• Home
    • What is
    • Computer security
      • Windows security
      • Mac security
      • Linux security
    • Mobile security
      • Android security
      • iOS Security
    • Data security
    • SCCM
    • Reviews
      • Case studies
    • Advertise
    • Contact
      • Privacy Policy
  • Subscribe now

    Loading
  • Home
  • What is
  • Computer security
    • Windows security
    • Mac security
    • Linux security
  • Mobile security
    • Android security
    • iOS Security
  • Data security
  • SCCM
  • Reviews
    • Case studies
  • Advertise
  • Contact
    • Privacy Policy
Home » Breaking Computer security Cyber Security data security Device security Latest Cybersecurity News Linux security Mac security Windows security

Private Network Access will increase security against malicious websites

John Greenwood Posted On January 13, 2022
0



Private Network Access

Google announced recently that its Chrome browser will soon start blocking website from interacting and querying user devices within a local private network thus increasing more security and privacy. This new update to Chrome will be implemented via W3C configuration called Private Network Access (PNA) which will be coming out during first half of this year.

The PNA will add a mechanism which will make websites to ask systems inside the local private networks for permission before they can interact with them. This permission request will carry a new header, Access-Control-Request-Private-Network: true and only when the response to this preflight is also true the interaction will be permitted, said Eiji Kitamura and Titouan Rigoudy, Google. If otherwise, then the sites will be blocked from connecting with the devices.

What is Private Network Access?

Private Network Access limits a website’s ability to query devices in the private networks. This limitation specification is also extended to Cross-Origin Resource Sharing protocol so sites can access the devices only after the permission is granted from the servers.

Attackers manipulation on Browsers to breach networks will become limited

This introduction of Private Network Access will increase the security posture of Chrome users. Threat actors have been exploiting browsers for the proxy connections that’s inside a organization’s internal network.

To understand this security enhancement plans in details lets consider a scenario where a malicious website is trying to establish contact with a IP address like 192.130.40.28, which is the address of a router and can be accessed only from the internal local network. When users in this network browse malicious websites, Chrome can make an automated request to their router without admin or user’s knowledge, it can also run malicious commands bypassing the router security layers altering router configurations.

Private Network Access
Source: Chrome

The above manipulation of attacks have been seen in the wild with DNS Changer malware attacking home routers in 2016. These attacks can also target other devices within the network including servers, desktops, laptops, domain controllers, applications and firewalls.

Private Network Access and their preflights

Preflight request is a mechanism introduced by the Cross-Origin Resource Sharing (CORS) standard used to request permission from a website before sending it an HTTP request that might have some after affects. This ensures that the target server understands the CORS protocol and significantly reduces the risk of CSRF attacks.

The PNA has already been included in the Chrome 96 version but the complete support is yet to be fully supported this year in Chrome 98 and Chrome 101. The Chrome 98 will  see the initial introduction of the preflight requests while Chrome 101 will evaluate websites the query and reliability of PNA. Only if the entire thing is reviewed to be safe and stable the same will be fully deployed into Chrome.

Private Network Access

Subscribe to our newsletter for daily alerts on cyber events, you can also follow us on Facebook, Linkedin, Instagram, Twitter and Reddit.

You can reach out to us via Twitter or Facebook, for any advertising requests.

Share the article with your friends


Chrome PNAGoogle Chrome PNAGoogle Chrome Private Network AccessPrivate Access Networks


Author

John Greenwood

He has been working with Cybersec and Infosec market for 12+ years now. Passionate about AI, Cybersecurity, Info security, Blockchain and Machine Learning. When he is not occupied with cybersecurity, he likes to go on bike rides!

Leave A Reply

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

  • Subscribe to our newsletter

    Loading
  • Windows security

    • Recast Software: Advanced Endpoint Management and Security...
      November 16, 2024
    • Patch My PC: Streamlined Software Management for ConfigMgr...
      November 9, 2024
    • Best Microsoft Intune Alternatives: Top 5 MDMs to Consider
      November 4, 2024
    • Top 11 Log Management Tools for Efficient System Management
      September 20, 2024
    • Top 5 Threat Intelligence Tools For 2024
      September 19, 2024


  • About us

    Our vision is to deliver the trending and happening cyber events to the enthusiasts.

    We believe in delivering educational and quality content for hassle-free understanding of the subject.

  • Subscribe to our newsletter

    Loading
  • Follow us

  • Advertise with us

    You can reach us via Facebook, Linkedin, or Twitter for advertising purposes.


© The Cybersecurity Times 2022. All rights reserved.
Press enter/return to begin your search