About a year ago a colleague posted an interesting article (Safer browsing with Kasm) on how he was using Kasm’s Browser Isolation technology to maintain some semblance of safety while researching internet topics of interest. In his line of work some of those topics could lead to some less than well-intentioned sites.
Since the article’s publishing, we have seen an unprecedented uptick in cyber vulnerabilities being exploited, even critical infrastructure in both energy and agriculture has been affected. I’m not trying to solve the US Federal Infrastructure vulnerabilities but I think I can provide some advice on why you should use Kasm Workspaces to keep yourself safe and your information while browsing private.
Most ransomware is delivered to your computer after you invite it in. If you think hackers are spending months day and night attacking your firewall and IPS/IDS platforms, you are probably wrong. Malware is typically delivered when you click on a link that invites you to download something or install software onto your system. This is most often through a phishing email (a great example of this is the Colonial Pipeline Shutdown).
Why someone was checking personal email on a machine linked to critical infrastructure networks? is a different post altogether.
Kasm Workspaces is a software stack created by Kasm Technologies that allows you to create on-demand instances of containerized desktops and browsers that you can access directly from your browser. Kasm has SaaS and Enterprise offerings but the one we are interested in here is the no-cost Community Edition. You can run this on your local system, in a cloud provider, or wherever you can get it to install.
The brass tax benefit is that all of your interaction with the internet occurs on a container that is running in Kasm. What does this mean? Kasm streams an image of what you are browsing or interacting with to your browser. When you browse a malicious site or install ransomware you are actually running that code on the container instance. If the container is infected with ransomware, for instance, simply delete the container and spawn a new one and begin again.
Not allowing your computer to be infected is great but how does that keep your privacy secure?
Kasm does not store any of your data. They don’t keep a record of any sites you visit, how many times you visited or how long you stayed on those sites. Each container that is created comes with a brand-new browser. That means that typical invasive tactics and techniques are rendered useless you will not be tracked based on:
- Browser history is a record of the websites you visited or clicked on. By default, most browsers remember your browsing history for weeks.
- Stored Cookies are pieces of information that are downloaded when you visit a website, and then stored by your browser for future use. While they enrich and personalize many of the websites you visit, they can also pose a risk to security and privacy. By default, most browsers accept and store cookies indefinitely.
- Plugins are programs that your browser installs from websites you visit that, similar to cookies, can store information about you but also interact with the websites you visit. Some websites will require you to have a plugin of some kind in order to view them properly, or at all. Because they are programs, Plugins themselves can present security risks.
- Cache, or ‘browser cache’ is a collection of saved documents and images that your browser holds on to in order to load content faster. By default, a browser will store this information on your hard drive and keep it until asked to remove it, or if the computer starts to run out of space.
- Pop-ups and Pop-up Blocks are often enabled by browsers to prevent pop-up advertising, which most users have grown to dislike. Some websites, however, require that pop-ups be allowed and will ask to permit them. These ‘allowed web sites’ are stored by the browser indefinitely, or unless asked to be deleted.
- Form Data and/or Saved Passwords are data that you have typed in to a website or ‘form’ that the browser has saved so you don’t have to fill them in each time you visit the website. Most browsers ask if you’d like to ‘save’ information for future use, it is strongly recommended that you do not permit data and/or password saving for websites and that this information is regularly cleaned or deleted if it is there.
I use Kasm Workspaces on an AWS Ubuntu EC2 Micro image. Even the free AWS tier images provide a crisp image, snapper interface and seamless browsing. Kasm Community edition is free and allows for 5 images to be run simultaneously which is probably more than enough for most home users just trying to stay safe.