How can understanding this space help them stay secure?
Wednesday, 2 December 2015
Questions about the Dark Web
What do large organisations need to understand about the dark web?
The term Dark Web has many sinister undertones, and can be use used for illegal activities. The World Wide Web that we know and use, is accessible by a browser and is indexed using software called crawlers. Crawlers allow the sites such as Google to know where websites are and the sort of content they contain. There are elements that can not be indexed such a dynamic content, which generates the content on the fly, which is often referred to as the Deep Web.
What do many fail to grasp at the moment?
The Dark Web contains sites that require specific software to access it, and the network is encrypted to conceal the activity whether through privacy concerns or to cover illegal activities. It should also be considered that the Dark Web is tiny compared to the World Wide Web. A recent article believed there are between 7,000 to 30,000 hidden sites on the Dark Web, equating to around 0.03% of the Web.
The Dark Web is often referenced as the location of where stolen credentials are sold. Rather than monitor or access the Dark Web, it is more important to protect the data in the first place. Personal Identifiable Information (PII) should be encrypted, so it would render the information to being gibberish to the perpetrator. Many of the recent attacks, which have allowed thousands of records to be stolen have been achieved by using SQL Injection attacks. If information needs to be accessible to the internet, ensure OWASP standards are followed, ensure the website is tested by a penetration testing organisation and ensure critical data is encrypted.