Application anonymity, network authentication, and exposure elimination are three characteristics intimately linked to the principle of hidden services. In the previous article: What is a 'Hidden Service'? Part 1, we highlighted these three aspects of the mechanism, but they are not alone in bringing interesting properties in terms of network security. In this new article, we found it interesting to highlight four other characteristics, much less known than the first ones, yet providing a real defensive added value.
The term "hidden service" is intimately related to certain technologies like the darknet and the Tor Project. This mechanism is used to provide various security and anonymity features to network users. In the collective consciousness, it is widely accepted that the darknet and hidden services are primarily used by cybercriminals to offer applications accessible through the Internet without revealing the identities of the parties involved. However, in reality, hidden services are often used for much nobler purposes, where the technical advantages they offer are highly appreciated.
Whistleblowers, secure data exchanges, journalistic content publication, and today's widespread and secure remote access with the advent of Zero-Trust Network Access are all ways in which hidden services are used for protection. But what are hidden services, and what do they really offer? Answers in this article.
When exchanging with CISOs and CIOs about the actions to be taken to ensure optimal security of their information systems, user awareness and the implementation of good security hygiene practices are frequently discussed. It is undeniable that the human factor often plays a decisive role in the compromise of information systems. While raising awareness among employees and partners is essential, it is common to observe decision-makers adopting a fatalistic view of the situation and considering that security through the use of technical solutions is a failure.
Are they right? In an attempt to provide some insights in this article, we address three well-known techniques that attackers employ to hack enterprise computer systems, and against which security services must fight.
In the article about the issue of service exposure and 10 cyber-attacks that have exploited the principle of exposure, we highlighted the risks associated with exposing services on the internet.
But what if we could conceal these services, preventing them from being discovered by just anyone?
One way to achieve this is by using the Chimera network and its hidden services mechanism it offers. However, if you have only a few services and users to manage, performance is not a concern, and you enjoy getting your hands dirty, why not directly use the Tor network? This method is particularly interesting for individuals or small enterprise information systems.
Let's see how to protect an SSH service and avoid becoming a target for attacks. Let's dive in!
In the previous two articles, we presented the issue of service exposure on the internet (Information System security: understanding the issue of exposure and 10 cyberattacks that exploited the principle of exposure), as well as 10 cyber attacks that exploited the principle of exposure. Today, we want to revisit three common strategies that companies use to address this problem. As remote access needs and teleworking have particularly increased in recent years, what are the common strategies that companies choose to prevent their exposed services from becoming a gateway for hackers?
In the previous article (Information System security: understanding the issue of exposure), we highlighted the exposure of services on the internet, its origin, and the associated risks. In this article, we revisit ten cyberattacks that took advantage of the principle of exposure to succeed. Whether it was exploiting vulnerabilities, configuration defects, phishing techniques, or a combination of these different vectors, these are the elements that the targeted companies or investigative commissions were able to reveal following a post-mortem analysis of the attacks.
One of the weaknesses of TCP/IP is still not solved today: the exposure of services.
If there is a network and security issue as old as the Internet, it is certainly the issue of service exposure. The internet network allows anyone to make services accessible through two pieces of information: an IP address, usually encoded on 4 bytes, and a port encoded on 2 bytes. Most of the time, knowledge of this information is sufficient to establish a connection with the associated application, regardless of the user's profile, whether legitimate or an attacker.
By delving a little deeper, one realizes that it is the cause of the majority of intrusions within information systems.
Let's take a closer look at a mechanism that is ubiquitous on the Internet and within private networks.