- slide 1 of 4
The Web vs. the Internet
Often people use the terms the World Wide Web and The Internet interchangeably. So many modern applications are web server-based or browser accessible (like FTP), that a casual observer might not realize that there are many more existing Internet communication protocols. In the past, Web browser developers such as Netscape and Microsoft competed in development of browsers that would support almost every commonly used protocol. Increases in security over time led Internet application developers to frequently design their applications to use the HTTP protocol and to run on its defined TCP port: 80.
In simple terms: The Web is not the whole of the Internet, and the Internet is not just the Web. The proliferation of the Web as the primary means of Internet communication and content delivery is the key to understanding why hackers so frequently focus on the Web for their attacks.
- slide 2 of 4
1. Almost everyone uses the Web
Use of the Web is everywhere, whether it's news, music, online shopping, banking, paying bills, or social networking. Almost anything you would want to do, and can be Web accessible, is. Since almost every Internet-connected uses the Web for something, that provides a very "target rich" environment for hackers.
2. The Web is accessible almost everywhere
Because so many people want to use the Web, for so many things, Web applications have to be available 24/7, 365 days a year. Furthermore, wireless access and public Web access are becoming expected, if not demanded, everywhere it's possible and reasonable to have it. Anonymous access is available at libraries, coffee shops, clubs, and other venues.
3. Web applications often have access to valuable data
Online shopping, banking, auction, investment applications, and others all require and provide access to valuable financial information for hackers. Criminal hackers have obtained account numbers, social security numbers, and credit card numbers from hacked Web sites. If users' sessions, passwords or personal info are hacked, these applications can be subverted, allowing theft of money, property, or even Identity Theft.
4. It's easy to hide Web applications & their communication
So much communication over the 'net is Web traffic, that it's (usually) easy to hide hacking communication and transfer amid all the valid traffic. Media and application data are often "wrapped" in HTML or use HTTP transfer. So, hackers use these methods too. Modern firewalls and intrusion detection software can often, but not always, detect this or prevent it.
5. Browser & Web application coding is easy
Delivering a virus or malware via a browser application from a compromised server is simple. It's especially simple if the user is uninformed or unprepared for the attack. The drive for browsers as a universal platform, and the demand for Web development tools both have made design and delivery of malware simpler than ever. Feature rich Web application platforms provide numerous means for exploitation.
- slide 3 of 4
You say: "Clemmer, that's great. So what can I do about it?" If you or your company have a Web site or Web-accessible applications, secure them, and keep them secure. As a user, check your browser's and computer's vulnerability. Also, be sure the Web sites, applications, and services you use are trustworthy and secure. Use tools such as those discussed in my article "Ten Free Security Tests" to test and verify your security. Finally, keep security software, hardware, and anti-virus solutions up to date.
Barring almost inconceivable disaster, we're not going to stop using the Web, so our use is going keep the Web as a target for hackers.
- slide 4 of 4