200 likes | 468 Views
SSL Security and anonymity in the web. What is SSL ?.
E N D
SSL Security and anonymity in the web
What is SSL ? • SSL (Secure Sockets Layer) is a standard security technology for establishing an encrypted link between a server and a client—typically a web server (website) and a browser; or a mail server and a mail client (e.g., Outlook). It allows sensitive information such as credit card numbers, social security numbers, and login credentials to be transmitted securely. To establish this secure connection, the browser and the server need an SSL Certificate.
Security and anonymity in the web • Security Websites and web applications are just as prone to security breaches as physical homes, stores, and government locations. Unfortunately, cyber crime happens every day, and great web security measures are needed to protect websites and web applications from becoming compromised. That’s exactly what web security does – it is a system of protection measures and protocols that can protect your website or web application from being hacked or entered by unauthorized personnel. This integral division of Information Security is vital to the protection of websites, web applications, and web services. Anything that is applied over the Internet should have some form of web security to protect it. • Anonymity This refers to the ability of users to hide their online identities, including their IP addresses and geographic locations. There are several ways to enhance one’s online anonymity: Web Browser: using a secure and private web browser can block companies from tracking online users. Avira Scout integrates such a functionality. Email: most emails nowadays encrypt emails, but few allow users to sign up without relinquishing certain private information. Some, such as Thunderbird, are more privacy-focused than others. Instant Messaging: a number of instant messaging clients on computers and mobile devices encrypt communications to prevent them from being read by unauthorized third parties. Adium, Pidgin, and Signal are three such services.
Encryption necessary Encryption, is the process of changing information in such a way as to make it unreadable by anyone except those possessing special knowledge (usually referred to as a "key") that allows them to change the information back to its original, readable form. Encryption is important because it allows you to securely protect data that you don't want anyone else to have access to. Businesses use it to protect corporate secrets, governments use it to secure classified information, and many individuals use it to protect personal information to guard against things like identity theft.
Web server secured and connection • Webserver secured Various high-profile hacking attacks have proven that web security remains the most critical issue to any business that conducts its operations online. Web servers are one of the most targeted public faces of an organization, because of the sensitive data they usually host. Securing a web server is as important as securing the website or web application itself and the network around it. If you have a secure web application and an insecure web server, or vice versa, it still puts your business at a huge risk. Your company’s security is as strong as its weakest point. • Webserver connection • In general, all of the machines on the Internet can be categorized as two types: servers and clients. Those machines that provide services (like Web servers or FTP servers) to other machines are servers. And the machines that are used to connect to those services are clients. When you connect to Yahoo! at www.yahoo.com to read a page, Yahoo! is providing a machine (probably a cluster of very large machines), for use on the Internet, to service your request. Yahoo! is providing a server. Your machine, on the other hand, is probably providing no services to anyone else on the Internet. Therefore, it is a user machine, also known as a client. It is possible and common for a machine to be both a server and a client, but for our purposes here you can think of most machines as one or the other. • A server machine may provide one or more services on the Internet. For example, a server machine might have software running on it that allows it to act as a Web server, an e-mail server and an FTP server. Clients that come to a server machine do so with a specific intent, so clients direct their requests to a specific software server running on the overall server machine. For example, if you are running a Web browser on your machine, it will most likely want to talk to the Web server on the server machine. Your Telnet application will want to talk to the Telnet server, your e-mail application will talk to the e-mail server, and so on..
What is a vpn ? • Why do I need a VPN? • Hide your IP address • Connecting to a Virtual Private Network often conceals your real IP address. • Change your IP address • Using a VPN will almost certainly result in getting a different IP address. • Encrypt data transfers • A Virtual Private Network will protect the data you transfer over public WiFi. • Mask your location • With a Virtual Private Network, users can choose the country of origin for their Internet connection. • Access blocked websites • Get around website blocked by governments with a VPN. A VPN, or virtual private network, is a secure tunnel between your device and the internet. VPNs are used to protect your online traffic from snooping, interference, and censorship. Express VPN can also act as a proxy, allowing you to mask or change your location and surf the web anonymously from wherever you want.
Tor and darknet • TOR Tor is free and open-source software for enabling anonymous communication. The name is derived from an acronym for the original software project name "The Onion Router".[ Tor directs Internet traffic through a free, worldwide, volunteer overlay network consisting of more than seven thousand relays]to conceal a user's location and usage from anyone conducting network surveillance or traffic analysis. Using Tor makes it more difficult to trace Internet activity to the user: this includes "visits to Web sites, online posts, instant messages, and other communication forms". Tor's intended use is to protect the personal privacy of its users, as well as their freedom and ability to conduct confidential communication by keeping their Internet activities from being monitored. Tor does not prevent an online service from determining when it is being accessed through Tor. Tor protects a user's privacy, but does not hide the fact that someone is using Tor. Some websites restrict allowances through Tor. Onion routing is implemented by encryption in the application layer of a communication protocol stack, nested like the layers of an onion. Tor encrypts the data, including the next node destination IP address, multiple times and sends it through a virtual circuit comprising successive, random-selection Tor relays. Each relay decrypts a layer of encryption to reveal the next relay in the circuit to pass the remaining encrypted data on to it. The final relay decrypts the innermost layer of encryption and sends the original data to its destination without revealing or knowing the source IP address. Because the routing of the communication was partly concealed at every hop in the Tor circuit, this method eliminates any single point at which the communicating peers can be determined through network surveillance that relies upon knowing its source and destination.
Darknet Dark Net (or DArknet) is an umbrella term describing the portions of the Internet purposefully not open to public view or hidden networks whose architecture is superimposed on that of the Internet."Darknet" is often associated with the encrypted part of the Internet called Tor network where illicit trading takes place such as the infamous online drug bazaar called Silk Road. It is also considered part of the Deep Web. Anonymous communication between whistle-blowers, journalists and news organisations is facilitated by the "Darknet" Tor network through use of applications including SecureDrop.
Is total anonymity in the web possible? No! To access any website on the internet, you must send information to that website. Regardless of whether this information is seen or not, it is used, and can be intercepted by others. Additionally, cookies and other digital footprints can easily be traced back to you. As soon as you go on the internet, you have a digital footprint. This is inevitable, but some have more conspicuous footprints than others. Even if your information is intercepted, it doesn’t always mean that you are in trouble. Some pieces of information are hard to trace back, and it may take very advanced hackers to completely deanonymize an internet user. If you use the internet correctly, while making sure to protect your identity and trying not to leave a conspicuous footprint, then there is very little to worry about.
1. Code Injection What are the most common security problems with the web ? Hackers are sometimes able to exploit vulnerabilities in applications to insert malicious code. Often the vulnerability is found in a text input field for users, such as for a username, where an SQL statement is entered, which runs on the database, in what is known as an SQL Injection attack. Other kinds of code injection attacks include shell injection, operating system command attacks, script injection, and dynamic evaluation attacks. Attacks of this type can lead to stolen credentials, destroyed data, or even loss of control over the server. They are also surprisingly common, as the OWASP (Open Web Application Security Project) Foundation ranks code injection first in its Top 10 Application Security Risks. .
2. Data Breach The cost of data breaches is well documented. They are often caused by compromised credentials, but the range of other common causes include software misconfiguration, lost hardware, or malware (more on that below). The Breach Level Index indicates there were 944 known data breaches in the first half of 2018 and nearly 2,000 in 2017. Data breach prevention requires a range of good practices. Site traffic and transactions should be encrypted with SSL, permissions should be carefully set for each group of users, and servers should be scanned. Employees should be trained in how to avoid being caught by phishing attacks, and how to practice good password hygiene. The principle of least privilege is worth noting here, as well.
3. Malware Infection Most businesses are aware on some level of the security threat posed by malware, yet many people are unaware that email spam is still the main vector of malware attack. According to the Ponemon Institute’s 2017 State of Cybersecurity in Small and Medium-Sized Business (SMB) report, 36 percent of SMBs experienced malware attacks that year. Because malware comes from a range of sources, several different tools are needed for preventing infection. A robust email scanning and filtering system is necessary, as are malware and vulnerability scans. Like breaches, which are often caused by malware infection, employee education is vital to keep businesses safe from malware.
4. Distributed Denial of Service Attack • A Distributed Denial of Service (DDoS) attack generally involves a group of computers being harnessed together by a hacker to flood the target with traffic. • A NETSCAPE Arbor report suggested there were 7.5 million DDoS attacks in 2017, so while many target IT service providers, they are still more prevalent than many people realize. One of the most worrying aspects of DDoS attacks for businesses is that without even being targeted, the business can be affected just by using the same server, service provider, or even network infrastructure.
5. Malicious Insiders • This last threat is uncomfortable to think about, but common enough to require serious consideration, as the 2017 U.S. State of Cybercrime Highlights report from CERT shows that one in five attacks are committed by insiders.
How to fix this 5 problems • 1.Code Injection There are two ways to prevent code injection: avoiding vulnerable code and filtering input. Applications can guard against vulnerable code by keeping data separate from commands and queries, such as by using a safe API with parameterized queries. Businesses should also use input validation, and observe the principle of least privilege, applying controls like the SQL LIMIT function to reduce the damage from a successful attack. A Web Application Firewall (WAF) which updates a threat database in real-time is the only effective way to filter application input to protect against code injection.
2.Data Breach In the event that your business discovers a potential data breach, you may face legal or compliance requirements for notifying customers or regulatory authorities. Disclosure requirements and strategies should be determined ahead of time so that the maximum amount of organizational resources can be dedicated to making sure that no more data is stolen as well as repairing the damage caused. Once the attack vector has been blocked, a comprehensive incident investigation should be conducted, and the network scanned to make sure all vulnerabilities have been identified and closed off.
3. Malware Infection Any device or system infected with malware must be thoroughly scrubbed, which means identifying the hidden portions of code and deleting all infected files before they replicate. This is practically impossible by hand, so requires an effective automated tool.
4. Distributed Denial of Service Attack • If your business is caught up in a DDoS attack, put your disaster recovery plan into effect, and communicate with employees and customers about the disruption. A security tool such as a WAF is used to close off the port or protocol being saturated, in a process which will likely have to be repeated as attackers adjust their tactics. • Ultimately, service is best restored with a content distribution network (CDN) like CloudFlare, which can absorb an enormous impact while identifying and then filtering out malicious traffic. Make sure to also look for DDoS protection with real-time monitoring for comprehensive mitigation of attacks.
5. Malicious Insiders • Preventing damage from insider attacks is largely about limiting the amount of access a malicious insider has. This means setting logical access control policies to implement the principle of least privilege (but you have that covered by now, right?), and monitoring the network with audit and transaction logs. A solution like Liquid Web’s custom Malicious Activity Detector (MAD) will also guard against threats both from within and outside the organization. • If a malicious insider attack is detected, the insider’s access privileges should immediately be revoked. That done, the police should be contacted to prevent that person from carrying out further actions that could damage the business, such as selling stolen data.