Advanced Security Analytics

Screenshot 2016-04-30 23.45.50I recently attended the Business for Breakfast seminar, held in Geneva , co-hosting by Kudeslki Security and RSA   around the theme Advanced Security Analytics. In this blog post I’m going to summarize the two talks that I particularly enjoyed, as the atmosphere lent itself : Business for breakfast!

First of all , I want to describe the context to better understand  interest of both companies to host this conference:  March 2, 2016 – RSA, The Security Division of EMC and Kudelski Security, the cybersecurity division of the Kudelski Group announced that Kudelski Security is now a leading provider of RSA products and services. Through the agreement, RSA provides Kudelski Security    fully managed security and critical incident response services, leveraging RSA’s advanced, intelligence-driven Security Operations Center (SOC) capabilities to accelerate the detection, investigation, remediation, and management of security incidents and vulnerabilities, with the ability to build services around proven advanced security operations solutions including RSA Security Analytics, the RSA® Critical Incident Response Solution, RSA® Security Operations Management solution, RSA ECAT software, and RSA® Advanced Cyber Defense Practice.

To return to the seminar , the first presentation was by Robert Griffin , Chief Security Architect at RSA.He explains how to move forward using advanced security operations like intelligence driven security and how organizations can use it , include big data analysis to embrace opportunity , improve security and reduce the risk.  Mr Griffin argued that RSA is about delivering a trust World by applying RSA’s Intelligence driven Strategy.The following slides helps to understand How and Why RSA came to this Strategy.

  • Evolving IT Infrastructure : we can’t keep applying traditionnal security defense with the third platform IT infrastructure .Screenshot 2016-04-30 22.47.35
  • The changing Threat Landscape :   The new threats more and more strong challenge traditional security defense or technologies.                             Screenshot 2016-04-30 22.44.49
  • Intrusion Kill the chain : This model is a novel way to deal with intrusions by moving from the traditional reactive way to a more proactive system based on intelligence gathered trough indicators that are observed trough out the phases. Normally the incident response process starts after the exploit phase putting defenders in a disadvantage position. With this method defenders should be able to move their actions and analysis up to the kill chain and interfere with the attackers actions

killchain

  • Solution: Intelligence Driven Security , the challenge here is to manage the risk by monitor this cycle,  Visibility , Analytics and Action. Continuous monitoring , correlate risk signals and indicators.Screenshot 2016-04-30 23.00.36
  • Benefit of this Solution : With real-time intelligence , organization can dynamically manage cyber threats.Screenshot 2016-04-30 23.03.16

The second part of seminar was presented by Olivier Spielmann , Head of Cyber Fusion Center of  Kudelski Security. He demonstrated how Kudelski Security leveraged RSA analytics to build an advanced SOC and a multi-tenant security monitoring service.

src: KudelskiSecurity , RSA, 

KeRanger: First Ransomware to infect Mac Computers

Screenshot 2016-03-07 22.40.05

If you are a Mac user like me, loving to download torrents via the transmission software then you will receive this warning  message at the opening of Transmission !

KeRanger ?

KeRanger is a ransomware  that aims to encrypt the hard drive of the users and then ask them for money to decrypt it. If they do not pay, their data will be lost.

KeRanger has emerged with the application Transmission, the most popular client for download torrents on Mac. Version 2.90 has been infected with ransomware, some users have been affected without knowing .

Users likely to be victims of KeRanger are those who downloaded the version 2.90 of the Transmission software on the 4th or 5th of March.

Three days after infection, this is where KeRanger strike and demand a ransom from the user by encrypting the files from his computer to bar him access.

Once installed, KeRanger will search for approximately 300 different file types and encrypt any it finds. The malware will then display a ransom message, demanding that the victim pay 1 Bitcoin (approximately US$408). Payment is made using a website on the anonymous Tor network .

Apple announced to  be aware of ransomware and has already revoked the certificate from a legitimate developer who has allowed  installation of KeRanger on Mac.

How to Know your are infected ?

Open a Terminal or use the Finder to search /Applications/Transmission.app/Contents/Resources/General.rtf or /Volumes/Transmission/Transmission.app/Contents/Resources/General.rtf files. If present, the transmission application is infected and it is highly advisable to remove.

Screenshot 2016-03-07 22.45.06

Screenshot 2016-03-07 22.47.46

These are  the screenshots of my own Transmission . Since I used  Transmission 2.84 release , I’ m not infected,  For infected computers the file General.rtf must be present between these blue lines ! 

Are you infected ? Sure to download the 2.92 version that will remove the malware!

Screenshot 2016-03-07 22.41.27

 

Cisco Champion 2016 !

 

 

You’ve probably seen this kind of tweet with hashtag #CiscoChampion, where nominees showed their gratitude for having been elected  Cisco Champion by Cisco.

ciscochampion2016CiscoChampion2015

Yeeaaah !!! For the second year I was honored by Cisco  to be a Cisco Champion in Security. Thank you once again Cisco to renew me your trust.

So What is a Cisco Champion ?

Just be passionate about technology Cisco (and others in general) and especially eager to share his knowledge through social networks such as twitter, Cisco’s Blog or a blog like mine.

In addition to sharing their insights and expertise, Cisco Champions make a difference by:

  • Supporting their peers in social communities, forums, and networks
  • Sharing their relevant experiences and thoughts on Cisco blogs
  • Providing valuable feedback directly to Cisco
  • And more

Cisco Champions have a unique opportunity to contribute to and enhance the way people use the latest technologies. They also receive:

  • Recognition for their contributions
  • Invitations to exclusive events
  • Opportunities to directly communicate with Cisco employees

Benefits of being a Cisco Champion?

Benefits of the Cisco Champions program include, but are not limited to:

  • Exclusive meeting and event opportunities
  • Special access to certain technology groups and executives
  • Invitations to provide feedback to Cisco on various topics
  • Access to a private online community initiated by and for Cisco Champions
  • Sneak peeks
  • A digital Cisco Champion badge that can be used in email signatures, websites, and social networks during the membership years.

I received last year this Certificate  follow by some stick CiscoChampion, Probably we will receive the same for this year …

 

My favorite is the badge that can be stapled to the jacket !!!

Beyond all these goodies, share knowledge, learn new technologies and receive such recognition is the most important thing.

 

 

Src:  Cisco Blog 

Cyber Monday : Protection Against Online Breaches

CCyberMondayyber Monday is the biggest online shopping day of the year. With Cyber Monday online shopping comes the threat of online security breaches.Unfortunately, there are more sophisticated threats that we should all beware of, as hackers have been gathering their strengths and are ready to unleash their wrath. Does this mean that we are better off abstaining from all purchases? Well, with the bargains that can be found online, good luck with your efforts to do that!  These are some tips that can help to shop securely.

  • Try to use a secure payment method whenever possible. This includes Paypal, pre-paid limited use debit cards, and credit cards that are separate from your primary bank account. Using a debit card that is tied to your primary bank
    account is the least secure form of payment, as a security breach poses the greatest financial risk.
  • When you purchase something from a small independent business online, make sure that the checkout process is a “Secure Site”. Look for a yellow padlock in the browser bar as well as “HTTPS” at the beginning of the website (as compared to “HTTP” with no “S” at the end, which stands for “Secure”).
  • Make sure that your operating system and security software are up to date.
  • Don’t make online purchases while using public WiFi connections, such as restaurant or mall hotspots, because these networks are prime targets for identity thieves and hackers. Shop only from trusted wireless connections such as home and cellular networks.
  • Never send sensitive information such as passwords, bank account numbers, or credit card numbers through e-mail. This is not a secure way to send sensitive information and legitimate companies will ask you to use some form of secure site to transmit the necessary information.
  • When using an ATM, inspect the card reader before swiping to ensure that it isn’t fake. Lately, identity thieves have been planting card skimmers over ATM card slots in order to trick people into providing their PIN and magnetic strip information, and this technique is on the rise.
  • Watch cashiers for skimming, which is when your card is swiped once at the register and again through a hand-held scanner the size of a cigarette lighter. Most registers allow you to swipe your card yourself; if a cashier asks to swipe your card by hand and turns away or puts both hands out of your sight while holding your card, ask to see a manager.
  • Review your credit card and bank statements to ensure that there are no unusual or fraudulant transactions. If you identify any suspicious activity, contact the appropriate financial institution immediately to address any accounts that may have been compromised.

ISO 27000 Series

The title firstly chosen forISO-27000-Series this post was: What areas does ISO 27001 and 27002 cover? corresponding to question 100 of our 300  infosec interview questions. But while working on this subject , I realized that I could  talk more with ISO 27000 series with more details for  27001 and 27002  .

Also Known as ISMS Family of Standards or ISO 27K for short, it  is published jointly by International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC) ; hence the jointed name ISO/IEC 27000 Series. ISO 27000 series of standards have been specifically reserved by ISO for informations security matters.

The Series provide best practices recommendations on informations security management, risks  and controls within the context of an overall Informations Security Management Systems -ISMS , similar in design to to management systems for quality assurance (ISO 9000 Series) and environmental protection ( ISO 14000 Series).

The series is populated by a range of individuals standards and  documents . A number of theses have been published for others and others are scheduled for publication .

The following standards already published  reflects the current known position for the major operational standards in the series.

  • ISO 27001 : This is the specification for an information security management system-ISMS, which replaced the old BS7799-2 standard.The objective of the standard itself is to “provide requirements for establishing, implementing, maintaining and continuously improving an Information Security Management System (ISMS)”. Regarding its adoption, this should be a strategic decision. Further, “The design and implementation of an organization’s information security management system is influenced by the organization’s needs and objectives, security requirements, the organizational processes used and the size and structure of the organization”.

    The 2005 version of the standard heavily employed the PDCA, Plan-Do-Check-Act model to structure the processes, and reflect the principles set out in the OECG guidelines (see oecd.org). However, the latest, 2013 version, places more emphasis on measuring and evaluating how well an organisation’s ISMS is performing. A section on outsourcing was also added with this release, and additional attention was paid to the organisational context of information security.

    The content sections of the standard are:

    • Context Of The Organization
    • Information Security Leadership
    • Planning An ISMS
    • Support
    • Operation
    • Performance Evaluation
    • Improvement
    • Annex A – List of controls and their objectives

  • ISO 27002 : This is the 2700 series standard number of what was originally ISO 17799 standard , itself was formerly known as BS7799-1.The standard “established guidelines and general principles for initiating, implementing, maintaining, and improving information security management within an organization”. The actual controls listed in the standard are intended to address the specific requirements identified via a formal risk assessment. The standard is also intended to provide a guide for the development of “organizational security standards and effective security management practices and to help build confidence in inter-organizational activities”.

    The basis of the standard was originally a document published by the UK government, which became a standard ‘proper’ in 1995, when it was re-published by BSI as BS7799. In 2000 it was again re-published, this time by ISO ,as ISO 17799. A new version of this appeared in 2005, along with a new publication, ISO 27001. These two documents are intended to be used together, with one complimenting the other.

    In 2013 the current version was published. ISO 27002:2013 contains 114 controls, as opposed to the 133 documented within the 2005 version. However for additional granularity, these are presented in fourteen sections, rather than the original eleven.

    Finally, it should be noted that over the years a number of industry specific versions of ISO 27002 have been developed, or are under development, (for example: health sector, manufacturing, and so on).

    The content sections are:

    • Structure
    • Security Policy
    • Organization of Information Security
    • Human Resources Security
    • Asset Management
    • Access Control
    • Cryptography
    • Physical And Environmental Security
    • Operations security
    • Communications Security
    • Information Systems Acquisition, Development, Maintenance
    • Supplier Relationships
    • Information Security Incident management
    • Information Security Aspects of Business Continuity
    • Compliance

  • ISO 27003 : This will be the official number of a new standard intended to ffer guidance for the implementation of an ISMS – IS Management System
  • ISO 27004 : This standard covers information security system management measurement and metrics , including suggested ISO27002 aligned controls.
  • ISO 27005 : This is the methodology independent ISO standard for information security risk management.
  • ISO 27006: This standard provides guidelines for the accreditation of organizations offering ISMS certification.

For others 

  • ISO/IEC 27007 — Guidelines for information security management systems auditing (focused on the management system)
  • ISO/IEC TR 27008 — Guidance for auditors on ISMS controls (focused on the information security controls)
  • ISO/IEC 27010 — Information security management for inter-sector and inter-organizational communications
  • ISO/IEC 27011 — Information security management guidelines for telecommunications organizations based on ISO/IEC 27002
  • ISO/IEC 27013 — Guideline on the integrated implementation of ISO/IEC 27001 and ISO/IEC 20000-1
  • ISO/IEC 27014 — Information security governance.  Mahncke assessed this standard in the context of Australian e-health.
  • ISO/IEC TR 27015 — Information security management guidelines for financial services
  • ISO/IEC 27018 — Code of practice for protection of personally identifiable information (PII) in public clouds acting as PII processors
  • ISO/IEC 27031 — Guidelines for information and communication technology readiness for business continuity
  • ISO/IEC 27032 — Guideline for cybersecurity
  • ISO/IEC 27033-1 — Network security – Part 1: Overview and concepts
  • ISO/IEC 27033-2 — Network security – Part 2: Guidelines for the design and implementation of network security
  • ISO/IEC 27033-3 — Network security – Part 3: Reference networking scenarios – Threats, design techniques and control issues
  • ISO/IEC 27033-5 — Network security – Part 5: Securing communications across networks using Virtual Private Networks (VPNs)
  • ISO/IEC 27034-1 — Application security – Part 1: Guideline for application security
  • ISO/IEC 27035 — Information security incident management
  • ISO/IEC 27036-3 — Information security for supplier relationships – Part 3: Guidelines for information and communication technology supply chain security
  • ISO/IEC 27037 — Guidelines for identification, collection, acquisition and preservation of digital evidence
  • ISO 27799 — Information security management in health using ISO/IEC 27002. The purpose of ISO 27799 is to provide guidance to health organizations and other holders of personal health information on how to protect such information via implementation of ISO/IEC 27002.

Scheduled for publication:

  • ISO/IEC 27017 — Information security management for cloud systems
  • ISO/IEC 27019 — Information security management guidelines based on ISO/IEC 27002 for process control systems specific to the energy utility industry
  • ISO/IEC 27033 — IT network security, a multi-part standard based on ISO/IEC 18028:2006 (parts 1-3 are published already)
  • ISO/IEC 27036 — Guidelines for security in supplier relationships
  • ISO/IEC 27038 — Specification for redaction of digital documents
  • ISO/IEC 27039 — Intrusion detection and protection systems
  • ISO/IEC 27040 — Guideline on storage security
  • ISO/IEC 27041 — Assurance for digital evidence investigation methods
  • ISO/IEC 27042 — Analysis and interpretation of digital evidence
  • ISO/IEC 27043 — Digital evidence investigation principles and processes

src: http://www.27000.org

Question 93 : What’s the difference between stored and reflected XSS?

I have a question ...
I have a question …

Cross-Site Scripting (XSS) attacks are a type of injection, in which malicious scripts are injected into otherwise benign and trusted web sites. XSS attacks occur when an attacker uses a web application to send malicious code, generally in the form of a browser side script, to a different end user. Flaws that allow these attacks to succeed are quite widespread and occur anywhere a web application uses input from a user within the output it generates without validating or encoding it.

An attacker can use XSS to send a malicious script to an unsuspecting user. The end user’s browser has no way to know that the script should not be trusted, and will execute the script. Because it thinks the script came from a trusted source, the malicious script can access any cookies, session tokens, or other sensitive information retained by the browser and used with that site. These scripts can even rewrite the content of the HTML page. For more details on the different types of XSS flaws, see: Types of Cross-Site Scripting.

XSS attacks can generally be categorized into two categories: stored and reflected. There is a third, much less well known type of XSS attack called DOM Based XSS that is discussed seperately here.

Stored XSS Attacks

Stored attacks are those where the injected script is permanently stored on the target servers, such as in a database, in a message forum, visitor log, comment field, etc. The victim then retrieves the malicious script from the server when it requests the stored information. Stored XSS is also sometimes referred to as Persistent or Type-I XSS.

Reflected XSS Attacks

Reflected attacks are those where the injected script is reflected off the web server, such as in an error message, search result, or any other response that includes some or all of the input sent to the server as part of the request. Reflected attacks are delivered to victims via another route, such as in an e-mail message, or on some other web site. When a user is tricked into clicking on a malicious link, submitting a specially crafted form, or even just browsing to a malicious site, the injected code travels to the vulnerable web site, which reflects the attack back to the user’s browser. The browser then executes the code because it came from a “trusted” server. Reflected XSS is also sometimes referred to as Non-Persistent or Type-II XSS.

The persistent (or stored) XSS vulnerability is a more devastating variant of a cross-site scripting flaw: it occurs when the data provided by the attacker is saved by the server, and then permanently displayed on “normal” pages returned to other users in the course of regular browsing, without proper HTML escaping.

The non-persistent (or reflected) cross-site scripting vulnerability is by far the most common type.[10] These holes show up when the data provided by a web client, most commonly in HTTP query parameters or in HTML form submissions, is used immediately by server-side scripts to parse and display a page of results for and to that user, without properly sanitizing the request

Question 37 : What is DNS Hijacking and How it works ?

I have a question ...

DNS hijacking is a process in which an individual redirects queries to a domain name server (DNS). It may be accomplished through the use of malicious software or unauthorized modification of a server. Once the individual has control of the DNS, they can direct others who access it to a web page that looks the same, but contains extra content such as advertisements. They may also direct users to pages containing malware or a third-party search engine.

ISP hijacking

DNS hijacking is also done by some Internet service providers, such as Comcast, so that they can link users to their own search pages when they visit a web page that no longer exists. Many claim this is to improve the users experience; however, this can also be another great source of extra revenue since they control the site and get paid off any advertisement clicks. Currently, there are no laws against an ISP doing this to its users.

How DNS Hijacking Works?

As mentioned before, DNS is the one that is responsible for mapping the user friendly domain names to their corresponding IP addresses. This DNS server is owned and maintained by your Internet service provider (ISP) and many other private business organizations. By default, your computer is configured to use the DNS server from the ISP. In some cases, your computer may even be using the DNS services of other reputed organizations such as Google. In this case, you are said to be safe and everything seems to work normally.

DNS Hijacking

But, imagine a situation where a hacker or a malware program gains unauthorized access to your computer and changes the DNS settings, so that your computer now uses one of the rogue DNS servers that is owned and maintained by the hacker. When this happens, the rogue DNS server may translate domain names of desirable websites (such as banks, search engines, social networking sites etc.) to IP addresses of malicious websites. As a result, when you type the URL of a website in the address bar, you may be taken to a fake website instead of the one you are intending for. Sometimes, this can put you in deep trouble!

Src: gohacking, Computer Hope 

Deep Web : Virtual to reality (Ross Ulbricht)

3489419_3_624f_profil-linkedin-de-ross-william-ulbricht_5e9a51b897c9680fb84211c1d0cc98b9

Ross Ulbricht, the founder of the Silk Road online site selling drugs was sentenced this Friday, May 29 to life imprisonment by a court in New York. He was known on Silk Road under the pseudonym “Dread Pirate Roberts” or “DPR” .According to FBI information, Ulbricht had moved to San Francisco. Graduated with a Masters degree in Materials Science at the University of Pennsylvania, the young man controlled the servers and infrastructure of the site, he managed a reduced  “customer service” , and ran a small team of administrators.

Silk Road …

“Great quality for heroin smashes”. This is the type of ad you could find on Silk Road. Specifically, Silk Road also called “drug’s ebay” was based on a great principle of anonymity. The site, hidden in the deep web was limited to users in the digital decentralized network that guarantees complete anonymity. Launched in 2011, Silk Road thus allowing its users to sell or buy any product, including drugs. Credit cards and Paypal accounts were obviously prohibited, to ensure user identities’s safety. To pay for purchases, users actually using the virtual currency “bitcoin” which guarantees confidentiality: transactions were anonymous , and the seller did not know the buyer. The only information revealed was the delivery address.

According to the FBI, between February 2011 and July 2013, the  website helped nearly 1.2 million transactions for a total of almost 9.5 million bitcoins,that is  according to calculations by the US authorities close to  1.2 billion. Silk Road levied a commission on each payment, assessed over the same period to 600,000 bitcoins, or 80 million. A sum that allowed to finance the operation of the website and the small team that managed it.

FBI Investigations  …

In July 2013, the FBI was able to identify a server located abroad, which hosted Silk Road. Through cooperation with local authorities, US investigators were able to get a clear picture of the server, and access private messages exchanged on the site. Then able to identify the creators of Silk Road, the FBI and other US security agencies have sought the first traces of online promotion of the site, including forums. It is through this,  that investigators found two messages of a certain “altoid” which allowed them then by cross-checking, finding traces of a blog on WordPress, linked to a Gmail address. This was one of William Ross Ulbricht, the website’s founder.

Bad Configuration – TOR‘s Mechanism…

To identify and locate Silk Road, FBI simply exploited a flaw in the configuration of the home page of Silk Road’s site. By connecting as a simple client, then analyzing traffic between FBI and  Silk Road’s  computers , Tarbell officer (FBI agent) noticed that one IP address sent by the server to validate the connection did not match any identified TOR relay. He then checked the location of the server with the IP address “ordinary” – a very simple operation – and discovered that it led to a commercial hoster installed in Iceland.

To prove the truth of his explanation, almost too simple, the Tarbell agent does not hesitate to refer to the user guide published by the designers of TOR. It explains that to “TOR-ify” an application (eg a retail site), follow a very strict procedure, otherwise the real IP address of the server would be visible, and the passage of data by the digital relays not conceal anything.

Subsequently, after entering the Ross Ulbricht’s private messages , the FBI discovered that he was aware of this flaw in his system. But apparently he had read the manual carefully as less Tarbell agent and had failed to correct it properly …

Once identified IP address, the US sent a request for legal assistance to the Icelandic authorities. Investigators of the Reykjavik police first noted that the target server was managing large volumes of traffic encrypted by TOR. Then she recovered the history of its connections and its entire contents, and transmitted at the FBI. The result was unequivocal: the IP address collected by the FBI was that of a server used by Silk Road to link buyers and drug dealers.

The use of TOR and Bitcoins guaranteed to silk road, a double sophisticated security system in deep web , however he has been unmasked because of a security flaws !

Deep Web the movie …

“Deep web” is the title of 90′ film documentary devoted to Ross Ulbricht and Silk Road. It’s broadcast on US TV Epix this May 31.

Synopsis

Deep Web gives the inside story of one of the the most important and riveting digital crime sagas of the century — the arrest of Ross William Ulbricht, the convicted 30-year-old entrepreneur accused to be ‘Dread Pirate Roberts,’ creator and operator of online black market Silk Road. The film explores how the brightest minds and thought leaders behind the Deep Web are now caught in the crosshairs of the battle for control of a future inextricably linked to technology, with our digital rights hanging in the balance.

 Deep Web features the core architects of the Deep Web; anarchistic cryptographers who developed the Deep Web’s tools for the military in the early 1990s; the dissident journalists and whistleblowers who immediately sought refuge in this seemingly secure environment; and the figures behind the rise of Silk Road, which combined the security of the Deep Web with the anonymity of cryptocurrency.

Deep Web

What is tdeep-web-linkshe Deep web ?

The deep web or hidden web is the part of the Web accessible online, but not indexed by traditional search engines like Google, Yahoo or bing.. and not accessible using standard browsers like Google Chrome, Mozilla Firefox…The Deep web can be reached with TOR.

TOR ( The Onion On Router) is free software and an open network that helps you defend against traffic analysis, a form of network surveillance that threatens personal freedom and privacy, confidential business activities and relationships, and state security. Tor protects you by bouncing your communications around a distributed network of relays run by volunteers all around the world: it prevents somebody watching your Internet connection from learning what sites you visit, and it prevents the sites you visit from learning your physical location.

with such protection we quickly understand why this obscure part of the internet also called darknet is full of the drug traffic related sites, pedophilia, stolen credit card … and many other illegal things.

The Deep Web can be divided into levels:

First Level: Surface Web

Is the Internet, the usual web, what we surf in our day to day life. The websites that can be accessed directly or are listed by a search engine like Google, Yahoo, Bing, etc. and don’t require any proxy service to connect.

Second  Level: Bergie Web 

Is the Internet that is not indexed by search-engines, directly accessible and no proxy required. In this level, you can find “underground” sites but still indexed as 4chan, Freehive, 1eden, Black Hat World … or FTP servers and also the  blocked Google search results … This level is the last freely accessible level, all levels that follow  can be accessed with a proxy / VPN, Tor or by  modifying your hardware.

Third Level: Deep Web 

The third level onwards Deep Web starts, no search-engines are able to index these sites and they need some sort of proxy network like Tor, I2P, freenet or JonDo to become accessible. Although this is the Deep Web, most content on level 3 is publicly accessible (with proxy) without any sort of restrictions.

Fourth Level: Charter Web 

This level is also divided into two parts,

The first can be accessed through the Tor network, it contains such things as drugs and human trafficking, banned films and books, black markets … Includes the Hidden Wiki (usually the first website you will access when trying to get into the deep web), which is like the deep web website that contains the link for MANY other charter web websites.

Websites become more restrictive and begin using stronger security measures like registration & login, invite only memberships, open only for a specific time and/or dates, restricted to certain IP addresses, or a combination of the above, etc. Unlike most websites, they are not interested in maximizing traffic hits and keep a very low profile even in the Deep Web

The second part is accessed by a hardware modification: a “CSS” “Shell closed system” and contains over 80% of the web, not in volume but in concentration of information, this part of the web charter contains unconditional PC, information on the experimental material (“Gadolinium Gallium Garnet Electronic Quantum Processors” …), and also dark information, such as the “Law 13”, the experiences of World War II, and even the location of Atlantis .

These comprise of a single computer or a network of systems that are not connected to any external network at all. They can only be accessed from within the network. It is not possible to connect to these systems unless the attacker can physically access these systems. Many companies have sensitive internal networks that are behind a firewall (green zone), that is a different scenario and is still considered insecure in this context. The CSS networks have no physical (wired or wireless) connections to any other network. What these types of networks contain is left to the reader’s imagination.

Fifth Level: Marianas’ Web

About this level , I read many thing about it : (From level 5 to 8 )

For some :We dont have to go there! is a Mystery, it is only imaginative and are extremely difficult (if not impossible) to verify. For others : It’s just quantum computing, accessible by governments and that is why we can not enter this part of the web. For you : leave a comment to share !

More detail with this graph…

Weblevels