the others sides - apdsiapdsi.pt/uploads/news/id1130/01 - luc billot... · luc billot cybersecurity...
TRANSCRIPT
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
• Welcome to the Deep Web – the part of the web that is invisible for the systems and search mechanisms in the internet. Social network, file share and photo sharing websites, airline booking systems and all kind of scientific data are inside the web. This hidden content is estimated to represent 94% to 96% of all world wide web which we cannot access from the traditional search engines.
• This Deep Web, with a cloak of invisibility that technology provides, allowed the use and growth of a new internet: decentralized, encrypted, dangerous e far beyond the law.
• While the vast majority of the Deep Web are dangerous websites with useful and relevant information, there is a portion of it that is accessed by the use of a resources called TOR, the darkest place on the internet. It is a collection of websites (with . onion extension), only accessible by this special software. This system is used by all of those that, in their online activity do not want to be traced. To do that, the underlying model allows a retransmission system that sends data between different computers using TOR across the world. In the last decade, it became a famous place for black markets that sell or distribute drugs (as an example, the famous Silk Road), stolen credit card data, porn, illegal media and many more.
• The Deep Web deserves, therefore, to be analysed in order to determine whether we should or not change the way we explore information and online elements. Questions such as privacy and the threats that can arise from it. We should understand what are the opportunities that are available to both organizations and individuals.
Abstract
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
This is what we, the web user, we see… with a Browser
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
How many of you are still using this …
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
This is what you can see with another well know browser : TOR
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
But there is another Reality Where is the problem ?
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Dark Net Deep Net Dark Web Deep Web
X of the Surface
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Deep Web
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Deep/Dark Usage
Child pornography
Drugs
Counterfeit goods
Hacking information
Politics
Hardware/Softwareinformation
Art
Other/Unknown
telegraph.co.uk, 22 April 2014
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Deep Side vs Dark Side
Deep Label Side :
End Users may use it without
knowing
WEB & Network Engineer
design them
• Overlay Networks
• P2P Networks
• Content Deliver Networks
• InterCloud Networks
Dark Label Side
• Where we have to be extremely careful
• Definition
• Usage
• Net vs Web
• Privacy & Encryption
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Tentative Classification Deep WEB Layers
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Tentative Classification Deep WEB Layers
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Level 5 Marianas Web
Hypothetical
Levels 6-8
• Where are conspiracy theorists.
• Level 6 : kind of firewall to restrict
user for going deeper.
• Level 7 : “The Fog” or PrimArch
super admin – geek net. Clearly
very dangerous, droppers &
Malwares, etc..
• Level 8 : PrimArch / may be AI
controlled running on quantum
computer.
• Deepest known level of the web
• A parallel naming with deepest Ocean Trench https://en.wikipedia.org/wiki/Mariana_Trench
• Extremely difficult to reach, safest web from a privacy point of view.
• Julian Assange and top-level Wikileaks members are conviced to get access.
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
What you don’t see with a Web Browser is not always BAD
• API usage for Cloud to
Cloud
• System Alerting & Real
Time Monitoring
• Etc..
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
API Access (cloud to cloud) – CASB example
ADMIN
OAUTH
ACCESS
Public APIs
Authorized
Cisco NGFW / Umbrella
Managed
Users
Managed
Devices
Managed
Network
Unmanaged
Users
Unmanaged
Devices
Unmanaged
Network
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Cloud Web application usage – Monitoring
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
• Dedicated patched PC
• Advanced Malware Protection
• Virtual Machine
• Browser Plug-In
• TOR or others
• Not a Safe Place
Acces Deep Web
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
• Deep Web may have higher quality articles than the surface web (3 to 1 quality ration - BrightPlanet)
• DarkSearch / ipl2 / Infomine : Deep Web search engines
• https://thehiddenwiki.org/
• Information about past and present experiments and research
• Learn & know your enemy : hacking/virus creation tutorials / large hackers community & script kiddies/geek to learn from.
Art of War & Ethical Usage
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
https://www.torproject.org/index.html.en
The Onion Router
• U.S. Navy
• Communications
• Data Transmission
• Security through layers
of encrypted
communication between
nodes.
TOR
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Access Through The Onion Router
• Build on a Firefox browser
• Simple, anyone can get it
• Host machine is untraceable
• Can stay anonymous
• Can access Darknet
• Can see .onion extensions
• Doesn’t protect against vulnerabilities
TOR CORE
TOR : Simplified WorkFlow (1)
TOR Directory
Toby’s TOR
Client get a
TOR Nodes list
from a TOR
directory server
TOR CORE
TOR : Simplifed WorkFlow (2)
TOR Directory
Toby’s TOR
client choose a
random path to
destination
server
Encrypted
Clear Text
TOR CORE
TOR : Simplifed WorkFlow (3)
TOR Directory
Toby’s TOR
Client will
choose another
random path
to the next
destination
server
Encrypted
Clear Text
Toby’s TOR
Client selected
HTTPS
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
The .Onion Domain
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Real or Gov Agencies ?
TOR CORE
Fighting CyberCrime
ILLEGAL SITE
Security Agencies TOR is a key technology in the fight against organized crime on the internet
Agency IP Address Hidden from Site owner
ExiT Node Sniffing
Compromised TOR Node
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Visibility on DeepWeb Traffic CTA : Cisco Threat Analysis Distinguishes TOR by time, sequences, and recognition of hidden IP’s
28
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Others Tools and Virtual Networks
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
I2P : “Invisible Internet Project”
FREEnet
https://freenetproject.org/fr/index.html
https://geti2p.net/en/
Messages encrypted
Outbound and Inbound tunnels
Data exchange
First request have to be to I2P network’s
“database”
Distributed hash table
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Don’t get Malware when looking at the deep dark side
• Keep monitoring Threat Intelligence to be up to date
• Trace File on your devices