D is for…

Dark Web

Most of us are familiar with the Internet, and using search engines such as Google and Bing to find information we need. Those operate in a part of the World Wide Web that is often called the Surface Web. It seems like we can find a huge amount of data on the surface web, but in actual fact it’s only about 5% of all material that is available online. A large portion of the remaining data is found on the Deep Web – see below – but there’s a very murky area which is hidden away and can only be accessed by using special web browser software, the most well known being The Onion Router, or ToR. Most users will never have cause to visit this area, because it’s where various illegal web sites / services are found, including drugs, stolen goods, child abuse, false identity documents, counterfeit money etc. It’s therefore an area where criminals globally congregate to deal in and share their services.

Data Centre

A data centre is typically a large room – or set of rooms – with multiple servers in it. It can vary in size from one room with a few racks of servers, to a site with many thousands of servers. Typically they will have redundant power supplies, some form of backup solution, and will often provide services to multiple companies at the same time. Some organisations will run their own data centres, some will outsource their services to a Third Party, and some will operate a mix.

Data centres are typically where cloud services live. Companies such as Microsoft, Google and Amazon offer multiple data centres across most of the continents.

DDoS

Distributed Denial of Services (DDoS) are a method of attack on a company’s services (typically internet based, like web sites or file sharing). They are carried out by multiple internet connected devices including PCs, laptops and IoT machines, often using botnets. The word Distributed is used to signify that the devices are spreads around, possibly even al over the globe.

When a DDoS attack is carried out, the target is overwhelmed by multiple messages being sent from all the devices in the botnet, to the extent that it is rendered unusable.

A way of thinking of this is if you have a crowd of people trying to get through a door. If they move one at a time through the door, there’s no problem. If everyone tries to get through the door at the same time, it will become blocked and take time to become unblocked.

Deep Web

As mentioned above in Dark Web, the Deep Web makes up a huge proportion of the World Wide Web. The sites in this area are not indexed, which means they can’t be found by search engines like Google and Bing, but that doesn’t mean that they are providing illegal services.

Deep Web sites are typically where you can find information that isn’t really for public consumption, but which is used by special interest groups. This will include research groups, academic communities, file sharing sites etc. Users access the sites only if they know the exact address, but can use standard browsers such as Internet Explorer and Chrome – other browsers are available.

Decryption

Decryption is how cryptography makes messages readable again after they have been encrypted. Depending on how data is encrypted, decryption may happen automatically, or you may have to carry out a specific routine using special software.

Disaster Recovery

Disaster Recovery (DR) is most commonly seen as the provision of the IT part of a Business Continuity Plan. It’s about getting your IT systems back up and running within set timescales in order to enable key resources to work as normal.

For example, if you’ve planned to move to an alternate location in the event of an outage with your business, your DR solution will probably include appropriate network connections, having enough desktop or laptop devices available and having the relevant data and software available from the alternate location.

It’s not uncommon for businesses to run tabletop exercises to work out who would do what in the event of a problem, but it’s also a good idea to actually test that the plan works. For example, if your DR plan is to have 20 people up and running within 4 hours at the alternate site, but there are only 10 devices available for them to use at the site, then your plan will fail.

It’s important to note that when testing your plan, things not working are good things to find. It’s better to find that out during a test than when you actually need it.

DOS

Denial of Service (DOS) is similar to DDoS, but instead of being based on multiple devices acting concurrently, is based on a single device. That single device will send multiple messages consecutively at a very high rate, with the aim of overloading the target device.

DDoS – what’s that?

I’m sure that if you’ve been watching the news recently, you’ll have heard the phrase DDoS, which stands for Distributed Denial of Service. It sounds fancy and complicated, but it’s actually pretty straightforward.

Let’s start at the beginning. A website is typically nothing more than one (or several, perhaps up into hundreds for some big companies) servers which all publish specific web pages. These may link back into the company that runs them, but that’s not important for our purposes. These servers are, unsurprisingly, called webservers, and again for simplicity we’ll just assume that a website only has one webserver.

If you had one computer that was constantly sending lots and lots of messages to the webserver, for example trying constantly to open multiple pages at a rate of hundreds or even thousands of requests per second, until it couldn’t cope with all that web traffic and stopped working, that would be called a Denial of Service attack, or DoS.

You can imagine that this would be straightforward to do as you would only need access to one machine, an internet connection and the relevant software.

A DDoS attack is very similar, except instead of using one machine to attack the server, multiple machines are used to  attack it.

These can be anywhere in the world, and are typically recruited by the bad guys to perform the attack as part of what is called a botnet. This is just a term for a collection of machines which are connected to the internet and which are being controlled from a single source. The way they are recruited is typically through the use of viruses and other malware (“bad” software), which then listen out for messages from their controller machine. This is called a Command and Control structure, and there may be a hierarchy to the structure, a bit like you find tiers of management in large companies. The owners of those machines typically have no idea that this is happening, and the problem is now exarcebated by the involvement of machines other than laptop and desktop computers. These are other devices connected to the internet which may include fridges, cookers, kettles etc – this is the Internet of Things. I’ll write a separate post about IoT in the future, ¬†it for now it’s enough to know that these devices can be added to a botnet relatively easily.

In a DDoS attack then, the constituent machines in the botnet are ordered to attack a specific website or webserver on a specific date and time, by trying to access one or more pages at the same time as all the rest. When they all do that, the website may not be able to handle so many requests, and stops working.

Scary stuff, huh? Try not to worry too much about it though, because there are ways to reduce the risk of this happening, from hardware and software which recognises the attack to hosting the website in different locations, to buying services from companies which specialise in preventing such attacks.

You can also play your part in reducing the scale of botnets by practicing good cyber hygiene: make sure you use a reputable antivirus product and ensure it is update regularly; apply patches frequently; change your passwords regularly; and don’t click on email attachments or links which you weren’t expecting or from sources you don’t know.