Welcome to ‘Browser Security Certificates and Pop-up Settings.’ After watching this video, you will be able to: Identify and access advanced browser security settings, verify security certificates for websites, and configure pop-up settings. The method for accessing security settings in each web browser is slightly different, but most of them offer similar kinds of settings to enforce security and privacy. For example, in the Google Chrome web browser, to access these settings you select the Customize and control Google Chrome button (that’s the vertical three dots in the top right corner), and select Settings. Then you can select Privacy and security from the left navigation menu, and from here you can configure several settings, including configuring safe browsing options, managing certificates, and configuring site settings such as site permissions and pop-ups. You can also navigate directly to this settings page by browsing to chrome://settings/privacy in the address bar. And in Microsoft’s Edge web browser, you can access security and privacy settings by selecting the Settings and more button (that’s the horizontal three dots in the top right corner), and selecting Settings. Then, for most security settings you select Privacy, search, and services from the left navigation menu. Here you can configure several security settings, including tracking prevention, managing certificates, blocking unwanted apps, and secure browsing options. And again, you can also navigate directly to this settings page by browsing to edge://settings/privacy in the address bar. When you are browsing websites, especially those that you have never visited before, and even more crucially if you are using the website of a financial institution such as an online bank, it is a good security practice to check the authenticity of those websites. You can identify a secure website by looking for the padlock icon next to the URL in a browser’s address bar. And when you click the padlock, you should see the message ‘Connection is secure.’ If you don’t see the padlock icon, and instead see a warning icon and the words ‘Not secure’ to the left of the URL then this site is not using the Secure Sockets Layer (or SSL) protocol. So, in other words you are accessing it by using the HTTP protocol rather than the more secure HTTPS protocol. SSL (or more accurately, SSL over TLS (or Transport Layer Security)) is a protocol standard for secure communications between two systems over the Internet by virtue of encryption algorithms. When you see the ‘Not secure’ message to the left of the URL, it means that either the SSL security certificate on the website you are visiting has expired, and therefore needs renewing by the hosting website, or the security certificate has been signed (or authorized) by an issuing authority that is not trusted by the browser. In other words, the certification authority (or CA) is not on the browser’s built-in list of trusted certificate providers. If you click the ‘Not secure’ message you will see a dialog box that informs you that the connection to the website is not secure, and the message also warns you about entering sensitive information on this site. Even when you are browsing a website that is displaying the padlock icon, if you are unsure about its authenticity or just want to dig a bit deeper into the security information behind that website, you can view the security certificate that has been issued to the web server hosting the website. The certificate is issued by a certification authority (or CA). To view a website’s security certificate in Google Chrome, browse to a website using the HTTPS protocol, and click the URL address in the address bar to display the full URL. Select the padlock icon to the left of the URL and select Connection is secure, then select Certificate is valid, and the web server’s certificate will open in a separate dialog box. Here you can view general certificate information such as the issuing CA, and the validity dates. On the other tabs you can view detailed information about the certificate such as its serial number, security algorithms, and its certification path back to the issuing CA. Many websites contain pages that host third-party scripts or pop-up ads (also known simply as pop-ups), which are typically used to target you for online marketing purposes. They can sometimes be a little annoying as they might distract you from your intended purpose and can literally get in the way of what you are trying to view on a website. But while they may be simply annoying, there is also the potential for them to be malicious as well, and the developers of these pop-ups will usually associate them with some form of on-screen activity such as clicking a button. The button could be labeled Close or Cancel, and therefore may appear to be totally legitimate. Another common type of malicious pop-up is ransomware that looks like a notification from a government agency such as the IRS or the FBI. Ransomware is malware that can enable hackers to take control of a victim’s computer if they click a link in the pop-up notification. So, to maintain security and for a better browsing experience, you should be very careful when interacting with these kinds of items. It is also important for you to know how to block these items when browsing a website. Most modern web browsers include built-in tools for blocking pop-ups, but there are many third-party pop-up blockers (or ‘ad blockers’) available on the market such as AdLock, AdGuard, AdBlock, Ghostery, and Adblock Plus. And some of these include additional features such as ad filtering. Today’s modern web browsers block pop-ups by default. This is typically indicated in your web browser by an icon in the browser’s address bar or a notification dialog box. To modify Google Chrome’s behavior when encountering pop-ups, open Settings and select Privacy and security. Select Site settings, and then scroll down to the Content section and select Pop-ups and redirects. Here you can choose which default behavior to use for pop-ups. The options are either to allow all sites to send pop-ups and use redirects, or to not allow any sites to send pop-ups and use redirects. However, you can also customize this default behavior by adding sites to the allowed list and/or the blocked list. For example, here we have added the popuptest.com and amazon.co.uk sites to the blocked list, and the skillup.tech and bbc.co.uk sites to the allowed list. Note that you can use the syntax [*.] before the domain name, which will then include all subdomains as well. In this video, you learned that: It is a good security practice to check the authenticity of websites you are visiting. You can identify a secure website by looking for the padlock icon next to the URL in a browser’s address bar. Pop-ups are typically used to target you for online marketing purposes. And, while pop-ups are annoying and distracting, they can also be malicious. Modern web browsers include built-in pop-up blocking tools, but you can also use third-party pop-up blocking apps. And you can modify your browser’s default behavior when encountering pop-ups.
