Part 1 of 10 on Chrome Hardening with Matt Lee
Matt webinar episode

Part 1 of 10 on Chrome Hardening with Matt Lee

Welcome to the first part of our 10-part series on 谷歌 Chrome hardening, featuring the cybersecurity wizard himself, Matt Lee, CISSP, CCSP, CFR, PNPT from Pax8 . This week, we kick off our journey by diving into essential settings and configurations to ensure your Google Chrome browser is as secure as possible and in line with Center for Internet Security CIS Benchmarks .


?? This Week’s Highlight: The Foundation of Chrome Hardening

Our latest webinar set the stage for a comprehensive guide to Chrome hardening. Matt Lee, known for his deep expertise and engaging speaking style, walked us through the critical settings and strategies for securing Chrome browsers. Here’s a deep dive into the key topics we covered.


Managing Supported Browsers

Matt emphasized the necessity of using only supported browsers within your organization. Unsupported browsers can lead to significant security vulnerabilities. He discussed the need to enforce browser policies that limit users to specific, supported browsers like Chrome or Edge. This is not just a technical necessity but a fundamental security practice. By controlling which browsers are used, organizations can reduce the risk of security breaches significantly.


Preventing Password Storage

Storing passwords in browsers poses a high security risk. Matt detailed how attackers can exploit stored passwords, gaining unauthorized access to sensitive information. He shared real-world examples of breaches that occurred due to poor password management. This highlighted the importance of disabling the option to save passwords in browsers and promoting the use of secure, enterprise-approved password managers instead.


Safe Browsing and Extensions

Ensuring safe browsing practices helps protect against phishing attacks and malicious sites. Matt highlighted the importance of enabling safe browsing features to enhance security. He also discussed the risks associated with uncontrolled browser extensions, which can introduce vulnerabilities. Matt’s anecdotes about compromised extensions underscored the need to manage and limit the use of extensions effectively.


Certificate Transparency and Management

Certificate transparency ensures that only valid and trusted certificates are used, preventing man-in-the-middle attacks and other security breaches. Matt explained how enforcing certificate transparency within Chrome is crucial for maintaining a secure browsing environment. He shared insights on common pitfalls and how to avoid them, making it clear that certificate management is a cornerstone of a robust security strategy.


?? Weekly Entrepreneurial Insight: Prioritizing Time and Confidence

This week, I learned a valuable lesson about prioritizing your time and being straightforward in meetings. During some back-to-back-to-back-to-back meetings, I decided to cut straight to the point and ask the questions I needed answers to directly. The result? Positive feedback and a clear path forward.

In meetings, whether you're presenting your platform or negotiating with partners, time is of the essence. Being direct saves everyone time and establishes you as a confident leader. Remember, you earned your position because of your skills and vision, act like it. Answer questions with confidence, and don’t be afraid to get straight to the point. Your confidence will inspire trust and respect.


?? Upcoming Webinar: Enhancing Privacy and Security with Heather Noggle

Next week, we’ll continue our series with Part 2, featuring Heather Noggle from Missouri Cybersecurity Center of Excellence . We'll dive deeper into enhancing privacy and security settings in Chrome.

Event Details: CIS Senteon Chrome Security Browser Hardening Webinar on LinkedIn


??? Take Action

Ready to enhance your browser security? Visit Senteon Managed Endpoint Hardening 's website, click the login button at the top, and sign up for a free assessment using the keyword “settings webinar” for exclusive reporting and insights.

Visit Senteon: senteon.co

Heather Noggle

I integrate people, process, and technology. Cybersecurity Workforce | SMB Cybersecurity | Software Requirements | Data Integration | Business Analysis | Speaker | Writer | Systems Thinker

5 个月

How do you follow Matt Lee, CISSP, CCSP, CFR, PNPT? (I guess we find out)

Tim Schnurr, CRISC

Cybersecurity Coach @ LeastTrust IT | CRISC Certification

5 个月

Lets have an extra credit episode on actually implementing/actioning many of these great Matt Lee, CISSP, CCSP, CFR, PNPT Zach Kromkowski recommendations! I watched the episode twice and did some heavy debate on implementing all of the settings in enterprise managed chrome (yes this available to MSPs at a low fee as well,, worth every penny BTW).. For example here is an example "Cross origin HTTP auth" actually has a some different nuances. see screen shot. CORS - cross origin resource sharing. Time queries (IMAP Time Protection?) Also many of these stricter/higher security settings come on by default in google new advanced security program (available on free chrome to all users, you need two fido2 keys to opt in).. Love the comment PROTECT SURFACE vs ATTACK SURFACE - Preach! Make yourself small! Mature organizations have massive protect surface yet extremely small attack surface.. While SMBs usually have ratios that are much lower (protect surface/attack surface) #LeastTrustLeanFunction

  • 该图片无替代文字

要查看或添加评论,请登录

Zach Kromkowski的更多文章

社区洞察

其他会员也浏览了