The 5 most dangerous proxies
Upcoming SlideShare
Loading in...5
×
 

The 5 most dangerous proxies

on

  • 6,556 views

 

Statistics

Views

Total Views
6,556
Views on SlideShare
6,552
Embed Views
4

Actions

Likes
1
Downloads
8
Comments
0

1 Embed 4

http://www.slideshare.net 4

Accessibility

Categories

Upload Details

Uploaded via as Microsoft PowerPoint

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

The 5 most dangerous proxies The 5 most dangerous proxies Presentation Transcript

  • Top 5 Most Dangerous Proxies
    http://www.deepnines.com/
    http://www.deepnines.com/proxy-blocker/
    5/13/2010
    DeepNines Technologies, Inc. Confidential © 2009
    1
  • Agenda
    Understanding Proxies
    Most Dangerous Proxies Countdown
    Prevention and Gaps
    5/13/2010
    DeepNines Technologies, Inc. Confidential © 2009
    2
  • Understanding Proxies
    5/13/2010
    DeepNines Technologies, Inc. Confidential © 2009
    3
    Defining and Understanding the Types of Web Proxies Available Today
  • Defining Proxies
    • A proxy server is a computer or program that acts as an intermediary for Web browsing
    • From a network security perspective, web proxies are the unauthorized use of a proxy server for circumventing network security policies, filtering solutions and firewalls
    • Once a user connects to a proxy server, the proxy then connects the user to the unfiltered Internet
    5/13/2010
    DeepNines Technologies, Inc. Confidential © 2009
    4
  • Proxies and Filter Avoidance
    Complete Anonymous Surfing of Websites
    Circumvents existing network security and content filtering solutions
    Unfiltered, free rein of the Internet
    Prevents administrators from monitoring or reporting on users
    Original Intent
    Provide uncensored access to the Internet in oppressed nations
    Still operational for people of many nations
    Unintended Outcome
    Easy to build and use
    Became circumvention tactic for users wanting unfiltered access
    5/13/2010
    DeepNines Technologies, Inc. Confidential © 2009
    5
  • Proxies and Filter Avoidance
    • Different Types of Proxies and Techniques
    • Tor clients
    • Anonymizers
    • CGI
    • PHP
    • ROT13
    • Base64
    • RC4
    • Circumventors (HTTP/HTTPS)
    • Transparent (HTTP, Sockv4/5)
    • Gopher
    5/13/2010
    DeepNines Technologies, Inc. Confidential © 2009
    6
    • Tunnels (SSH/SSL)
    • Host programs (ex: UltraSurf)
    • VPNs
    • Logmein
    • Gotomypc
    • Gotoassist
    • And the list goes on…
    There are over 23 different types of proxies and filter avoidance techniques
  • 5/13/2010
    DeepNines Technologies, Inc. Confidential © 2009
    7
    Most Dangerous Proxies Countdown
    Top Five Most Dangerous Web Proxies
  • #5: Anonymous Proxies
    • Definition
    • Anonymous proxies are URL-based proxies available through web or IP addresses
    • Characteristics
    • “Cat-and-mouse” game
    • Very prevalent, extremely easy to find and use
    • Thousands of new ones generated daily
    • Not difficult to block once the URL is know but requires constant black listing
    • Examples
    • CGI, PHP, Circumventor, Browser-based, etc.
    5/13/2010
    DeepNines Technologies, Inc. Confidential © 2009
    8
  • 1. Email distribution list and spam in the morning 2. Blacklisting all day
    5/13/2010
    DeepNines Technologies, Inc. Confidential © 2009
    9
  • #5: Anonymous Proxies, Cont’d…
    Known by a specific URL, making it easier for traditional filters to block
    Groups exists that are dedicated to creating new proxies each week
    These are not detected by filters for 2-3 days
    Examples Include
    PHP
    pinksocks.info
    CGI
    adiofairy.com
    ROT13 and Base64
    stupidcensorship.com
    5/13/2010
    DeepNines Technologies, Inc. Confidential © 2009
    10
  • Definition
    Circumventor software can be placed on a home (or any out-of-network) computer and it will return a URL that acts as a proxy and can be used to connect back to that computer for anonymous browsing
    Characteristics
    These URLs are dynamic and easily changed if ever discovered and blocked
    Works well for people who do not know how to set up a web server and have a broadband connection at home
    Example: http://adsl-68-93405.dsl.rcsntx.swbell.net/peacefire911437will be assigned URL and distributed as www.goldenscar.com
    5/13/2010
    DeepNines Technologies, Inc. Confidential © 2009
    11
    #5 (b): Circumventors
  • #5 (c): Transparent Proxies
    Definition
    Based on IP address and configured in the Web browser advanced settings. Individuals can find a list by Googling “proxy list” and using a program to see which will work
    Characteristics
    Millions of sites
    More added daily
    5/13/2010
    DeepNines Technologies, Inc. Confidential © 2009
    12
    • Example
  • #5 (c): Transparent Proxies, Cont’d…
    5/13/2010
    DeepNines Technologies, Inc. Confidential © 2009
    13
  • #4: Remote Desktop Connections
    • Definition
    • Software or an OS feature allowing graphical applications to run remotely on a server while being displayed locally
    • Characteristics
    • Easy to set up
    • Both free and subscription versions
    • Uses ports that are usually open, or not inspected such as HTTP 80 or HTTPS 443
    • Difficult to determine when it’s being used
    • Example
    • RDP 2 home, Logmein, GotoMeeting, etc.
    5/13/2010
    DeepNines Technologies, Inc. Confidential © 2009
    14
  • #4: Remote Desktop Connections
    5/13/2010
    DeepNines Technologies, Inc. Confidential © 2009
    15
  • #3: Tunnels
    • Definition
    • Tunnels form a secure connection between the user and a server on the outside of the network in order to conceal the traffic
    • Characteristics
    • Uses encryption to conceal sessions
    • Can’t be easily (if at all) decrypted for inspection
    • Easy to set up at home
    • Ports are usually open to outside
    • Example
    • Most common tunnels are VPN (Virtual Private Network), SSL, UDP and SSH
    5/13/2010
    DeepNines Technologies, Inc. Confidential © 2009
    16
  • #3 Tunnels: VPN Types
    • PPTP VPN’s
    • Client comes native with Windows and iPhone
    • Hardware / software cost is low
    • Linux can run easily on very low-end hardware
    5/13/2010
    DeepNines Technologies, Inc. Confidential © 2009
    17
    • SSL VPN’s
    • Access server easily set up with no Linux experience
    • Hardware / software cost is low
    • Client runs Linux, Win2000/XP/Vista, OpenBSD, FreeBSD, Mac OS X & Solaris
    • Dynamic public endpoints such as DHCP, connection-oriented stateful firewalls, and tunnels networks over NAT
  • Freely available
    Easy to use
    Can use any port
    #3 Tunnels: SSH Tunnels
    *New security risk*
    Tunnel is left open when leaving
    Access back to the network from home
    Can hack around and discover all the network elements
    Try scans, password cracks, shares, etc.
    5/13/2010
    DeepNines Technologies, Inc. Confidential © 2009
    18
  • #2: Secure Proxy Sites
    • Definition
    • Secure proxy sites form an encrypted, secure connection between the user and the site
    • Characteristics
    • Emailed to distribution lists / spammed daily
    • Extremely prevalent
    • Encrypted sessions
    • Ports are usually open for other HTTPS sites
    • Examples
    • HTTPS/SSL
    5/13/2010
    DeepNines Technologies, Inc. Confidential © 2009
    19
  • #2: Secure Proxy Sites: SSL Proxies
    5/13/2010
    DeepNines Technologies, Inc. Confidential © 2009
    20
  • #1: Host Proxy Programs
    • Definition
    • Host proxy programs run on a user’s desktop and combine multiple circumvention technologies, making them the most dangerous proxies
    • Characteristics
    • Very complex programs
    • Developed and funded by U.S. government
    • Combines multiple technologies
    • Encrypted sessions
    • Undetectable and erratic behavior
    • Finds ports that are open and usable
    • Examples
    • UltraSurf, FreeGate, YourFreedom, etc
    5/13/2010
    DeepNines Technologies, Inc. Confidential © 2009
    21
  • Host Programs
    5/13/2010
    DeepNines Technologies, Inc. Confidential © 2009
    22
  • 5/13/2010
    DeepNines Technologies, Inc. Confidential © 2009
    23
    Prevention and Gaps
    Flaws in Many Technologies Make Proxies Easy to Explore and Utilize
  • Content FilteringIt’s Not a Silver Bullet…
    • Designed as a Blacklist System
    • Uses a database of known URLs or Web address
    • Matches are blocked, unknown is allowed
    • 1990’s security methodology
    • Size Matters
    • Google indexes over 1 trillion URLs as of January 2009
    • Largest content filtering databases in the world are <100 million URLs
    • Effectiveness
    • It’s only as good as the last update (best case scenario)
    • Only inspects ports 80 and 8080
    • Only effective as a tool for well-known sites
    5/13/2010
    DeepNines Technologies, Inc. Confidential © 2009
    24
  • URL Filters: What Do They See?
    5/13/2010
    DeepNines Technologies, Inc. Confidential © 2009
    25
  • URL Filters: What Do People See?
    5/13/2010
    DeepNines Technologies, Inc. Confidential © 2009
    26
  • Firewalls and IPSLimited by Definition…
    • Firewalls
    • Only allow or block ports and protocols
    • Do not inspect traffic past Layer 3
    • Only cares if stateful connection exists
    • Intrusion Detection/Prevention Systems
    • Concerned mainly about inbound attacks/exploits
    • Does not usually inspect outbound traffic
    • Limited signature set, no focused on content
    5/13/2010
    DeepNines Technologies, Inc. Confidential © 2009
    27
  • The RisksNo One is Immune…
    • High Risks
    • Decreased productivity
    • Spyware, malware (backdoors, Trojans) and viruses
    • Confidential information leakage
    • Acceptable Use Policy (AUP) violations
    • Copyright lawsuits
    • Most Common Users of Proxies
    • Students (schools)
    • Younger generation of professionals (18 – 30 years old)
    • Disgruntled, frustrated or malicious employees (all ages)
    5/13/2010
    DeepNines Technologies, Inc. Confidential © 2009
    28
  • Recommendations for Prevention
    • Internet Security Assessment
    • Determine current vulnerabilities, gaps and risk levels
    • Proxy Blocker Technology
    • Utilizes specially architected deep packet inspection intellectual property to identify the fabric of what makes up a proxy in order to prevent or block the connection
    • Signature Updates
    • Content filter (for known sites)
    • Proxy blocker / DPI (for unknown sites)
    5/13/2010
    DeepNines Technologies, Inc. Confidential © 2009
    29
  • Questions and Answers
    5/13/2010
    DeepNines Technologies, Inc. Confidential © 2009
    30
    Additional questions
    email: sales@deepnines.com
    call: 1-866-DEEP9-12
    www.deepnines.com