D is for…

Dark Web

Most of us are familiar with the Internet, and using search engines such as Google and Bing to find information we need. Those operate in a part of the World Wide Web that is often called the Surface Web. It seems like we can find a huge amount of data on the surface web, but in actual fact it’s only about 5% of all material that is available online. A large portion of the remaining data is found on the Deep Web – see below – but there’s a very murky area which is hidden away and can only be accessed by using special web browser software, the most well known being The Onion Router, or ToR. Most users will never have cause to visit this area, because it’s where various illegal web sites / services are found, including drugs, stolen goods, child abuse, false identity documents, counterfeit money etc. It’s therefore an area where criminals globally congregate to deal in and share their services.

Data Centre

A data centre is typically a large room – or set of rooms – with multiple servers in it. It can vary in size from one room with a few racks of servers, to a site with many thousands of servers. Typically they will have redundant power supplies, some form of backup solution, and will often provide services to multiple companies at the same time. Some organisations will run their own data centres, some will outsource their services to a Third Party, and some will operate a mix.

Data centres are typically where cloud services live. Companies such as Microsoft, Google and Amazon offer multiple data centres across most of the continents.

DDoS

Distributed Denial of Services (DDoS) are a method of attack on a company’s services (typically internet based, like web sites or file sharing). They are carried out by multiple internet connected devices including PCs, laptops and IoT machines, often using botnets. The word Distributed is used to signify that the devices are spreads around, possibly even al over the globe.

When a DDoS attack is carried out, the target is overwhelmed by multiple messages being sent from all the devices in the botnet, to the extent that it is rendered unusable.

A way of thinking of this is if you have a crowd of people trying to get through a door. If they move one at a time through the door, there’s no problem. If everyone tries to get through the door at the same time, it will become blocked and take time to become unblocked.

Deep Web

As mentioned above in Dark Web, the Deep Web makes up a huge proportion of the World Wide Web. The sites in this area are not indexed, which means they can’t be found by search engines like Google and Bing, but that doesn’t mean that they are providing illegal services.

Deep Web sites are typically where you can find information that isn’t really for public consumption, but which is used by special interest groups. This will include research groups, academic communities, file sharing sites etc. Users access the sites only if they know the exact address, but can use standard browsers such as Internet Explorer and Chrome – other browsers are available.

Decryption

Decryption is how cryptography makes messages readable again after they have been encrypted. Depending on how data is encrypted, decryption may happen automatically, or you may have to carry out a specific routine using special software.

Disaster Recovery

Disaster Recovery (DR) is most commonly seen as the provision of the IT part of a Business Continuity Plan. It’s about getting your IT systems back up and running within set timescales in order to enable key resources to work as normal.

For example, if you’ve planned to move to an alternate location in the event of an outage with your business, your DR solution will probably include appropriate network connections, having enough desktop or laptop devices available and having the relevant data and software available from the alternate location.

It’s not uncommon for businesses to run tabletop exercises to work out who would do what in the event of a problem, but it’s also a good idea to actually test that the plan works. For example, if your DR plan is to have 20 people up and running within 4 hours at the alternate site, but there are only 10 devices available for them to use at the site, then your plan will fail.

It’s important to note that when testing your plan, things not working are good things to find. It’s better to find that out during a test than when you actually need it.

DOS

Denial of Service (DOS) is similar to DDoS, but instead of being based on multiple devices acting concurrently, is based on a single device. That single device will send multiple messages consecutively at a very high rate, with the aim of overloading the target device.

Business Continuity

This is a huge topic, one that spills out beyond the confines of cyber- and information security. Put simply, it’s all about making sure that your business can get back up and running and / or keep going in the event of some sort of disruption. 

That may be due to floods or other natural disasters, accidents eg power failure if the electricity supply is damaged by digging in the roads outside, deliberate attack eg theft of key equipment, terrorism etc. The list goes on – whatever it is that stops you getting into your offices / place of work and / or being able to work. 

Information security is based on three key tenets, namely the Confidentiality, Integrity and Availability of data. Business continuity is all about ensuring the Availability of data. 

Business continuity includes Disaster Recovery, which is generally seen as getting your IT back up and running. Business continuity also includes things like making sure your staff know where to go if they can’t get to your office, making sure key office space is available when you need it including desks and chairs, making sure that things like Health and Safety requirements at any alternate location are taken into account – and so on…

So what do we need to think about in terms of cyber security? Well, you may not have all staff working at an alternate site, and they may not be using equipment that is familiar to them. You may have had to rebuild networks and servers, but have you also made sure that users only have access to the systems and data they need access to? In your normal place of work, if you restricted access to removable media, are the same controls in place at your new location? What about physical access to your new premises? Is that controlled? If users are accessing systems using remote access solutions, have those solutions been tested to ensure data isn’t able to leak?  

Good practice would be to test your business continuity plans on a regular basis. This may be through some sort of tabletop exercise i.e. you get all interested / responsible parties together and talk through what would happen and how if there was disruption at your normal offices. This is a good thing to do, but if possible your should physically test your plans too. Try getting your staff to go to your alternate site, and see if they can do their jobs from there. That’s a great way of checking your IT and communications are in place and working as expected.

The most important thing to remember if you do test things out is that it’s OK to fail. In fact, expect to fail. It’s better to find out where any issues are at this stage rather than when you need them in anger.