Linux Security Fundamentals. David Higby Clinton

Читать онлайн.
Название Linux Security Fundamentals
Автор произведения David Higby Clinton
Жанр Зарубежная компьютерная литература
Серия
Издательство Зарубежная компьютерная литература
Год выпуска 0
isbn 9781119781561



Скачать книгу

it all looked, you deleted the whole thing. Nothing to be embarrassed about now, right? Except that there’s a good chance your site content is currently being stored and publicly displayed by the Internet Archive on its Wayback Machine (https://archive.org/web/web.php). It’s also not uncommon for online profiles you’ve created on social networking sites like Facebook or LinkedIn to survive in one form or another long after deletion.

      The Dark Web

      A popular way to describe places where you can engage in untraceable activities is using the phrase dark web. The dark web is made up of content that, as a rule, can’t be found using mainstream internet search engines and can be accessed only through tools using specially configured network settings. The private or hidden networks where all this happens are collectively known as the darknet. The tools used to access this content include the Tor anonymity network that uses connections that are provided and maintained by thousands of participants. Tor users can often obscure their movement across the internet, making their operations effectively anonymous. Like VPNs, the dark web is often used to hide criminal activity, but it’s also popular among groups of political dissidents seeking to avoid detection and journalists who communicate with whistleblowers.

      A great deal of the data that’s stolen from servers and private devices eventually finds its way to the dark web.

      What Are My Responsibilities as a Site Administrator?

      Besides the moral obligation to protect your users and organization from harm, you will probably also need to ensure that your infrastructure configurations meet legal and regulatory requirements. One particularly prominent set of laws is the European Union’s General Data Protection Regulation (GDPR). The GDPR affects any organization that processes data that is sent either to or from the European Union (EU). Failure to appropriately protect the privacy and safety of protected data moving through EU territory can result in significant—even crippling—fines.

      Other regulatory systems that might, depending on where and how your organization operates, require your compliance include the Payment Card Industry Data Security Standards (PCI-DSS) administered by major international credit card companies and the US government’s Health Insurance Portability and Accountability Act (HIPAA).

      Can Escaped Genies Be Forced Back into Their Bottles?

      Well, let me ask you this: have you ever successfully returned a genie to its bottle? I thought so. Unfortunately, it would probably be just as impractical to even try to find and delete all copies of stolen data that’s been spread across an unknown number of sites, including some on the dark web.

      What Can I Do as a User?

      Here’s a good place to start: think carefully before posting anything on an online platform. Are you revealing too much about yourself? Will you be comfortable having your future employers and grandchildren read this 10 or 20 years from now? Try to anticipate the places your content might end up and what value it might have for people you’ve never met—people unconstrained by ethical concerns who care only about making money.

      Be realistic about your data. Don’t assume that the contacts with whom you share files and information will be the only ones to see them. Even if your own accounts will remain secure, their accounts might not. And who says those friends or colleagues will respect your privacy preferences indefinitely?

      Never assume the file storage or sharing platform you’re relying on won’t change its privacy rules at some point in the future—or, even better, that it’ll never decide to sell your data to someone else.

      Finally, here’s one that makes a ton of sense and is absolutely obvious. But not only am I sure you’ve never done it, I’m confident that you probably never will. Remember those check boxes you’re required to click before you can open a new online account? You know, the ones that say something like this:

      “I have read and accept the terms of the privacy policy.”

      Well, have you ever actually read through one of those documents before clicking? Me neither. I mean, Google’s Privacy and Terms document (https://policies.google.com/privacy?hl=en) is around the same length as this chapter (and not nearly as much fun). Who’s got the time? On the other hand, reading it from start to finish would probably give you important insights into the real-world consequences of using Google services. It might even convince you to change the way you use its products. And reading the privacy documents for all the platforms you use would undoubtedly make you a better and safer consumer.

      But we all know that’s not happening, right?

      Establishing Authenticity

      Think About the Source

      Always carefully consider the source of the information you want to use. Be aware that businesses—both legitimate and not—will often populate web pages with content designed to channel readers toward a transaction of some kind. The kind of page content that’ll inspire the most transactions is not necessarily the same as content that will provide honest and accurate information. That’s not to say that private business websites are always inaccurate—or that nonprofit organizations always produce reliable content—but that you should take the source into account.

      With that in mind, I suggest that you’re more likely to get accurate and helpful health information, for example, from the website of a well-known government agency like the UK’s Department of Health and Social Care or an academic health provider like the Mayo Clinic (https://www.mayoclinic.org/) than from a site called CheapCureZone.com (a fictitious name but representative of hundreds of real sites).

      Similarly, you should consider the context of information you’re consuming. Did it come in an email message from someone you know? Were you expecting the email? Did you get to a particular web page based on a link in a different site? Do you trust that site?

      By