computer the security needs to be a little tighter, things need to be more locked down. We have to make sure that the novice user and the expert are protected from others (and from themselves).
Securing Firefox:
There are a few things that I do to secure Firefox in public settings. Here they are:
Tools >> Options:
In a public setting it is important to make sure that user's information is kept secure. Because of this I use different settings when I configure Firefox. Here is how I tweak Firefox to be more secure in a public setting. Here is how to do it:
- Open Firefox and go to Tools >> Options
- Go to the Privacy section:
As you can see, it still lists the settings made in Part 1
- I uncheck "Keep history for at least..". If it is a public computer I don't want the history there. I don't want a user to know what web sites other users have visited on the computer
- Under "Private Data" I check the box next to "Always clear my private data when I close Firefox" and I uncheck the box next to "Ask me before clearing private data"
- Now, click on the "Settings" button on the far right:
I make sure that all of the boxes are checked and I click the "OK" button
- Now, click on the "Clear Now" to get all of the random settings that have accumulated while you have been preparing Firefox
- A new window will appear asking what data you want to clear. Everything should be checked, so press the "Clear Private Data Now" button
- Here is what the screen looks like before I hit the "OK" button:
You may also want to check the following settings:
- Under Firefox Tools >> Options >> Security, uncheck the box next to "Remember passwords for sites"
- User Firefox Tools >> Options >> Advanced >> Update, uncheck all check boxes under "Automatically check for updates to:"
For other settings please refer to Part 1 & Part 2.
These settings help protect the less than average user. In Firefox when you enter your password it asks if you want to save it. Some people don't read the window and click the "Remember" button. When the next person comes along they get access to someone else's email or bank account. As you can imagine, this is not acceptable.
With these settings in place every time Firefox closes all possible personal information will be cleared. This is ideal for a public computer or a computer that you need to keep really secure. It may not work very well in other situations.
CSS?:
A few years back management told me that I had to figure out how to remove or disable the Tools >> Options menu item in Firefox. This is easily done with a registry key in Internet Explorer. After tons of research I eventually found a solution that surprised me. The look and feel of Firefox is controlled by CSS. You can actually changed how Firefox looks by adding a CSS into your profile. You can create and place a file called "userChrome.css" in your Firefox profile directory and it will tweak how Firefox looks. There are some great resources on how to do this out on the web. Here are a few links that got me started:
- http://www.mozilla.org/unix/customizing.html#userContent
- http://lifehacker.com/software/firefox/geek-to-live--consolidate-firefoxs-chrome-210542.php
- http://lifehacker.com/software/ask-the-readers/best-firefox-userchromecss-tweaks-301520.php
- http://www.linnhe2.free-online.co.uk/firefox/chrome.html
I after thinking about security and all of the different options that the menu has in Firefox, I decided that I would remove the following menu items on public computers:
- History: I did not want to chance users looking in the history to see what other websites people have been looking at
- Bookmarks: If it is a public computer people should not be creating bookmarks
- Tools: I removed this menu to make the computer more secure.
- Help: I figure that most people won't go to the help menu for help. Also, I did not want the users to check for updates, I want to control the update process.
Now that we know what we want to do, we can create the userChrome.css file and start tweaking:
The one problem with this method is that if the user is savvy they can simply delete the file and they will have full access to everything. I am not sure how to prevent the file deletion. Any ideas?
Add-ons:
The security that I talked about above covers most circumstances. It makes sure that the user does not get into most things that they shouldn't and it protects their information. Over time I have found one flaw in my security scheme. In Firefox, if you type "about:config" in your address bar (or the "Awesome Bar" in Firefox 3) you will see what I mean. It lists every setting in the browser. It allows you to change settings, add settings, and even delete settings. If a user really wanted to they could bypass all of my security. I have found a way to lock down the browser to prevent this problem.
I found this great Firefox Add-on: Public Fox 1.05. It allows you to prevent additional Add-ons from being installed, locks the user out of Tools >> Options, and locks the user out of "about:config". You can even block certain extensions from being downloaded and create a black list or white list of websites the user can access. It is a pretty powerful tool.
It is pretty easy to install and configure, here is how you do it:
After I am done configuring everything, here is what my options look like:
All of the settings from this Add-on are saved in the prefs.js file. In order for these settings to be included in your install, you must configure it and include prefs.js as part of your Firefox install. You must also install this Add-on.
Conclusion:
There are a few things that you can do to secure Firefox in a public setting. The first is correctly configuring the Tools >> Options menu. Next, you can add some CSS to remove any unwanted menu items. Finally, you can install Add-ons to help lock down the browser. All of these things combined provide several layers of security. It also makes the browser more simple to use and operate. The most important result of these settings and tweaks is that the user's information is safe and secure. They don't need to worry about the next person logging into their email account (because they accidentally saved their password), or looking up what web pages they visited. In the next few articles we will talk about updating Firefox, creating a Firefox layer, and adding Firefox into SVS Pro.