Browser Security Policy¶
FOI Security Policy includes the following configuration and will be automatically activated in all browsers listed below:
Android
FOI Security Policy cannot be installed on Android and settings must be changed manually.
Chrome / Brave / Firefox¶
Password Manager must be disabled¶
Instead of the browser's password manager, you should use the recommended Password Manager.
Configuration
Automatically activated by FOI Security Policy
Manual configuration
Chrome/Brave:
- Computer Configuration > Administrative Templates > Google/Brave > Password Manager:
- Enable saving passwords to the password manager >
Disabled
- Enable saving passwords to the password manager >
Firefox:
- Comp
Manual configuration
Chrome/Brave:
- Search for 'leak detection' and 'password manager' in iMazing Profile Editor and disable them
Firefox:
- Chrome: Settings > Google Password Manager > Offer to save passwords >
Disabled - Brave: Settings > Brave Password Manager > Save passwords >
Disabled
Validation
chrome://policy - should be listed:
- PasswordManagerEnabled: false
N/A
Additional information
Browser DNS must be disabled¶
The browser may use its own DNS settings and ignore system settings. It is necessary to disable the browser's DNS Resolver and use the system's DNS settings (DNS-over-HTTPS).
Configuration
Manual configuration
Computer Configuration > Administrative Templates > Classic Administrative Templates >
Google/Brave > Use built-in DNS client > Disabled
Manual configuration
Search for 'Use built-in DNS client' in iMazing Profile Editor and disable it
Not required.
Validation
chrome://policy - should be listed:
- BuiltInDnsClientEnabled: false
N/A
Additional information
Third-party cookies must be blocked¶
The main use of third-party cookies is tracking/monitoring user web browsing and they are almost never used for useful purposes. Third-party cookies must be blocked in the browser.
Configuration
Manual configuration
Computer Configuration > Administrative Templates > Classic Administrative Templates >
Google/Brave > Block third-party cookies > Enabled
Manual configuration
Search for 'Block third party cookies' in iMazing Profile Editor and enable it.
Chrome: Settings > Privacy and security > Third-party cookies > Block third-party cookies
Brave: Settings > Brave Shields & Privacy > Block Cookies > Block third-party cookies
Validation
chrome://policy - should be listed:
- BlockThirdPartyCookies: true
N/A
Additional information
External remote connections must be blocked¶
Chromium browsers have a built-in browser and system remote control function ( Remote Desktop). These connections can "pierce" the firewall, where a potential attacker connects to the system from the internet, bypassing the firewall. Such connections must be blocked and this capability should only remain for systems on the local network.
Configuration
Manual configuration
Google/Brave:
- Computer Configuration > Administrative Templates > Classic Administrative Templates >
Google/Brave > Remote access:
- Allow remote access connections to this machine >
Disabled - Allow remote support connections to this machine >
Disabled - Enable firewall traversal from remote access host >
Disabled
- Allow remote access connections to this machine >
Firefox:
Not required.
Not required.