• Share
  • Email
  • Embed
  • Like
  • Save
  • Private Content
The 5 most dangerous proxies
 

The 5 most dangerous proxies

on

  • 5,539 views

 

Statistics

Views

Total Views
5,539
Views on SlideShare
5,535
Embed Views
4

Actions

Likes
1
Downloads
8
Comments
0

1 Embed 4

http://www.slideshare.net 4

Accessibility

Categories

Upload Details

Uploaded via as Microsoft PowerPoint

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

    The 5 most dangerous proxies The 5 most dangerous proxies Presentation Transcript

    • Top 5 Most Dangerous Proxies
      http://www.deepnines.com/
      http://www.deepnines.com/proxy-blocker/
      5/13/2010
      DeepNines Technologies, Inc. Confidential © 2009
      1
    • Agenda
      Understanding Proxies
      Most Dangerous Proxies Countdown
      Prevention and Gaps
      5/13/2010
      DeepNines Technologies, Inc. Confidential © 2009
      2
    • Understanding Proxies
      5/13/2010
      DeepNines Technologies, Inc. Confidential © 2009
      3
      Defining and Understanding the Types of Web Proxies Available Today
    • Defining Proxies
      • A proxy server is a computer or program that acts as an intermediary for Web browsing
      • From a network security perspective, web proxies are the unauthorized use of a proxy server for circumventing network security policies, filtering solutions and firewalls
      • Once a user connects to a proxy server, the proxy then connects the user to the unfiltered Internet
      5/13/2010
      DeepNines Technologies, Inc. Confidential © 2009
      4
    • Proxies and Filter Avoidance
      Complete Anonymous Surfing of Websites
      Circumvents existing network security and content filtering solutions
      Unfiltered, free rein of the Internet
      Prevents administrators from monitoring or reporting on users
      Original Intent
      Provide uncensored access to the Internet in oppressed nations
      Still operational for people of many nations
      Unintended Outcome
      Easy to build and use
      Became circumvention tactic for users wanting unfiltered access
      5/13/2010
      DeepNines Technologies, Inc. Confidential © 2009
      5
    • Proxies and Filter Avoidance
      • Different Types of Proxies and Techniques
      • Tor clients
      • Anonymizers
      • CGI
      • PHP
      • ROT13
      • Base64
      • RC4
      • Circumventors (HTTP/HTTPS)
      • Transparent (HTTP, Sockv4/5)
      • Gopher
      5/13/2010
      DeepNines Technologies, Inc. Confidential © 2009
      6
      • Tunnels (SSH/SSL)
      • Host programs (ex: UltraSurf)
      • VPNs
      • Logmein
      • Gotomypc
      • Gotoassist
      • And the list goes on…
      There are over 23 different types of proxies and filter avoidance techniques
    • 5/13/2010
      DeepNines Technologies, Inc. Confidential © 2009
      7
      Most Dangerous Proxies Countdown
      Top Five Most Dangerous Web Proxies
    • #5: Anonymous Proxies
      • Definition
      • Anonymous proxies are URL-based proxies available through web or IP addresses
      • Characteristics
      • “Cat-and-mouse” game
      • Very prevalent, extremely easy to find and use
      • Thousands of new ones generated daily
      • Not difficult to block once the URL is know but requires constant black listing
      • Examples
      • CGI, PHP, Circumventor, Browser-based, etc.
      5/13/2010
      DeepNines Technologies, Inc. Confidential © 2009
      8
    • 1. Email distribution list and spam in the morning 2. Blacklisting all day
      5/13/2010
      DeepNines Technologies, Inc. Confidential © 2009
      9
    • #5: Anonymous Proxies, Cont’d…
      Known by a specific URL, making it easier for traditional filters to block
      Groups exists that are dedicated to creating new proxies each week
      These are not detected by filters for 2-3 days
      Examples Include
      PHP
      pinksocks.info
      CGI
      adiofairy.com
      ROT13 and Base64
      stupidcensorship.com
      5/13/2010
      DeepNines Technologies, Inc. Confidential © 2009
      10
    • Definition
      Circumventor software can be placed on a home (or any out-of-network) computer and it will return a URL that acts as a proxy and can be used to connect back to that computer for anonymous browsing
      Characteristics
      These URLs are dynamic and easily changed if ever discovered and blocked
      Works well for people who do not know how to set up a web server and have a broadband connection at home
      Example: http://adsl-68-93405.dsl.rcsntx.swbell.net/peacefire911437will be assigned URL and distributed as www.goldenscar.com
      5/13/2010
      DeepNines Technologies, Inc. Confidential © 2009
      11
      #5 (b): Circumventors
    • #5 (c): Transparent Proxies
      Definition
      Based on IP address and configured in the Web browser advanced settings. Individuals can find a list by Googling “proxy list” and using a program to see which will work
      Characteristics
      Millions of sites
      More added daily
      5/13/2010
      DeepNines Technologies, Inc. Confidential © 2009
      12
      • Example
    • #5 (c): Transparent Proxies, Cont’d…
      5/13/2010
      DeepNines Technologies, Inc. Confidential © 2009
      13
    • #4: Remote Desktop Connections
      • Definition
      • Software or an OS feature allowing graphical applications to run remotely on a server while being displayed locally
      • Characteristics
      • Easy to set up
      • Both free and subscription versions
      • Uses ports that are usually open, or not inspected such as HTTP 80 or HTTPS 443
      • Difficult to determine when it’s being used
      • Example
      • RDP 2 home, Logmein, GotoMeeting, etc.
      5/13/2010
      DeepNines Technologies, Inc. Confidential © 2009
      14
    • #4: Remote Desktop Connections
      5/13/2010
      DeepNines Technologies, Inc. Confidential © 2009
      15
    • #3: Tunnels
      • Definition
      • Tunnels form a secure connection between the user and a server on the outside of the network in order to conceal the traffic
      • Characteristics
      • Uses encryption to conceal sessions
      • Can’t be easily (if at all) decrypted for inspection
      • Easy to set up at home
      • Ports are usually open to outside
      • Example
      • Most common tunnels are VPN (Virtual Private Network), SSL, UDP and SSH
      5/13/2010
      DeepNines Technologies, Inc. Confidential © 2009
      16
    • #3 Tunnels: VPN Types
      • PPTP VPN’s
      • Client comes native with Windows and iPhone
      • Hardware / software cost is low
      • Linux can run easily on very low-end hardware
      5/13/2010
      DeepNines Technologies, Inc. Confidential © 2009
      17
      • SSL VPN’s
      • Access server easily set up with no Linux experience
      • Hardware / software cost is low
      • Client runs Linux, Win2000/XP/Vista, OpenBSD, FreeBSD, Mac OS X & Solaris
      • Dynamic public endpoints such as DHCP, connection-oriented stateful firewalls, and tunnels networks over NAT
    • Freely available
      Easy to use
      Can use any port
      #3 Tunnels: SSH Tunnels
      *New security risk*
      Tunnel is left open when leaving
      Access back to the network from home
      Can hack around and discover all the network elements
      Try scans, password cracks, shares, etc.
      5/13/2010
      DeepNines Technologies, Inc. Confidential © 2009
      18
    • #2: Secure Proxy Sites
      • Definition
      • Secure proxy sites form an encrypted, secure connection between the user and the site
      • Characteristics
      • Emailed to distribution lists / spammed daily
      • Extremely prevalent
      • Encrypted sessions
      • Ports are usually open for other HTTPS sites
      • Examples
      • HTTPS/SSL
      5/13/2010
      DeepNines Technologies, Inc. Confidential © 2009
      19
    • #2: Secure Proxy Sites: SSL Proxies
      5/13/2010
      DeepNines Technologies, Inc. Confidential © 2009
      20
    • #1: Host Proxy Programs
      • Definition
      • Host proxy programs run on a user’s desktop and combine multiple circumvention technologies, making them the most dangerous proxies
      • Characteristics
      • Very complex programs
      • Developed and funded by U.S. government
      • Combines multiple technologies
      • Encrypted sessions
      • Undetectable and erratic behavior
      • Finds ports that are open and usable
      • Examples
      • UltraSurf, FreeGate, YourFreedom, etc
      5/13/2010
      DeepNines Technologies, Inc. Confidential © 2009
      21
    • Host Programs
      5/13/2010
      DeepNines Technologies, Inc. Confidential © 2009
      22
    • 5/13/2010
      DeepNines Technologies, Inc. Confidential © 2009
      23
      Prevention and Gaps
      Flaws in Many Technologies Make Proxies Easy to Explore and Utilize
    • Content FilteringIt’s Not a Silver Bullet…
      • Designed as a Blacklist System
      • Uses a database of known URLs or Web address
      • Matches are blocked, unknown is allowed
      • 1990’s security methodology
      • Size Matters
      • Google indexes over 1 trillion URLs as of January 2009
      • Largest content filtering databases in the world are <100 million URLs
      • Effectiveness
      • It’s only as good as the last update (best case scenario)
      • Only inspects ports 80 and 8080
      • Only effective as a tool for well-known sites
      5/13/2010
      DeepNines Technologies, Inc. Confidential © 2009
      24
    • URL Filters: What Do They See?
      5/13/2010
      DeepNines Technologies, Inc. Confidential © 2009
      25
    • URL Filters: What Do People See?
      5/13/2010
      DeepNines Technologies, Inc. Confidential © 2009
      26
    • Firewalls and IPSLimited by Definition…
      • Firewalls
      • Only allow or block ports and protocols
      • Do not inspect traffic past Layer 3
      • Only cares if stateful connection exists
      • Intrusion Detection/Prevention Systems
      • Concerned mainly about inbound attacks/exploits
      • Does not usually inspect outbound traffic
      • Limited signature set, no focused on content
      5/13/2010
      DeepNines Technologies, Inc. Confidential © 2009
      27
    • The RisksNo One is Immune…
      • High Risks
      • Decreased productivity
      • Spyware, malware (backdoors, Trojans) and viruses
      • Confidential information leakage
      • Acceptable Use Policy (AUP) violations
      • Copyright lawsuits
      • Most Common Users of Proxies
      • Students (schools)
      • Younger generation of professionals (18 – 30 years old)
      • Disgruntled, frustrated or malicious employees (all ages)
      5/13/2010
      DeepNines Technologies, Inc. Confidential © 2009
      28
    • Recommendations for Prevention
      • Internet Security Assessment
      • Determine current vulnerabilities, gaps and risk levels
      • Proxy Blocker Technology
      • Utilizes specially architected deep packet inspection intellectual property to identify the fabric of what makes up a proxy in order to prevent or block the connection
      • Signature Updates
      • Content filter (for known sites)
      • Proxy blocker / DPI (for unknown sites)
      5/13/2010
      DeepNines Technologies, Inc. Confidential © 2009
      29
    • Questions and Answers
      5/13/2010
      DeepNines Technologies, Inc. Confidential © 2009
      30
      Additional questions
      email: sales@deepnines.com
      call: 1-866-DEEP9-12
      www.deepnines.com