Top 3 Misconceptions About the Deep Web & What CISOs Need to Know

Deep Web is the internet that cannot be accessed through standard search engines or the pages that are not indexed in any way.

Top 3 Misconceptions About the Deep Web

Deep Web & Dark Web are the Same

Dark Web is classified as a small portion of the Deep Web that has been intentionally hidden and is inaccessible through standard web browsers. Dark Web and Deep Web, neither can be search-indexed but large sections of the the Deep Web, unlike the darknets that form the so-called Dark Web, do not need any special censor-resistant software for access. The Dark Web, on the other hand, can only be accessed through various platforms that allows anonymity, the best-known and most widely-used among which happens to be Tor. Other platforms like I2P and Freenet are also generally referred to as being parts of the Dark Web.

This is a Anonymous Platform

Amidst all the disturbing material found in the Dark Web, the fact remains that anonymous communication networks are a boon for many activists, reporters, researchers and whistle-blowers who simply need the anonymity, without which, their lives and livelihoods may be in grave danger

Deep Web is Only used for Illegal Goods & Services

Dark Web has flourished a thriving trade of all that is illegal and unacceptable in civil society. In their book Cryptopolitik and the Darknet, researchers Daniel Moore and Thomas Rid claimed that around 57% of the Dark Web includes illicit content. Yet, a large part of the darknets manage to stay within the legal and ethical boundaries for the most part. Tor hosts a vast majority of the websites on the Dark Web. Deep Web is primarily infamous for drug dealing, assassin hiring but if we look on the other side of the coin, Deep web is used by whistle blowers, hacktivists and revolutionaries.

>> Hands-on workshop: Dark Web for Threat Intelligence @SACON...

What Can be Found in Deep Web?

The Deep Web Includes the below but is not limited to the below

  1. You can get Multi-URL mega-databases that are very large for standard search engines to index.
  2. Records, certificates, name directories, library indexes ..& more
  3. Sensitive information like : Email id, Passwords, Password-protected and members-only websites
  4. The back-end dashboard of any sort of individual account, whether it be banking, social platforms, email services, etc. This is only available after an account is logged into and accessed. Then, the URL changes to a private address accordingly.
  5. Two-party user-to-user communications or threads on social media, chat services, messaging platforms, etc.

There are several tools used for reaching these parts of the internet. The TOR (The Onion Router) maintains the most popular tool for Dark Web access. Their primary product is the Tor browser. The .onion websites are opened only through TOR browsers. If you think you are completely anonymous though, think again. Law enforcement routinely shuts down and prosecutes sites and people doing illegal things on the Dark Web. Tor is the preeminent anonymising platform in the virtual world, and has been recommended by various human rights organisations as a shield for activists and dissidents fighting oppressive regimes around the world. cyber-security researchers are also known to use Tor to test firewalls and provide emergency DNS lookup services in case of DNS failures.

What Should a CISO be Concerned About?

Once a CISO is aware of what is available on the dark web, deep web or surface web, its easier to take steps to defend & protect those data from being used by the attackers. Any connection to or from the dark web within your company network can put you at risk (Dark Web Insider Threats)

  • Exposed DB Servers & S3 Buckets (due to misconfigurations etc.)
  • Exposed applications & websites, files & documents which are accessible
  • Exposed services like APIs, FTP Servers etc.
  • Personnel data which is available freely on the internet, including email addresses, phone numbers etc.

For more information on how to Discover & Map your Applications & Services which are publicly exposed on the internet, intentionally or unintentionally: Click Here

>> Hands-on workshop: Dark Web for Threat Intelligence @SACON...

Source: DarkWebNews Blog, FireCompass Shadow IT Page

Views: 166

Comment

You need to be a member of CISO Platform to add comments!

Join CISO Platform

Follow Us

Contact Us

Email: contact@cisoplatform.com

Mobile: +91 99002 62585

InfoSec Media Private Limited,First Floor,# 48,Dr DV Gundappa Road, Basavanagudi,Bangalore,Karnataka - 560004

© 2018   Created by CISO Platform   |   Powered by

Badges  |  Report an Issue  |  Privacy Policy  |  Terms of Service

Related Posts