Virtualization Technology News and Information
Article
RSS
How to keep your deep web data safe (and away from the dark web)

Deep web and dark web are sometimes used interchangeably - but the terms mean different things. Above them is the surface web, which contains the pages anyone can directly access through popular search engines like Google. The deep web is the private area of the internet protected by some form of access security, which comprises most of the data online (around 95%). Going further underground, the dark web is a subsection of the deep web accessed via special tools like the Tor browser, hosting anonymous sites frequently on the wrong side of the law.

If organizations don't protect their deep web data, it's liable to end up stolen and for sale on dark web marketplaces. We'll help you understand these layers and provide some practical tips to keep your data safe on the deep web and away from the dark web.

Dark-Web-vs-Deep-Web-Diagram 

What's on the deep web?

The deep web essentially contains anything you need credentials to access - so any page you couldn't get to directly from a search engine. In other words, ‘non-indexed' pages. This includes academic databases, subscription services, private networks, private forums, and medical records. Something like your personal Gmail or Netflix home page would be considered a deep web page. We want these pages obscured from the surface web to protect user privacy, and to gate paywalled services people have paid for, like software as a service (SaaS) solution, paid news websites, and streaming sites.

The dark web: hidden and potentially dangerous

The dark web is a subset of the deep web that can't be accessed by normal browsers. Accessing it requires special software like the Tor browser, VPN service (Tor network), and onion routing. Dark web sites can't be indexed by web crawlers and are impossible to access from regular browsers like Google Chrome. Access to content is restricted via virtual traffic tunnels through randomized network architecture, and it's this decentralized and obscure nature which makes it hard to map and measure.

The dark web hosts sites that engage in illegal activities, including web commerce sites and marketplaces that would be quickly removed if discovered on the surface web. The Silk Road is perhaps the most famous, although authorities did manage to get it shut down in 2013. Though best known for illegal activities, the dark web isn't just a lawless frontier. It harbors legitimate sites and services, from news to search engines, file sharing, and other resources that can be invaluable to whistleblowers (think Wikileaks) or journalists in highly restrictive countries.

In terms of cybercrime, dark web marketplaces have become notorious for identity theft, ransomware-as-a-service, phishing-as-a-service, and the sale of financial details, medical records, and corporate secrets. It's not somewhere you want to find your organization's data for sale.

Keeping deep web data secure

The private nature of the data on the deep web makes it attractive to cybercriminals - it's protected for a reason. For organizations, passwords are most often the only thing protecting their data from being stolen. Here are some steps every business should be taking to keep their employees' credentials secure.

Strong unique credentials

Attackers constantly attempt to compromise identity to hack into business-critical networks. After all, why hack into a network using difficult-to-carry-out techniques when you can walk through the front door with the valid credentials of a legitimate user? Having sensitive data leaked to the dark web can be highly damaging to organizations leading to lost customer confidence, damaged reputation, and even compliance and legal ramifications.

Third party tools such as Specops Password Policy, that enables you to enforce stronger password policies and guides users towards creating strong passwords and passphrases resistant to common cracking techniques. Using the password rules configuration, admins can significantly increase their security of the default password policy settings in Active Directory and enforce the use of strong passwords in their environment. Your organization can also block over 3 billion known unique compromised passwords, which are likely on the dark web, from your AD. This is vital in keeping data off the dark web, where stolen credentials are traded like commodities among Initial Access Brokers (IABs).

Multi-factor authentication (MFA)

MFA adds an extra layer of security by requiring multiple forms of verification. This could involve combining a password with a smartphone app that generates a time-based code or a biometric factor like fingerprints or facial recognition. By requiring at least two of these factors, MFA makes it more challenging for attackers to gain access to a device or online accounts, even if they know the password. It's like having two locks on a treasure chest; even if one key is stolen, the chest remains secure unless the other is compromised too.

End user education

It's not fair to place all responsibility on end users, but they do have a part to play. Users need to be aware of the social engineering tactics attackers use in phishing emails. They should also be encouraged to use good online hygiene when accessing sensitive data, including using VPNs, patching software, avoiding unprotected public networks, enabling antivirus software, and taking regular backups.  

Adopt a zero-trust approach

The zero-trust model is a security concept based on the principle that organizations should not automatically trust anything inside or outside its perimeters. Instead, everything must be verified before granting access. Here's how to implement a zero-trust approach:

  • Verify every user and device: Continuously authenticate and authorize all users and devices trying to access resources, regardless of their location.
  • Least privilege access: Grant users only the necessary access to perform their tasks. If users don't need access to specific data, they shouldn't have it.
  • Micro-segmentation: Divide the network into smaller zones to control lateral movement within the network. If a malicious actor gains access to one area, they won't have free rein over the entire system.
  • Monitor and log all activity: Keep detailed logs of all network activity. This not only helps in understanding user behavior but also aids in early detection of any suspicious activity.

Can you tell if your data is on the dark web?

In the digital age, confidential data is a prized asset, and the dark web is where you can most easily find it on sale. The most important thing is stopping your data from becoming compromised in the first place. However, discovering your data is on sale on a dark web marketplace can give you a valuable heads up. Threat intelligence platforms specializing in scanning the dark web and monitoring can alert you if your information appears in unauthorized places.

By monitoring the dark web, security teams can gain information that will enable them to stay ahead of threats. For instance, knowing if your organization's data has been leaked can help security analysts change the relevant credentials and secure your systems before an attack occurs. Further, monitoring exchanges on dark web forums allows security personnel to gather threat intelligence. This enables them to gain insights into the operations of sophisticated adversaries and be warned of emerging threats.

Even if you have an effective password policy, strong passwords can still become compromised and end up on the dark web through phishing attacks or other data breaches. This is why Specops Password Policy uses a Breached Password Protection feature to scan your Active Directory against over 3 billion unique weak and compromised passwords. Our research team collects attack monitoring data on a daily basis to protect organizations across the world from password attacks happening in real time.

Looking for a simple but effective security tool to root out compromised credentials in real time? Try Specops Password Policy for free today.  

##

ABOUT THE AUTHOR

Darren Siegel, Product Specialist and Technical Lead

Darren-Siegel 

Darren Siegel is a cyber security expert at Specops Software. He works as a lead IT engineer, helping organizations solve complex challenges within IT security. Darren has more than 16 years’ experience within Active Directory, IT security, servers, storage, virtualization, cloud, and identity and access management.   

Published Tuesday, August 29, 2023 8:50 AM by David Marshall
Filed under: ,
Comments
There are no comments for this post.
To post a comment, you must be a registered user. Registration is free and easy! Sign up now!
Calendar
<August 2023>
SuMoTuWeThFrSa
303112345
6789101112
13141516171819
20212223242526
272829303112
3456789