‘s
a silver web to catch his prey…"
This year's World Wide Web day (August 1) – an annual occasion marking the 'birth of the Internet' at the CERN laboratory in Switzerland in August 1990 – also closely coincides with another significant anniversary in the development of the World Wide Web. Although some of the key technologies (a prototype web browser, and the HTML language in which webpages are (traditionally) written) were created in 1990, it was not until the following year that a description of the project was released on a series of newsgroups. This information was published on 6 August 1991, meaning that 2016 marks the 25th anniversary of the launch of the Web as a publicly-available service[1,2,3].
Whilst often used interchangeably, the terms 'Internet' and 'World Wide Web' ('the Web') actually have distinct meanings. Technically, the World Wide Web refers to the array of interlinked webpages, documents and other resources which can be accessed via the underlying technology of the Internet[4]. The Internet – the history of which actually dates back significantly further than that of the Web – comprises infrastructure which also serves as the basis for other means of communication, such as e-mail and peer-to-peer (P2P) networks (e.g. those which may be used for filesharing between users).
The silver anniversary of the emergence of the Web seems an appropriate time to consider some of the key developments which have shaped the form of the Web as we know it today, and to speculate on some of the possible next steps.
Web 2.0
Probably the most significant evolution to have taken place across the range of web resources since their launch in 1991 is the degree to which individual users have become increasingly able to generate, edit, publish and share their own content. This trend covers an enormous range of types of content, starting with newsgroups, forums and blogs ('weblogs') in the early days, through to social media, incorporating material which may be textual, audio or image- or video-based, and beyond. This 'revolution' (actually a process of gradual change), accelerating particularly after the turn of the millennium, is sometimes referred to as the emergence of 'Web 2.0'.
The Semantic Web
The Semantic Web, a term initially coined by Berners-Lee (the inventor of many of the underlying Internet technologies) and others, is the name given to a set of ideas suggesting how web content could be conveniently 'tagged' and cross-referenced. This process is intended to improve the efficiency with which automated web-crawlers (such as those used by search engines when generating indexes of content) can function. This set of ideas has, to date, not been widely implemented – a 2013 paper estimated that only around 4 million websites had been constructed using Semantic Web style guidelines at that time[5] – but it may prove to be a significant area of development in the future.
The 'Internet of Things'
Many devices now exhibit some degree of Internet connectivity to enhance their functionality, with applications of this technology including the ability for users or manufacturers to collect or provide data, or allowing customers to access new content. The name which is sometimes given to this vast collection of networked objects – predicted to number around 50 billion by 2020[6] – is the 'Internet of Things'.
A key concern is the fact that this growth will bring with it an explosion in both the amounts of data being transmitted via the Internet, and the numbers of ways in which this potentially-sensitive data could be compromised. A 2014 study, for example, estimated that around 70% of the typical devices comprising the Internet of Things are susceptible to attack, resulting from factors such as lack of encryption, insecure interfaces or inadequate software protection[7,8,9]. Other risks to corporations (from the development of the Internet of Things) include the potential for more disruptive denial-of-service attacks, requirements for greatly enhanced Internet bandwidth[10] and the loss of ability to block spam attacks on the basis of their originating IP address, due to increased use of cloud computing and non-fixed IP addresses[8]. One estimate of the potential economic risk exposure related to the Internet of Things gives a figure of up to $3 trillion by 2020[11,12].
[Addendum – November 2016:
Some of these concerns are already proving to be well-founded. In October 2016, a number of high-profile websites were taken offline by a large DDoS attack against Dyn, the company providing DNS (Domain Name System) infrastructure services for the affected sites[13]. The attack was carried out via the use of 'hacked' IoT devices, instructed to send large numbers of co-ordinated web-requests to – and thereby overwhelm – Dyn's servers. The IoT devices themselves had been compromised using a piece of malicious software named 'Mirai', designed to identify those objects with poor security protection. This type of incident highlights the need for organisations to protect themselves against DDos attacks, using technical solutions such as the use of back-up DNS providers and the adjustment of 'Time To Live' (TTL) settings for DNS information relating to business-critical domain names (essentially, modifying the time for which this information is stored for possible re-use, if access to the authoritative DNS servers is lost)[14,15].]
In summary, therefore, while these developments present enormous opportunities, they also bring risk, resulting in a developing need for corporations (and individuals) to consider holistic security solutions, which will need to include elements of forensic- and infrastructure analysis, in addition to more ‘traditional’ brand monitoring. These trends are already being seen; a recent study found that the number of vulnerability scans being carried out on connected devices had increased more than four-fold over the previous two years, though with only 10% of organisations achieving confidence that their array of such devices is secure[16].
References
[1] http://keepincalendar.com/August-1/World%20Wide%20Web%20Day/213
[2] https://en.wikipedia.org/wiki/History_of_the_World_Wide_Web
[3] http://www.telegraph.co.uk/technology/internet/12061803/The-worlds-first-website-went-online-25-years-ago-today.html
[4] https://en.wikipedia.org/wiki/World_Wide_Web
[5] http://iswc2013.semanticweb.org/content/keynote-ramanathan-v-guha.html
[6] http://www.iotsworldcongress.com/documents/4643185/0/IoT_IBSG_0411FINAL+Cisco.pdf
[7] http://community.hpe.com/t5/Protect-Your-Assets/HP-Study-Reveals-70-Percent-of-Internet-of-Things-Devices/ba-p/6556284#.V5CWbBLrrHp
[8] http://www.ey.com/Publication/vwLUAssets/EY-cybersecurity-and-the-internet-of-things/$FILE/EY-cybersecurity-and-the-internet-of-things.pdf
[9] https://www.owasp.org/index.php/OWASP_Top_10_Privacy_Risks_Project
[10] http://internetofthingsagenda.techtarget.com/tip/Internet-of-Things-IOT-Seven-enterprise-risks-to-consider
[11] http://www.wriec.net/wp-content/uploads/2015/07/6J3_Haas.pdf
[12] http://www3.weforum.org/docs/WEFUSA_IndustrialInternet_Report2015.pdf
[13] http://www.bbc.co.uk/news/technology-37738823
[14] https://www.netnames.com/insights/blog/2016/11/using-ttl-to-mitigate-the-impact-of-dns-interruption/
[15] https://www.linkedin.com/pulse/dyn-ddos-attack-two-key-lessons-cyber-security-satyamoorthy-kabilan
[16] https://www.business.att.com/cybersecurity/docs/exploringiotsecurity.pdf
This year's World Wide Web day (August 1) – an annual occasion marking the 'birth of the Internet' at the CERN laboratory in Switzerland in August 1990 – also closely coincides with another significant anniversary in the development of the World Wide Web. Although some of the key technologies (a prototype web browser, and the HTML language in which webpages are (traditionally) written) were created in 1990, it was not until the following year that a description of the project was released on a series of newsgroups. This information was published on 6 August 1991, meaning that 2016 marks the 25th anniversary of the launch of the Web as a publicly-available service[1,2,3].
Whilst often used interchangeably, the terms 'Internet' and 'World Wide Web' ('the Web') actually have distinct meanings. Technically, the World Wide Web refers to the array of interlinked webpages, documents and other resources which can be accessed via the underlying technology of the Internet[4]. The Internet – the history of which actually dates back significantly further than that of the Web – comprises infrastructure which also serves as the basis for other means of communication, such as e-mail and peer-to-peer (P2P) networks (e.g. those which may be used for filesharing between users).
The silver anniversary of the emergence of the Web seems an appropriate time to consider some of the key developments which have shaped the form of the Web as we know it today, and to speculate on some of the possible next steps.
Web 2.0
Probably the most significant evolution to have taken place across the range of web resources since their launch in 1991 is the degree to which individual users have become increasingly able to generate, edit, publish and share their own content. This trend covers an enormous range of types of content, starting with newsgroups, forums and blogs ('weblogs') in the early days, through to social media, incorporating material which may be textual, audio or image- or video-based, and beyond. This 'revolution' (actually a process of gradual change), accelerating particularly after the turn of the millennium, is sometimes referred to as the emergence of 'Web 2.0'.
The Semantic Web
The Semantic Web, a term initially coined by Berners-Lee (the inventor of many of the underlying Internet technologies) and others, is the name given to a set of ideas suggesting how web content could be conveniently 'tagged' and cross-referenced. This process is intended to improve the efficiency with which automated web-crawlers (such as those used by search engines when generating indexes of content) can function. This set of ideas has, to date, not been widely implemented – a 2013 paper estimated that only around 4 million websites had been constructed using Semantic Web style guidelines at that time[5] – but it may prove to be a significant area of development in the future.
The 'Internet of Things'
Many devices now exhibit some degree of Internet connectivity to enhance their functionality, with applications of this technology including the ability for users or manufacturers to collect or provide data, or allowing customers to access new content. The name which is sometimes given to this vast collection of networked objects – predicted to number around 50 billion by 2020[6] – is the 'Internet of Things'.
A key concern is the fact that this growth will bring with it an explosion in both the amounts of data being transmitted via the Internet, and the numbers of ways in which this potentially-sensitive data could be compromised. A 2014 study, for example, estimated that around 70% of the typical devices comprising the Internet of Things are susceptible to attack, resulting from factors such as lack of encryption, insecure interfaces or inadequate software protection[7,8,9]. Other risks to corporations (from the development of the Internet of Things) include the potential for more disruptive denial-of-service attacks, requirements for greatly enhanced Internet bandwidth[10] and the loss of ability to block spam attacks on the basis of their originating IP address, due to increased use of cloud computing and non-fixed IP addresses[8]. One estimate of the potential economic risk exposure related to the Internet of Things gives a figure of up to $3 trillion by 2020[11,12].
[Addendum – November 2016:
Some of these concerns are already proving to be well-founded. In October 2016, a number of high-profile websites were taken offline by a large DDoS attack against Dyn, the company providing DNS (Domain Name System) infrastructure services for the affected sites[13]. The attack was carried out via the use of 'hacked' IoT devices, instructed to send large numbers of co-ordinated web-requests to – and thereby overwhelm – Dyn's servers. The IoT devices themselves had been compromised using a piece of malicious software named 'Mirai', designed to identify those objects with poor security protection. This type of incident highlights the need for organisations to protect themselves against DDos attacks, using technical solutions such as the use of back-up DNS providers and the adjustment of 'Time To Live' (TTL) settings for DNS information relating to business-critical domain names (essentially, modifying the time for which this information is stored for possible re-use, if access to the authoritative DNS servers is lost)[14,15].]
In summary, therefore, while these developments present enormous opportunities, they also bring risk, resulting in a developing need for corporations (and individuals) to consider holistic security solutions, which will need to include elements of forensic- and infrastructure analysis, in addition to more ‘traditional’ brand monitoring. These trends are already being seen; a recent study found that the number of vulnerability scans being carried out on connected devices had increased more than four-fold over the previous two years, though with only 10% of organisations achieving confidence that their array of such devices is secure[16].
References
[1] http://keepincalendar.com/August-1/World%20Wide%20Web%20Day/213
[2] https://en.wikipedia.org/wiki/History_of_the_World_Wide_Web
[3] http://www.telegraph.co.uk/technology/internet/12061803/The-worlds-first-website-went-online-25-years-ago-today.html
[4] https://en.wikipedia.org/wiki/World_Wide_Web
[5] http://iswc2013.semanticweb.org/content/keynote-ramanathan-v-guha.html
[6] http://www.iotsworldcongress.com/documents/4643185/0/IoT_IBSG_0411FINAL+Cisco.pdf
[7] http://community.hpe.com/t5/Protect-Your-Assets/HP-Study-Reveals-70-Percent-of-Internet-of-Things-Devices/ba-p/6556284#.V5CWbBLrrHp
[8] http://www.ey.com/Publication/vwLUAssets/EY-cybersecurity-and-the-internet-of-things/$FILE/EY-cybersecurity-and-the-internet-of-things.pdf
[9] https://www.owasp.org/index.php/OWASP_Top_10_Privacy_Risks_Project
[10] http://internetofthingsagenda.techtarget.com/tip/Internet-of-Things-IOT-Seven-enterprise-risks-to-consider
[11] http://www.wriec.net/wp-content/uploads/2015/07/6J3_Haas.pdf
[12] http://www3.weforum.org/docs/WEFUSA_IndustrialInternet_Report2015.pdf
[13] http://www.bbc.co.uk/news/technology-37738823
[14] https://www.netnames.com/insights/blog/2016/11/using-ttl-to-mitigate-the-impact-of-dns-interruption/
[15] https://www.linkedin.com/pulse/dyn-ddos-attack-two-key-lessons-cyber-security-satyamoorthy-kabilan
[16] https://www.business.att.com/cybersecurity/docs/exploringiotsecurity.pdf
This article was first published on 1 August 2016 at:
https://www.netnames.com/insights/blog/2016/08/the-silver-web/
An updated version was published on 12 December 2016 at:
https://www.koganpage.com/article/25-years-of-the-world-wide-web-how-has-risk-developed
An updated version was published on 12 December 2016 at:
https://www.koganpage.com/article/25-years-of-the-world-wide-web-how-has-risk-developed
.jpg)
No comments:
Post a Comment