The Web: Recipe for Pwnage

September 19, 2011 - 0 Comments

The web, which for many people is more like the internet than a service that runs over the internet, has brought profound changes. While opening a great number of doors and creating opportunities that otherwise might not exist), the web also creates exposure and opportunities for those who would do bad things.

One of the challenges that IT and security professionals constantly face is finding the right balace between access and flexibility on one side and security on the other. The perfectly locked down, 100% airgapped network may be secure, but such an island would be less than useful for most organizations.

Given that the web is a business necessity for most organizations, understanding the risk involved is key. Part of understanding the risk is understanding the complexities, which even for those in the industry can be surprising. For example, taking a look at popular blog reveals surprising complexity under the hood.

  • 1 URL
  • 162 HTTP Gets
  • 66 Images from 18 domains including 5 invisible tracking images
  • 87 scripts from 7 domains
  • 118 cookies from 15 domains
  • 8 Flash objects from 4 domains

Our SIO Team has put together a series of videos, the SecureX files, that you can use to help educate your users, friends and family about security related issues. The latest, coincidentally entitled, The Web: Recipe for Pwnage, is available on Youtube. We also have the entire series collected here on the SecureX Files page on

Some steps that organizations can take to help protect their systems include:

  1. Run web security, such as Cisco ScanSafe cloud web security or deploy Cisco IronPort Web Security Appliances. Reputation based technology can provide an edge when dealing with constantly shifting and mutating threats.
  2. Use AnyConnect Secure Mobility with laptops, smartphones and tablets.
  3. Patch and update endpoints and servers regularly – be sure to include the OS and apps on devices such as Acrobat Reader, Flash and Office.
  4. Educate users – you will never stop everyone from clicking on bad things, but you might well cut down on the number of people who do.

In an effort to keep conversations fresh, Cisco Blogs closes comments after 60 days. Please visit the Cisco Blogs hub page for the latest content.