Solved

Criteria for selecting web pages to protect against Defacement

Posted on 2016-09-28
7
87 Views
Last Modified: 2016-09-29
We have hundreds of public facing web pages : do we protect all of them or only those

a) that when defaced will cause our corporate image to be affected?
b) or web pages that have injection & certain vulnerabilities?  What are they?
c) or only web pages that are frequently used?
d) for announcement page that announces when is out service downtime, is this a good
    candidate web page to protect?
0
Comment
Question by:sunhux
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
  • 2
7 Comments
 
LVL 35

Assisted Solution

by:Terry Woods
Terry Woods earned 250 total points
ID: 41819471
Things to consider:

1. If an attacker gets access to a server, then they may be able to send email, launch attacks on other devices on the internet, or publish/serve advertising, malware, or scams. Once compromised, backdoors may be put in place that make it vulnerable to further attacks.
2. If an attacker gets access to publish content, then they may be able to serve advertising, malware, or scams.
3. IP addresses of compromised systems can be blacklisted, demoting search rankings and potentially causing staff web traffic to be blocked or emails to be rejected.
4. There are legal responsibilities to protect private data.

Vulnerabilities differ by system, so there's little point going into detail when it may not apply to you. In general, having someone knowledgeable enough to maintain systems is important, and avoiding too much complexity is also important. When failing with either of those, software tends to miss out on important security updates.

Thinking about security on the scale of individual pages is the wrong level of thinking; thinking about systems as a whole is more important. If a system as a whole allows amateur users to introduce security holes, that's a failure of the system and its management, rather than something to try to blame the user for.
0
 
LVL 63

Accepted Solution

by:
btan earned 250 total points
ID: 41819637
Since it is already mentioned to be belonging to your company (with trademarks, logo) , these represents the company - as statement to the member of public ( regardless if it is an advisory put up, or company news published etc) the company assurance for their confidence and trust in the company. Once this trust is breached in any way due to misrepresentation from the website, it is very hard to (or will never be) recover.

Imagine the website is being defaced (even if it is just a static one) or being under DDoS or hosting malvetisements, these have bigger implication to the eventually the company to answer to the public and importantly to authority on legal implication.

As a whole, if the websites is to be in the internet accessible by public , it is due diligence and due care to make it is as-is intended and not subjected to worst off protection as compared to any of your other websites. It is tough to say which is more critical than others though not impossible to categorized them to their criticality of the services and even the hosted domain name like . edu or .gov has greater significances to public as compared to .net or .com or .org (it is debatable and varied in perceptive).

The total effect is tremendous till you really have gotten the hit - do not even allow such opportunity to happen when you clearly know you can minimize the exposure. If really the budgeting is a challenge the intangible risk  should also be taken into account for the total damages if website is compromised - it can be far more exceed the cost to maintain it. If the cost of having to expose it or even able to tolerate to being compromised, then consider if it really need to be published as website or reachable via internet. Risk assessment has to take  place probably - every website put up has a purpose in business running.

It is not a "if" but "when" so do not have after though as the media comms will already have bring the downfall to the company or the stakeholder - do not neglect that if those websites are targeted due to their connectivity into the intra system, the damage of the internal system can be bigger and more enticing to attacker.
0
 

Author Comment

by:sunhux
ID: 41820172
I understand from our Cyber Defacement protection vendor that
monitoring
   http://a.b.c/
does not automatically lead to monitoring
   http://a.b.c/1.aspx
so need to monitor both, is this true?


One colleague suggested the following criteria:
web pages that are the main pages or that are easily visible ought to
be given priority for defacement protection while those pages that
need to be navigated several levels down will be less likely to be
defaced, thus lower priority in monitoring them .....  is this true?
0
Portable, direct connect server access

The ATEN CV211 connects a laptop directly to any server allowing you instant access to perform data maintenance and local operations, for quick troubleshooting, updating, service and repair.

 

Author Comment

by:sunhux
ID: 41820176
& he further adds : web pages that needs to be navigated down but
contain 'view-only' information without critical transactions taking
place in them can be given least priority of defacement monitoring.

So if a web page that is several navigations away involves entering
crucial data entry/transactions, then these pages ought to be given
priority for monitoring
0
 

Author Comment

by:sunhux
ID: 41820186
Defacement causes loss of reputation but he further adds that injecting links
that lead to malicious sites is of more concern
0
 
LVL 35

Assisted Solution

by:Terry Woods
Terry Woods earned 250 total points
ID: 41820404
Yes, it's true that less-visited pages are less likely to be targeted, however some attacks are quite subtle and may intentionally avoid being obvious. I came across one case where a site appeared pristine when visited, but malicious data had been added to the meta data of the page in such a way that the preview-snippet in the Google search had been modified.

It is inefficient though to manually monitor individual pages, unless they are so valuable it justifies dedicated labour. It is better use of time to set up automatic monitoring tools, or add a feature that allows users to report something that's not right. The larger the scale of the system, the more effort should go into automation and efficiency.
0
 
LVL 63

Assisted Solution

by:btan
btan earned 250 total points
ID: 41820909
For defacement, in general the provider will ask the domain of customer as well as the list of pages under which to protect. They go by the no of pages based on the licence procured.

Defacement has learnt the baseline of the pages during the tuning processes. So on event there are changes done on the pages, it need to relearn and establish new baseline otherwise it is going ro be a false positive.

Besides defacement controls, consider the WAF which prevents web attack attempt.
0

Featured Post

Defend Your Organization from The Greatest Threats

Looking to fill the gaps in your security? Bring together information from the network, endpoint and threat intelligence feeds to really see what's happening in your organization. Join the WatchGuardians in their adventures fighting cyber crime!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Color can increase conversions, create feelings of warmth or even incite people to get behind a cause. If you want your website to really impact site visitors, then it is vital to consider the impact color has on them.
Does your audience prefer people in photos or no people? How can you best highlight what you’re selling? What are your competitors doing, and what can you do that is different and unique from them?  Continue reading to learn how to make your images …
This video teaches users how to migrate an existing Wordpress website to a new domain.
The viewer will learn how to count occurrences of each item in an array.

752 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question