Security Advisory

The most important thing to remember is that your bookings contain sensitive data on both your business and your guests. A high level of security is therefore recommended at all times, not only when working with Max but at all times when working with sensitive data.

Keep your passwords secure! Never keep your passwords in a place where someone can use them to access your data. Ensure that only those people who should have access do have access. Change your passwords regularly! It can be annoying to remember your passwords, especially if you change them often, however it also improves your security.

Our recommended browser of choice is Firefox, in which you will also find Max operates optimally. Which ever browser you do choose, ensure to keep it up to date.

Following are some tips and information on making Firefox more secure for your browsing.

• Download the latest version of Firefox here: www.mozilla.org
• Download the add-ons listed in this article here: addons.mozilla.org

Firefox: Security and Privacy Settings

• Secure surfing and protecting your privacy becomes increasingly important with the constant increase in cybercrime and companies tracking clients' computer habits. Several web technologies have made using the internet more convenient and interesting, but also less secure and easier to abuse.
• Firefox can be customized in many ways to make surfing more secure and protect your privacy. It allows the user to tweak the programme extensively, and there are loads of helpful add-ons which help you adjust Firefox according to your needs and preferences.

General Policy:

• Where possible, a 'white list' approach should be your first choice: forbid everything, then allow only where necessary and where you trust the source. Unfortunately, some web technologies can only be turned on or off globally. In these cases you have to decide if functionality is more important to you than security or privacy.

Cookies:

• Cookies can be both helpful (e.g. for identification purposes) or corrupt your privacy. To edit Firefox's cookie settings, go to the privacy tab in Edit > Preferences. The least you should do is to disallow third-party cookies and have cookies deleted when Firefox is closed.
• Detailed control can be obtained by using the CookieSafe add-on. CookieSafe disables cookies globally, and by a mouse-click let's you accept cookies for single websites, temporarily or permanently.

JavaScript:

• With the introduction of Web 2.0, JavaScript is a lot more widely used to enhance usability and create feature-rich websites. On the other hand, JavaScript has become a widely used means to compromise systems and computers. Especially XSS has become one of the most commonly used attack methods.
• The content tab in Edit > Preferences allows you to globally turn JavaScript on or off. Again, an add-on gives you a lot more control: NoScript has loads of features to control both JavaScript and other technologies like Flash. Disallowing JavaScript globally, you can grant privileges to single domains, temporarily or permanently.

Flash:

• The Flash player is mostly known for playing videos, games or an animated website. However, it can do a lot more. A Flash cookie can store 100Kb of data per domain on your computer. Or access your microphone and webcam. The problem is, that these features cannot be controlled on a per-website basis.
• The NoScript add-on allows you to turn Flash on or off for each website or single Flash elements, but it does not allow you to edit detailed settings.
• Right-clicking on a Flash movie opens a context menu where you can edit these settings; however, only for the website the Flash movie originates from.
• To adjust these settings globally, you have to visit a Macromedia website: here. Now you can disallow the Flash player to store any information on your computer, use the microphone or webcam. The downside is that you can't grant these privileges to single websites.

Tweaking the configuration:

• One of the greatest features of Firefox is that you can edit all configuration parameters directly from the browser. Enter about:config in the address bar, and you are right there.

• DOM Storage is a super-cookie that can store up to 5Mb of data on a computer. With the parameter dom.storage.enabled you can disable DOM storage globally.

• Some websites use small images to track users over several websites, particularly companies interested in advertising products. You can configure Firefox to only accept images from the originating website, thus rendering image tracking useless.
• Set permissions.default.image to 3.
• However, there is major downside to this: several websites don't store their images on the same domain as the originating site. Amazon for example, or YouTube. This means you won't be able to see these images. Unfortunately, these are also companies that are interested in tracking your surfing.

• By default, Firefox sends a referrer. Sending the referrer can be prevented by setting Network.http.sendRefererHeader to 0.

User Agent:

• Every time you visit a website, your browser sends along information about yourself in the user agent. Again, there is an add-on for Firefox, that let's you manipulate the user agent: User Agent Switcher. A tool that lets you choose between different pre-set and customizable user agents to obscure your identity.

Recommendations:

• It's a tightrope walk between gaining security and privacy, and losing convenience or usability. In any case, controlling cookies and JavaScript using the mentioned plug-ins is strongly recommended. It's not that much of an effort, and increases security and privacy considerably.
• Turning off DOM storage does not seem to affect the usability of a website, so this should be safe. As is not sending the referrer.
• Preventing the Flash player from storing data on your computer is, in most cases, without side effects. Some minor features like volume controls in Flash video players may not work anymore.
• Allowing images only from the originating site can be problematic; most websites work totally fine, but when visiting sites like Amazon or Ebay, hardly any images are left to be seen, rendering these sites almost useless.
• If you are more paranoid, the User Agent Switcher is interesting, but requires a little work and may result in display errors on some websites.

• Download the latest version of Firefox here:
• Download the add-ons listed in this article here: