Advisory Notice 14 -- Information Security Resource Center

DEPARTMENT OF ENERGY
INFORMATION SECURITY RESOURCE CENTER
PACIFIC NORTHWEST NATIONAL LABORATORY

ADVISORY NOTICE No. 14
February 6, 1997

WEB PAGE INFORMATION MAY BE FOREVER

INTRODUCTION

Many dangers exist in cyberspace. While the need to get information to large dispersed groups of people has been to a large extent solved by the Internet and Web pages, this rush toward connectivity has dramatically increased the likelihood of attacks against computer and communications systems. Systems are constantly being tested, probed and penetrated by foreign interests, hackers, and other curious users. Entire Web sites are being archived by commercial organizations, private organizations, and private individuals, all having an interest in the historical or commercial preservation of our first generation of Web pages.

Recently, several unauthorized disclosures have occurred throughout the DOE Complex where information was released for publication on external DOE Web pages, which was later determined to be extremely sensitive. When the information was removed, the cognizant authorities assumed that there was no longer a risk of compromise. This conclusion illustrates a lack of awareness because the information could have been copied, archived, or redistributed many times over.

DETAILS

Once information is removed from an external Web site, it does not emphatically mean that the information ceases to exist. Web pages are vulnerable as soon as they are opened to the Internet community. It is naive to think that the removal of the information from the Web page has eliminated the potential for compromise.

To illustrate the vulnerability and targeting value of Web pages, it is known that certain foreign countries are regularly downloading entire Web sites. In one recent case, it was discovered that a South Korean research and development firm apparently had been accessing a DOE national laboratories' Internet site daily and downloading the entire Web site, about 1.4 GBs of information. There are no indications that this activity has involved efforts to access information inside the lab's firewall.

When this was first unveiled, the value of this sort of collection was unknown. If we apply this technique to a DOE site that put sensitive information on the Web, then removed it, it would follow that the information had been compromised. This demonstrates a collection technique which, if applied against any DOE site where classified was inadvertently posted, even for a short time, would mean the information was compromised.

VALIDATION

As security professionals agree, there are many perfectly harmless reasons for archiving selected Web sites or the entire Internet for that matter. Some think that 20 years from now, Web pages may have great historical or human interest value, similar to getting a copy of the New York Times from the day you were born. Others are gathering whole Web sites on specific subjects and offering a private, off the Internet access to these pages with faster and more robust connections.

Many popular Web sites are archived on several different computer servers in several countries to facilitate more user connections and access speed. Such sites, called mirrored sites, are a clone of a Web site to allow for closer geographic access and thus, a faster connection. These mirror sites have exact copies of an entire Web site, available for access and downloading.

Information pertinent to specific subject areas have been commercially archived by Internet providers such as Sprynet, and are offered to their users as private domain sources of information without the regular Internet time and connection overheads.

Another Internet source provider, DejaNews, has archived over 80 million articles from the 15,000 newsgroups in the public domain. Newsgroups are public forum discussion groups available on the Internet. DejaNews' database is now updated several times daily, and the archiving has been going on since March, 1995.

Of course, there are commercial software applications that automatically copy whole Web sites. For instance, Lotus has just released it's newest application,Weblicator, a powerful browser enhancement providing browser users with the ability to selectively pre-fetch Web pages, categorize, and store them on your hard drive. Weblicator includes built-in monitors or "software agents" that allow users to automatically pre-fetch or update all or part of a site for off-line access.

RECOMMENDED ACTION

There are many places information from a Web page can migrate, to a mirror site, an archive site, or an individual's hard drive. Within the next decade, almost all records created in our society will be made and communicated electronically. Information has value and the Internet is a powerful medium from which to communicate that information. Realize that once information is published on the Web, it may exist somewhere on the Web forever.

The more sensitive a piece of information is, the more limited its dissemination should be. Information should be adequately protected to mitigate potential unauthorized disclosures. Establish and follow editorial approval and derivative classification review processes for all information that is to be released to an external Web site. Finally ask yourself, must this information be published on the Internet?

Return to Advisory Table of Contents

Security and Privacy Notice
To contact send email to ISRC
Last Updated October 2001