Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17


Criteria for selecting web pages to protect against Defacement

Posted on 2016-09-28
Medium Priority
Last Modified: 2016-09-29
We have hundreds of public facing web pages : do we protect all of them or only those

a) that when defaced will cause our corporate image to be affected?
b) or web pages that have injection & certain vulnerabilities?  What are they?
c) or only web pages that are frequently used?
d) for announcement page that announces when is out service downtime, is this a good
    candidate web page to protect?
Question by:sunhux
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
  • 2
LVL 35

Assisted Solution

by:Terry Woods
Terry Woods earned 1000 total points
ID: 41819471
Things to consider:

1. If an attacker gets access to a server, then they may be able to send email, launch attacks on other devices on the internet, or publish/serve advertising, malware, or scams. Once compromised, backdoors may be put in place that make it vulnerable to further attacks.
2. If an attacker gets access to publish content, then they may be able to serve advertising, malware, or scams.
3. IP addresses of compromised systems can be blacklisted, demoting search rankings and potentially causing staff web traffic to be blocked or emails to be rejected.
4. There are legal responsibilities to protect private data.

Vulnerabilities differ by system, so there's little point going into detail when it may not apply to you. In general, having someone knowledgeable enough to maintain systems is important, and avoiding too much complexity is also important. When failing with either of those, software tends to miss out on important security updates.

Thinking about security on the scale of individual pages is the wrong level of thinking; thinking about systems as a whole is more important. If a system as a whole allows amateur users to introduce security holes, that's a failure of the system and its management, rather than something to try to blame the user for.
LVL 64

Accepted Solution

btan earned 1000 total points
ID: 41819637
Since it is already mentioned to be belonging to your company (with trademarks, logo) , these represents the company - as statement to the member of public ( regardless if it is an advisory put up, or company news published etc) the company assurance for their confidence and trust in the company. Once this trust is breached in any way due to misrepresentation from the website, it is very hard to (or will never be) recover.

Imagine the website is being defaced (even if it is just a static one) or being under DDoS or hosting malvetisements, these have bigger implication to the eventually the company to answer to the public and importantly to authority on legal implication.

As a whole, if the websites is to be in the internet accessible by public , it is due diligence and due care to make it is as-is intended and not subjected to worst off protection as compared to any of your other websites. It is tough to say which is more critical than others though not impossible to categorized them to their criticality of the services and even the hosted domain name like . edu or .gov has greater significances to public as compared to .net or .com or .org (it is debatable and varied in perceptive).

The total effect is tremendous till you really have gotten the hit - do not even allow such opportunity to happen when you clearly know you can minimize the exposure. If really the budgeting is a challenge the intangible risk  should also be taken into account for the total damages if website is compromised - it can be far more exceed the cost to maintain it. If the cost of having to expose it or even able to tolerate to being compromised, then consider if it really need to be published as website or reachable via internet. Risk assessment has to take  place probably - every website put up has a purpose in business running.

It is not a "if" but "when" so do not have after though as the media comms will already have bring the downfall to the company or the stakeholder - do not neglect that if those websites are targeted due to their connectivity into the intra system, the damage of the internal system can be bigger and more enticing to attacker.

Author Comment

ID: 41820172
I understand from our Cyber Defacement protection vendor that
does not automatically lead to monitoring
so need to monitor both, is this true?

One colleague suggested the following criteria:
web pages that are the main pages or that are easily visible ought to
be given priority for defacement protection while those pages that
need to be navigated several levels down will be less likely to be
defaced, thus lower priority in monitoring them .....  is this true?
Understanding Web Applications

Without even knowing it, most of us are using web applications on a daily basis. Gmail and Yahoo email, Twitter, Facebook, and eBay are used by most of us daily—and they are web applications. We often confuse these web applications tools for websites.  So, what is the difference?


Author Comment

ID: 41820176
& he further adds : web pages that needs to be navigated down but
contain 'view-only' information without critical transactions taking
place in them can be given least priority of defacement monitoring.

So if a web page that is several navigations away involves entering
crucial data entry/transactions, then these pages ought to be given
priority for monitoring

Author Comment

ID: 41820186
Defacement causes loss of reputation but he further adds that injecting links
that lead to malicious sites is of more concern
LVL 35

Assisted Solution

by:Terry Woods
Terry Woods earned 1000 total points
ID: 41820404
Yes, it's true that less-visited pages are less likely to be targeted, however some attacks are quite subtle and may intentionally avoid being obvious. I came across one case where a site appeared pristine when visited, but malicious data had been added to the meta data of the page in such a way that the preview-snippet in the Google search had been modified.

It is inefficient though to manually monitor individual pages, unless they are so valuable it justifies dedicated labour. It is better use of time to set up automatic monitoring tools, or add a feature that allows users to report something that's not right. The larger the scale of the system, the more effort should go into automation and efficiency.
LVL 64

Assisted Solution

btan earned 1000 total points
ID: 41820909
For defacement, in general the provider will ask the domain of customer as well as the list of pages under which to protect. They go by the no of pages based on the licence procured.

Defacement has learnt the baseline of the pages during the tuning processes. So on event there are changes done on the pages, it need to relearn and establish new baseline otherwise it is going ro be a false positive.

Besides defacement controls, consider the WAF which prevents web attack attempt.

Featured Post

Learn how to optimize MySQL for your business need

With the increasing importance of apps & networks in both business & personal interconnections, perfor. has become one of the key metrics of successful communication. This ebook is a hands-on business-case-driven guide to understanding MySQL query parameter tuning & database perf

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Getting to know the threat landscape in which DDoS has evolved, and making the right choice to get ourselves geared up to defend against  DDoS attacks effectively. Get the necessary preparation works done and focus on Doing the First Things Right.
Will you be ready when the clock on GDPR compliance runs out? Is GDPR even something you need to worry about? Find out more about the upcoming regulation changes and download our comprehensive GDPR checklist today !
The viewer will get a basic understanding of what section 508 compliance can entail, learn about skip navigation links, alt text, transcripts, and font size controls.
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …

715 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question