Internet traffic and web services
Think for a moment about how many websites you access and how many emails you receive and send every day.
This activity involves a huge amount of web traffic. When you think about the sheer number of instances and the speed at which people sift through these things, the possibility for error is very high.
So, with this high volume of traffic and activity typical for all users today, it's imperative for an organisation to have a comprehensive monitoring system. Continuously monitoring your network activity for signs of attack is a great way to catch hackers and breaches before they become problems.
Indeed, it's a top priority for SOCs to trawl through all the data so they can detect threats early and react swiftly. As always though, prevention is better than cure. So if the entire organisation is more alert and attuned to threats, fewer will actually break through.
Here are some typical risks related to inbound and outbound Internet traffic. In the context of web access, these include:
- Users downloading unauthorised programs or importing malware from external websites, e.g., BitTorrent.
- Inbound or outbound traffic being intercepted and revealing sensitive information, usernames, and passwords, e.g., HTTP, FTP.
- Attackers defacing a website, causing considerable reputational damage.
- Hackers posing as legitimate users to perform fraudulent transactions. Financial institutions and ecommerce sites are particularly at risk of this.
In 2020, Two Iranians defaced at least 51 US government websites to display their resentment and anger toward the assassination of Iran’s military general Qasem Soleimani. They posted various images of late Soleimani, messages against the US government, and offensive images of the then-current US President Donald Trump.
Mitigating controls against these types of breaches include:
- Using TLS 1.2 or above when external users log in to a website, especially if they need access to sensitive information or to execute transactions.
- Using a VPN for external partners to browse an internal web server.
- Using stronger authentication mechanisms for high-value websites, for example a one-time-password (OTP) or other two-factor authentication with tokens.
- Ensuring the website has been implemented according to good practice and penetration testing has been undertaken.
- Check URL’s social media shrink links use .
- Tab napping.
Now you will look at web services and the associated risks/countermeasures.
Web services
Web services allow applications to communicate with each other using web-based protocols. Common web services include Amazon and Google Cloud Platform.
The risks associated with web services are similar to Internet traffic and include:
- Traffic being intercepted, and sensitive information revealed.
- An attacker creating fraudulent transactions by modifying or inserting new transactions into the traffic between communicating parties.
The mitigating controls are the same as those for internet traffic.
Figure 1: Internet threats
What’s next?
Having looked at Internet traffic and web services, you will now look at email.
In this next course you will be taking a closer look at network security issues. These include old technologies like PSTN as well as more recent ones like VoIP, as well as staples like email and mobile.
A world-leading tech and digital skills organization, we help many of the world’s leading companies to build their tech and digital capabilities via our range of world-class training courses, reskilling bootcamps, work-based learning programs, and apprenticeships. We also create bespoke solutions, blending elements to meet specific client needs.