You Are Reading

0

How to Detect and Control Proxies

Matovu George William
Organizations have implemented firewalls, URL filters, and appropriate network use policies to keep their network safe. Anonymous proxies allow a user to easily bypass these policies, and bypass them while going undetected. In addition there are new anonymous proxies available each and every day making it extremely difficult for an organization to block their access. This creates a security holes allowing the potential for malicious or illegal content as well as opening up an opportunity for a user to access improper, banned, or illegal sites/resources/applications that may degrade the performance of the network and critical applications. As an organization plugs one hole a new one becomes available.
There are serious implications for an organization:
Compliance breaches that exposes an organization to regulatory or legal consequences
Security holes that expose the network to malware, Trojans, or other threats
Increased costs through unwanted bandwidth usage
Performance issues that lead to diminished employee productivity, increases costs and lowers profit
Potential for organizational reputation damage that could be very difficult and costly to repair To effectively manage anonymous proxies, organizations need to:
Be able to detect an anonymous proxy
Leverage application signatures to categorize network traffic
Implement network usage policies to shape traffic Introduction
In computer networks, a proxy server is a server or an application that acts as an intermediary for requests from clients seeking resources from other servers. A client connects to the proxy server, requesting some service, such as a file, connection, web page, or other resource, available from a different server. The proxy server provides the resource by connecting to the relevant server and requesting the service on behalf of the client. Most proxy programs provide a means to deny access to URLs specified in a blacklist, thus providing content filtering. This is often used in a corporate, educational or library environment, and anywhere else where content filtering is desired.

Proxy Server Uses
A proxy server has many potential purposes:
 Proxy Server Uses
A proxy server has many potential purposes:

  1. To circumvent organizational restrictions and controls
  2. To speed up access to network resources
  3. To cache web pages from a web server
  4. To apply access policy to network services or content, e.g. to block undesired sites
  5. To log /audit usage, i.e. to provide company employee Internet usage reporting
  6. To scan transmitted content for malware or Trojans before delivery
  7. To scan outbound content, for data leak protection
  8. To keep machines behind it anonymous (mainly for security)
Anonymous Proxy Servers
An anonymous proxy server attempts to conceal a user’s identity. One of the more common approaches is the open proxy. Being very difficult to track, open proxies are especially useful to those seeking online anonymity, from political dissidents to grade school and university students to computer criminals. Some users are merely interested in anonymity for added security, hiding their identities from potentially malicious websites for instance. The server receives requests from the anonymizing proxy server, and thus does not receive information about the “true” end user's IP address.

Why do users run an anonymous proxy?
Many anonymous proxy servers are funded through advertising. A site for example, could allow access to MySpace using HTTPs. The ad is displayed to the user and cannot be removed unless the user subscribes.

The challenge is that there are thousands of anonymous proxies on the internet so blocking access to the proxy is very difficult. New ones are available each day. Users can use these to circumvent the security measures put in place to control or restrict access.

Impact to the Organization
As an organization plugs one hole a new one becomes available and allows the user to circumvent the security measures once again. This means that the organization simply cannot stop a savvy user from bypassing the rules in place to access restricted websites or applications. This becomes a time consuming and constant burden on the IT organization. This creates a back door into the network. Not all anonymous proxy owners are hosting ad space to fund the service. Many have different motives that might have much greater implications on an organization.

There are also many different kinds of anonymizers. A tunneling proxy server is a web-based page that takes a site that is blocked and "tunnels" it, allowing the user to view blocked pages. This effectively implements a bypass for the user allowing them to access sites that are blocked. Others may perform encryption or encapsulation or other means to avoid detection and allow a user continued access to restricted sites or even applications.
This makes it even more difficult for an organization to maintain acceptable use policies and manage the network bandwidth; all leading to potential security breaches and inability to ensure that the network is available for critical applications.

Organizations need help!
There are also applications designed for bypassing an organizations firewall or filtering rules. Your Freedom is a client application that turns any PC into an uncensored, anonymous web and anonymous SOCKS proxy that applications can use. Nearly all applications work with Your Freedom. This is a huge security hole for an organization because it not only allows a user or employee to bypass security measures it also allows an open door into the network for others.

Beware of the following Services
1. Vtunnel is a tunneling proxy service. By browsing the web through the vtunnel service many blocked websites can be accessed by users. Vtunnel provides the service completely free of charge due to advertiser support.
2. StealthNet is an application that allows anonymous file sharing. This can allow a backdoor into the network or allow an organizations intellectual property to be easily moved outside their network – credit cards names and numbers, social security information of employees, student information etc.
3. The VoipTunnel technology has been developed by VoipSwitch in order to enable making and receiving VoIP calls for users who are behind firewalls that block Voip traffic. This can also expose an organizations users, network and machines the outside threats or holes in security measures.

Why should you care?
Organizations have implemented firewalls, URL filters, and appropriate network use policies to keep their network safe. Anonymous proxies allow a user to easily bypass these policies, and bypass them while going undetected. In addition there are new anonymous proxies available each and every day making it extremely difficult for an organization to block their access. This creates a security hole allowing the potential for malicious or illegal content as well as opening up an opportunity for a user to access improper, banned, or illegal sites/resources/applications that may degrade the performance of the network and critical applications.

This increases the risks to employees, students, and organizational networks. Hackers often provide anonymous proxies to inject a backdoor into the network.

Serious Implications for the Organization
  1. Compliance breaches that exposes an organization to regulatory or legal consequences
  2. Security holes that expose the network to malware, Trojans, or other threats
  3. Increased costs through unwanted bandwidth usage
  4. Performance issues that lead to diminished employee productivity, increases costs and lowers profit
  5. Potential for organizational reputation damage that could be very difficult and costly to repair
In Summary
Anonymous Proxy services have taken security avoidance technology to the next level employing a combination of techniques. Constantly changing IP Addresses (an Anonymous Proxy site may come online one hour and be gone the other). Tunnelling through http can hide the legitimate traffic inside the ‘legitimate’ looking http tunnel. Encryption – utilizing https (SSL encryption) removes the ability for traditional filtering solutions to look ‘inside’ the packets.

Exinda appliances perform anonymous proxy detection by URL, IP, domain, HTTPs and SSL application signatures. This is integrated via an update service that regularly distributes new anonymous proxy information and signatures to a device to allow an organization visibility and control of this traffic on the network. By creating policies an organization can squeeze this traffic or completely block it altogether.

0 comments:

Post a Comment

 
Copyright 2016 Strictly Technology
Strictly Technology Blog Theme by Wills Jojo Senior