Skip to main content

Browser Security Extension

Overview

The Bastion Browser Extension provides real-time protection within the browser. Detect phishing, prevent credential theft, and enforce safe browsing policies.

Features

Real-Time Protection

FeatureProtection
Phishing DetectionBlocks fake login pages
Malware SitesPrevents malicious downloads
TyposquattingWarns about suspicious domains
SSL VerificationChecks certificate validity

Password Protection

  • Detects password reuse
  • Warns on corporate password entry to external sites
  • Prevents credential phishing

Policy Enforcement

  • Block/warn on policy violations
  • Enforce safe search
  • Control file downloads

Installation

Supported Browsers

BrowserVersionPlatforms
Chrome90+Windows, macOS, Linux
Edge90+Windows, macOS
Firefox90+Windows, macOS, Linux
Safari14+macOS

User Installation

  1. Send installation link to employees
  2. User clicks link to browser store
  3. User installs extension
  4. Extension configures automatically

Managed Deployment

Deploy via enterprise management:

Chrome (GPO/MDM):

{
  "ExtensionInstallForcelist": [
    "extension-id;https://clients2.google.com/service/update2/crx"
  ]
}

Firefox (GPO):

{
  "Extensions": {
    "Install": ["extension-url"]
  }
}

Enrollment

After installation:

  1. Extension prompts for enrollment
  2. User signs in with SSO
  3. Extension links to Bastion account
  4. Policies applied automatically

Configuration

Extension Settings

Configure via Bastion dashboard:

  1. Navigate to Web BrowsingBrowser Extension
  2. Click Settings
  3. Configure:
    • Protection levels
    • User notifications
    • Reporting options
  4. Save

Protection Levels

LevelBehavior
BlockPrevent access, show block page
WarnShow warning, allow proceed
MonitorLog activity, no user impact
OffDisable protection

Policy Settings

SettingOptions
Phishing ProtectionBlock, Warn, Monitor
Malware ProtectionBlock, Warn, Monitor
Password ProtectionEnable, Disable
Safe SearchEnforce, Off
Download ScanningEnable, Disable

Password Protection

How It Works

  1. User enters password on a site
  2. Extension checks if password matches corporate password
  3. If match on non-approved site, action taken:
    • Alert user
    • Block submission
    • Notify security team

Configuration

  1. Go to SettingsPassword Protection
  2. Configure:
    • Approved login domains
    • Action on violation (block/warn)
    • Admin notifications
  3. Save

Approved Domains

Define where corporate passwords can be used:

  • login.company.com
  • login.microsoftonline.com
  • *.yourcompany.com

User Experience

Notifications

Users see notifications for:

  • Blocked pages (with reason)
  • Warnings (with proceed option)
  • Security tips
  • Policy updates

Customization

Customize user messaging:

  • Block page content
  • Warning messages
  • IT contact information
  • Request exception process

Reporting

Extension Analytics

View extension usage:

  • Installed users
  • Active users
  • Threats blocked
  • Warnings shown

Threat Reports

See detected threats:

  • Phishing attempts
  • Malware sites
  • Password warnings
  • Policy violations

User Activity

View per-user data (if enabled):

  • Sites visited
  • Threats encountered
  • Actions taken

Troubleshooting

Common Issues

Extension Not Connecting
  • Check network connectivity
  • Verify SSO is working
  • Clear browser cache
  • Reinstall extension
False Positives
  • Add site to allowlist
  • Report false positive
  • Adjust sensitivity settings
Performance Issues
  • Check for conflicting extensions
  • Update browser
  • Reduce monitoring scope

Privacy

Data Collection

Extension collects:

  • URLs visited (for threat checking)
  • Blocked/warned sites
  • Extension status

Extension does not collect:

  • Page content
  • Form data (except for password warnings)
  • Personal files

User Controls

Users can:

  • View extension activity
  • Report false positives
  • Request exceptions

Best Practices

Deploy with Training

Accompany extension deployment with user training on why it's needed.

Start with Warnings

Begin with warn mode. Move to block after users understand the system.

Monitor False Positives

Watch for false positives and adjust allowlists accordingly.

Keep Updated

Enable auto-updates for latest protection.

Next Steps

DNS Filtering

Configure DNS protection

Phishing Campaigns

Test employee awareness