Is Internet Explorer More Secure than FireFox?

by Larry Fortier
Sept. 1, 2017 0 comments SANS Institute Encryption & Authentication system administration

It is common practice to compare web browser security based on known exploits but this paper raises the idea that security is a broader concept and that there are other important issues that need to be considered. In this paper we look at how it is possible to circumvent a company’s security policy by using a web browser. Specifically, we compare Internet Explorer with FireFox web browser when connecting to a website that is not FIPS-140 compliant and the companies policy is to use FIPS-140 complaint algorithms for web connections. Using this example we discuss best practices in choosing an encryption product (assuming data should be encrypted). We then end with a discussion emphasizing how important it is for security professionals to create a ‘security culture’ within an organization and how to handle the struggle between usability and security in a real world setting.