There are millions of pages on the internet however about 90% of the pages are not indexed by search engines like Google, Yahoo, Bing ..etc. Which means only a tiny portion of the internet is accessible through search engines or standard means. Deep Web is the internet that cannot be accessed through standard search engines or the pages that are not indexed in any way.
Surface Web vs Deep Web vs Dark Web
If we imagine web as an ocean, the surface web is the top of the ocean which appears to spread for miles around, and which can be seen easily or "accessible"; the deep web is the deeper part of the ocean beneath the surface; the dark web is the bottom of the ocean, a place accessible only by using special technologies.
- Surface web: Surface web is the portion of the World Wide Web that is readily available to the general public and searchable with standard web search engines. It is the opposite of the deep web. The section of the internet that is being indexed by search engines is known as the “Surface Web” or “Visible Web”.
- Deep web: Deep web is part of the World Wide Web whose contents are not indexed by standard web search engines for any reason.The content of the deep web is hidden behind HTTP forms, and includes many common uses such as web mail, online banking, and services that users must pay for, and which is protected by a paywall, such as video on demand, some online magazines and newspapers, and many more.Content of the deep web can be located and accessed by a direct URL or IP address, and may require password or other security access past the public website page.
- Dark web: The Dark Web is defined as a layer of information and pages that you can only get access to through so-called "overlay networks", which run on top of the normal internet and obscure access. You need special software to access the Dark Web because a lot of it is encrypted, and most of the dark web pages are hosted anonymously.
Surface web VS Deep web VS Dark Web VS Darknet
Clearnet VS Darknet
What Should a CISO be Concerned About?
Once a CISO is aware of what is available on the dark web, deep web or surface web, its easier to take steps to defend & protect those data from being used by the attackers.
- Exposed DB Servers & S3 Buckets (due to misconfigurations etc.)
- Exposed applications & websites, files & documents which are accessible
- Exposed services like APIs, FTP Servers etc.
- Personnel data which is available freely on the internet, including email addresses, phone numbers etc.
For more information on how to Discover & Map your Applications & Services which are publicly exposed on the internet, intentionally or unintentionally: Click Here