The 5 most dangerous proxies

11,106 views

Published on

0 Comments
1 Like
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total views
11,106
On SlideShare
0
From Embeds
0
Number of Embeds
6
Actions
Shares
0
Downloads
17
Comments
0
Likes
1
Embeds 0
No embeds

No notes for slide

The 5 most dangerous proxies

  1. 1. Top 5 Most Dangerous Proxies<br />http://www.deepnines.com/<br />http://www.deepnines.com/proxy-blocker/<br />5/13/2010<br />DeepNines Technologies, Inc. Confidential © 2009<br />1<br />
  2. 2. Agenda<br />Understanding Proxies<br />Most Dangerous Proxies Countdown<br />Prevention and Gaps<br />5/13/2010<br />DeepNines Technologies, Inc. Confidential © 2009<br />2<br />
  3. 3. Understanding Proxies<br />5/13/2010<br />DeepNines Technologies, Inc. Confidential © 2009<br />3<br />Defining and Understanding the Types of Web Proxies Available Today<br />
  4. 4. Defining Proxies<br /><ul><li>A proxy server is a computer or program that acts as an intermediary for Web browsing
  5. 5. From a network security perspective, web proxies are the unauthorized use of a proxy server for circumventing network security policies, filtering solutions and firewalls
  6. 6. Once a user connects to a proxy server, the proxy then connects the user to the unfiltered Internet </li></ul>5/13/2010<br />DeepNines Technologies, Inc. Confidential © 2009<br />4<br />
  7. 7. Proxies and Filter Avoidance<br />Complete Anonymous Surfing of Websites<br />Circumvents existing network security and content filtering solutions<br />Unfiltered, free rein of the Internet<br />Prevents administrators from monitoring or reporting on users<br />Original Intent<br />Provide uncensored access to the Internet in oppressed nations<br />Still operational for people of many nations<br />Unintended Outcome<br />Easy to build and use<br />Became circumvention tactic for users wanting unfiltered access<br />5/13/2010<br />DeepNines Technologies, Inc. Confidential © 2009<br />5<br />
  8. 8. Proxies and Filter Avoidance<br /><ul><li>Different Types of Proxies and Techniques
  9. 9. Tor clients
  10. 10. Anonymizers
  11. 11. CGI
  12. 12. PHP
  13. 13. ROT13
  14. 14. Base64
  15. 15. RC4
  16. 16. Circumventors (HTTP/HTTPS)
  17. 17. Transparent (HTTP, Sockv4/5)
  18. 18. Gopher</li></ul>5/13/2010<br />DeepNines Technologies, Inc. Confidential © 2009<br />6<br /><ul><li>Tunnels (SSH/SSL)
  19. 19. Host programs (ex: UltraSurf)
  20. 20. VPNs
  21. 21. Logmein
  22. 22. Gotomypc
  23. 23. Gotoassist
  24. 24. And the list goes on…</li></ul>There are over 23 different types of proxies and filter avoidance techniques<br />
  25. 25. 5/13/2010<br />DeepNines Technologies, Inc. Confidential © 2009<br />7<br />Most Dangerous Proxies Countdown<br />Top Five Most Dangerous Web Proxies<br />
  26. 26. #5: Anonymous Proxies<br /><ul><li>Definition
  27. 27. Anonymous proxies are URL-based proxies available through web or IP addresses
  28. 28. Characteristics
  29. 29. “Cat-and-mouse” game
  30. 30. Very prevalent, extremely easy to find and use
  31. 31. Thousands of new ones generated daily
  32. 32. Not difficult to block once the URL is know but requires constant black listing
  33. 33. Examples
  34. 34. CGI, PHP, Circumventor, Browser-based, etc.</li></ul>5/13/2010<br />DeepNines Technologies, Inc. Confidential © 2009<br />8<br />
  35. 35. 1. Email distribution list and spam in the morning 2. Blacklisting all day<br />5/13/2010<br />DeepNines Technologies, Inc. Confidential © 2009<br />9<br />
  36. 36. #5: Anonymous Proxies, Cont’d…<br />Known by a specific URL, making it easier for traditional filters to block<br />Groups exists that are dedicated to creating new proxies each week<br />These are not detected by filters for 2-3 days<br />Examples Include<br />PHP<br />pinksocks.info <br />CGI<br />adiofairy.com <br />ROT13 and Base64<br />stupidcensorship.com <br />5/13/2010<br />DeepNines Technologies, Inc. Confidential © 2009<br />10<br />
  37. 37. Definition<br />Circumventor software can be placed on a home (or any out-of-network) computer and it will return a URL that acts as a proxy and can be used to connect back to that computer for anonymous browsing<br />Characteristics<br />These URLs are dynamic and easily changed if ever discovered and blocked<br />Works well for people who do not know how to set up a web server and have a broadband connection at home<br />Example: http://adsl-68-93405.dsl.rcsntx.swbell.net/peacefire911437will be assigned URL and distributed as www.goldenscar.com<br />5/13/2010<br />DeepNines Technologies, Inc. Confidential © 2009<br />11<br />#5 (b): Circumventors<br />
  38. 38. #5 (c): Transparent Proxies<br />Definition<br />Based on IP address and configured in the Web browser advanced settings. Individuals can find a list by Googling “proxy list” and using a program to see which will work<br />Characteristics<br />Millions of sites<br />More added daily<br />5/13/2010<br />DeepNines Technologies, Inc. Confidential © 2009<br />12<br /><ul><li>Example </li></li></ul><li>#5 (c): Transparent Proxies, Cont’d… <br />5/13/2010<br />DeepNines Technologies, Inc. Confidential © 2009<br />13<br />
  39. 39. #4: Remote Desktop Connections<br /><ul><li>Definition
  40. 40. Software or an OS feature allowing graphical applications to run remotely on a server while being displayed locally
  41. 41. Characteristics
  42. 42. Easy to set up
  43. 43. Both free and subscription versions
  44. 44. Uses ports that are usually open, or not inspected such as HTTP 80 or HTTPS 443
  45. 45. Difficult to determine when it’s being used
  46. 46. Example
  47. 47. RDP 2 home, Logmein, GotoMeeting, etc.</li></ul>5/13/2010<br />DeepNines Technologies, Inc. Confidential © 2009<br />14<br />
  48. 48. #4: Remote Desktop Connections<br />5/13/2010<br />DeepNines Technologies, Inc. Confidential © 2009<br />15<br />
  49. 49. #3: Tunnels<br /><ul><li>Definition
  50. 50. Tunnels form a secure connection between the user and a server on the outside of the network in order to conceal the traffic
  51. 51. Characteristics
  52. 52. Uses encryption to conceal sessions
  53. 53. Can’t be easily (if at all) decrypted for inspection
  54. 54. Easy to set up at home
  55. 55. Ports are usually open to outside
  56. 56. Example
  57. 57. Most common tunnels are VPN (Virtual Private Network), SSL, UDP and SSH</li></ul>5/13/2010<br />DeepNines Technologies, Inc. Confidential © 2009<br />16<br />
  58. 58. #3 Tunnels: VPN Types<br /><ul><li>PPTP VPN’s
  59. 59. Client comes native with Windows and iPhone
  60. 60. Hardware / software cost is low
  61. 61. Linux can run easily on very low-end hardware</li></ul>5/13/2010<br />DeepNines Technologies, Inc. Confidential © 2009<br />17<br /><ul><li>SSL VPN’s
  62. 62. Access server easily set up with no Linux experience
  63. 63. Hardware / software cost is low
  64. 64. Client runs Linux, Win2000/XP/Vista, OpenBSD, FreeBSD, Mac OS X & Solaris
  65. 65. Dynamic public endpoints such as DHCP, connection-oriented stateful firewalls, and tunnels networks over NAT</li></li></ul><li>Freely available<br />Easy to use<br />Can use any port<br />#3 Tunnels: SSH Tunnels<br />*New security risk*<br />Tunnel is left open when leaving<br />Access back to the network from home<br />Can hack around and discover all the network elements<br />Try scans, password cracks, shares, etc.<br />5/13/2010<br />DeepNines Technologies, Inc. Confidential © 2009<br />18<br />
  66. 66. #2: Secure Proxy Sites<br /><ul><li>Definition
  67. 67. Secure proxy sites form an encrypted, secure connection between the user and the site
  68. 68. Characteristics
  69. 69. Emailed to distribution lists / spammed daily
  70. 70. Extremely prevalent
  71. 71. Encrypted sessions
  72. 72. Ports are usually open for other HTTPS sites
  73. 73. Examples
  74. 74. HTTPS/SSL</li></ul>5/13/2010<br />DeepNines Technologies, Inc. Confidential © 2009<br />19<br />
  75. 75. #2: Secure Proxy Sites: SSL Proxies<br />5/13/2010<br />DeepNines Technologies, Inc. Confidential © 2009<br />20<br />
  76. 76. #1: Host Proxy Programs<br /><ul><li>Definition
  77. 77. Host proxy programs run on a user’s desktop and combine multiple circumvention technologies, making them the most dangerous proxies
  78. 78. Characteristics
  79. 79. Very complex programs
  80. 80. Developed and funded by U.S. government
  81. 81. Combines multiple technologies
  82. 82. Encrypted sessions
  83. 83. Undetectable and erratic behavior
  84. 84. Finds ports that are open and usable
  85. 85. Examples
  86. 86. UltraSurf, FreeGate, YourFreedom, etc</li></ul>5/13/2010<br />DeepNines Technologies, Inc. Confidential © 2009<br />21<br />
  87. 87. Host Programs<br />5/13/2010<br />DeepNines Technologies, Inc. Confidential © 2009<br />22<br />
  88. 88. 5/13/2010<br />DeepNines Technologies, Inc. Confidential © 2009<br />23<br />Prevention and Gaps<br />Flaws in Many Technologies Make Proxies Easy to Explore and Utilize<br />
  89. 89. Content FilteringIt’s Not a Silver Bullet…<br /><ul><li>Designed as a Blacklist System
  90. 90. Uses a database of known URLs or Web address
  91. 91. Matches are blocked, unknown is allowed
  92. 92. 1990’s security methodology
  93. 93. Size Matters
  94. 94. Google indexes over 1 trillion URLs as of January 2009
  95. 95. Largest content filtering databases in the world are <100 million URLs
  96. 96. Effectiveness
  97. 97. It’s only as good as the last update (best case scenario)
  98. 98. Only inspects ports 80 and 8080
  99. 99. Only effective as a tool for well-known sites</li></ul>5/13/2010<br />DeepNines Technologies, Inc. Confidential © 2009<br />24<br />
  100. 100. URL Filters: What Do They See?<br />5/13/2010<br />DeepNines Technologies, Inc. Confidential © 2009<br />25<br />
  101. 101. URL Filters: What Do People See?<br />5/13/2010<br />DeepNines Technologies, Inc. Confidential © 2009<br />26<br />
  102. 102. Firewalls and IPSLimited by Definition…<br /><ul><li>Firewalls
  103. 103. Only allow or block ports and protocols
  104. 104. Do not inspect traffic past Layer 3
  105. 105. Only cares if stateful connection exists
  106. 106. Intrusion Detection/Prevention Systems
  107. 107. Concerned mainly about inbound attacks/exploits
  108. 108. Does not usually inspect outbound traffic
  109. 109. Limited signature set, no focused on content</li></ul>5/13/2010<br />DeepNines Technologies, Inc. Confidential © 2009<br />27<br />
  110. 110. The RisksNo One is Immune…<br /><ul><li>High Risks
  111. 111. Decreased productivity
  112. 112. Spyware, malware (backdoors, Trojans) and viruses
  113. 113. Confidential information leakage
  114. 114. Acceptable Use Policy (AUP) violations
  115. 115. Copyright lawsuits
  116. 116. Most Common Users of Proxies
  117. 117. Students (schools)
  118. 118. Younger generation of professionals (18 – 30 years old)
  119. 119. Disgruntled, frustrated or malicious employees (all ages)</li></ul>5/13/2010<br />DeepNines Technologies, Inc. Confidential © 2009<br />28<br />
  120. 120. Recommendations for Prevention<br /><ul><li>Internet Security Assessment
  121. 121. Determine current vulnerabilities, gaps and risk levels
  122. 122. Proxy Blocker Technology
  123. 123. Utilizes specially architected deep packet inspection intellectual property to identify the fabric of what makes up a proxy in order to prevent or block the connection
  124. 124. Signature Updates
  125. 125. Content filter (for known sites)
  126. 126. Proxy blocker / DPI (for unknown sites)</li></ul>5/13/2010<br />DeepNines Technologies, Inc. Confidential © 2009<br />29<br />
  127. 127. Questions and Answers<br />5/13/2010<br />DeepNines Technologies, Inc. Confidential © 2009<br />30<br />Additional questions<br /> email: sales@deepnines.com<br /> call: 1-866-DEEP9-12<br /> www.deepnines.com<br />

×