Безопасность информационных технологий (Feb 2023)

Iran’s Cyber Capabilities and Assessing Security Standards for Popular Iranian Websites

  • Mohsen Abdollahzadeh Aghbolagh,
  • Andrey I. Trufanov

DOI
https://doi.org/10.26583/bit.2023.1.04
Journal volume & issue
Vol. 30, no. 1
pp. 58 – 69

Abstract

Read online

The security of online users depends on various factors. One of the most important factors are to follow security standards and use of reliable and updated technology as well as the standards and technologies that have been created in recent years specifically to increase data and communication security on websites and various internet services. However numerous studies show that the current state of global web security is not desirable yet, and these standards and technologies are not being applied as fast as they are developed. Our research in CERTFA Lab on popular Iranian websites (414 websites) show that the security of Iranian websites is not different from the global level, and very few websites are fully utilizing the security standards and modern technologies. According to our investigation, only 7 websites from our assessed sites have been used CSP2 configuration, which the implementation of Cafebazaar.ir and Virgool.io have more detail and other 5 websites just use the upgrade-insecure-requests option as a default setting for CSP. In other cases, popular websites, not only did not use the CSP header, they have also forgotten to use the basic security header. Also, the results of modern standards analysis in this study (such as DNSSEC, CAA, DMARC, SPF, and Expect-CT), which is mandatory for most Internet businesses, indicate that just Eligasht.com, one of the Iranian popular websites, has properly used these standard configurations. Since these security standards and modern technologies are easy to use and cheap to implement, we could say that the reason for this undesirable situation might be the negligence of admins and service providers.

Keywords