Upload
seldridged9
View
8.430
Download
1
Embed Size (px)
DESCRIPTION
Citation preview
Top 5 Most Dangerous Proxies
http://www.deepnines.com/
http://www.deepnines.com/proxy-blocker/
04/10/2023 DeepNines Technologies, Inc. Confidential © 2009 1
Agenda
Understanding Proxies
Most Dangerous Proxies Countdown
Prevention and Gaps
04/10/2023 DeepNines Technologies, Inc. Confidential © 2009 2
Understanding Proxies
04/10/2023 DeepNines Technologies, Inc. Confidential © 2009 3
Defining and Understanding the Types of Web Proxies Available Today
Defining Proxies
A proxy server is a computer or program that acts as an intermediary for Web browsing
From a network security perspective, web proxies are the unauthorized use of a proxy server for circumventing network security policies, filtering solutions and firewalls
Once a user connects to a proxy server, the proxy then connects the user to the unfiltered Internet
04/10/2023 DeepNines Technologies, Inc. Confidential © 2009 4
Proxies and Filter Avoidance
Complete Anonymous Surfing of Websites Circumvents existing
network security and content filtering solutions
Unfiltered, free rein of the Internet
Prevents administrators from monitoring or reporting on users
Original Intent Provide uncensored
access to the Internet in oppressed nations
Still operational for people of many nations
Unintended Outcome Easy to build and use Became circumvention
tactic for users wanting unfiltered access
04/10/2023 DeepNines Technologies, Inc. Confidential © 2009 5
Proxies and Filter Avoidance
Different Types of Proxies and Techniques Tor clients Anonymizers CGI PHP ROT13 Base64 RC4 Circumventors (HTTP/HTTPS) Transparent (HTTP, Sockv4/5) Gopher
04/10/2023 DeepNines Technologies, Inc. Confidential © 2009 6
Tunnels (SSH/SSL) Host programs (ex: UltraSurf) VPNs Logmein Gotomypc Gotoassist And the list goes on…
There are over 23 different types of proxies and filter avoidance techniques
04/10/2023 DeepNines Technologies, Inc. Confidential © 2009 7
Most Dangerous Proxies CountdownTop Five Most Dangerous Web Proxies
#5: Anonymous Proxies
Definition Anonymous proxies are URL-based proxies available
through web or IP addresses
Characteristics “Cat-and-mouse” game Very prevalent, extremely easy to find and use Thousands of new ones generated daily Not difficult to block once the URL is know but requires
constant black listing
Examples CGI, PHP, Circumventor, Browser-based, etc.
04/10/2023 DeepNines Technologies, Inc. Confidential © 2009 8
1. Email distribution list and spam in the morning
2. Blacklisting all day
04/10/2023 DeepNines Technologies, Inc. Confidential © 2009 9
#5: Anonymous Proxies, Cont’d…
Known by a specific URL, making it easier for traditional filters to block
Groups exists that are dedicated to creating new proxies each week These are not detected
by filters for 2-3 days
Examples Include PHP
pinksocks.info CGI
adiofairy.com ROT13 and Base64
stupidcensorship.com
04/10/2023 DeepNines Technologies, Inc. Confidential © 2009 10
Definition Circumventor software can be placed on a home (or any
out-of-network) computer and it will return a URL that acts as a proxy and can be used to connect back to that computer for anonymous browsing
Characteristics These URLs are dynamic and easily changed if ever
discovered and blocked Works well for people who do not know how to set up a
web server and have a broadband connection at home
Example: http://adsl-68-93405.dsl.rcsntx.swbell.net/peacefire911437 will be assigned URL and distributed as www.goldenscar.com
04/10/2023 DeepNines Technologies, Inc. Confidential © 2009 11
#5 (b): Circumventors
#5 (c): Transparent Proxies
Definition Based on IP address
and configured in the Web browser advanced settings. Individuals can find a list by Googling “proxy list” and using a program to see which will work
Characteristics Millions of sites More added daily
04/10/2023 DeepNines Technologies, Inc. Confidential © 2009 12
Example
#5 (c): Transparent Proxies, Cont’d…
04/10/2023 DeepNines Technologies, Inc. Confidential © 2009 13
#4: Remote Desktop Connections
Definition Software or an OS feature allowing graphical
applications to run remotely on a server while being displayed locally
Characteristics Easy to set up Both free and subscription versions Uses ports that are usually open, or not inspected such
as HTTP 80 or HTTPS 443 Difficult to determine when it’s being used
Example RDP 2 home, Logmein, GotoMeeting, etc.
04/10/2023 DeepNines Technologies, Inc. Confidential © 2009 14
#4: Remote Desktop Connections
04/10/2023 DeepNines Technologies, Inc. Confidential © 2009 15
#3: Tunnels
Definition Tunnels form a secure connection between the user and
a server on the outside of the network in order to conceal the traffic
Characteristics Uses encryption to conceal sessions Can’t be easily (if at all) decrypted for inspection Easy to set up at home Ports are usually open to outside
Example Most common tunnels are VPN (Virtual Private Network),
SSL, UDP and SSH
04/10/2023 DeepNines Technologies, Inc. Confidential © 2009 16
#3 Tunnels: VPN Types
PPTP VPN’s Client comes native with Windows and iPhone Hardware / software cost is low Linux can run easily on very low-end hardware
04/10/2023 DeepNines Technologies, Inc. Confidential © 2009 17
SSL VPN’s Access server easily set up with no Linux
experience Hardware / software cost is low Client runs Linux, Win2000/XP/Vista,
OpenBSD, FreeBSD, Mac OS X & Solaris Dynamic public endpoints such as DHCP,
connection-oriented stateful firewalls, and tunnels networks over NAT
Freely available Easy to use Can use any port
#3 Tunnels: SSH Tunnels
*New security risk*
Tunnel is left open when leaving Access back to the network from home Can hack around and discover all the
network elements Try scans, password cracks, shares,
etc.04/10/2023 DeepNines Technologies, Inc. Confidential © 2009 18
#2: Secure Proxy Sites
Definition Secure proxy sites form an encrypted, secure connection
between the user and the site
Characteristics Emailed to distribution lists / spammed daily Extremely prevalent Encrypted sessions Ports are usually open for other HTTPS sites
Examples HTTPS/SSL
04/10/2023 DeepNines Technologies, Inc. Confidential © 2009 19
#2: Secure Proxy Sites: SSL Proxies
04/10/2023 DeepNines Technologies, Inc. Confidential © 2009 20
#1: Host Proxy Programs
Definition Host proxy programs run on a user’s desktop and
combine multiple circumvention technologies, making them the most dangerous proxies
Characteristics Very complex programs Developed and funded by U.S. government Combines multiple technologies
Encrypted sessions Undetectable and erratic behavior Finds ports that are open and usable
Examples UltraSurf, FreeGate, YourFreedom, etc
04/10/2023 DeepNines Technologies, Inc. Confidential © 2009 21
Host Programs
04/10/2023 DeepNines Technologies, Inc. Confidential © 2009 22
04/10/2023 DeepNines Technologies, Inc. Confidential © 2009 23
Prevention and GapsFlaws in Many Technologies Make Proxies Easy to Explore and Utilize
Content FilteringIt’s Not a Silver Bullet…
Designed as a Blacklist System Uses a database of known URLs or Web address Matches are blocked, unknown is allowed 1990’s security methodology
Size Matters Google indexes over 1 trillion URLs as of January 2009 Largest content filtering databases in the world are <100
million URLs
Effectiveness It’s only as good as the last update (best case scenario) Only inspects ports 80 and 8080 Only effective as a tool for well-known sites
04/10/2023 DeepNines Technologies, Inc. Confidential © 2009 24
URL Filters: What Do They See?
04/10/2023 DeepNines Technologies, Inc. Confidential © 2009 25
URL Filters: What Do People See?
04/10/2023 DeepNines Technologies, Inc. Confidential © 2009 26
Firewalls and IPSLimited by Definition…
Firewalls Only allow or block ports and protocols Do not inspect traffic past Layer 3 Only cares if stateful connection exists
Intrusion Detection/Prevention Systems Concerned mainly about inbound attacks/exploits Does not usually inspect outbound traffic Limited signature set, no focused on content
04/10/2023 DeepNines Technologies, Inc. Confidential © 2009 27
The RisksNo One is Immune…
High Risks Decreased productivity Spyware, malware (backdoors, Trojans) and viruses Confidential information leakage Acceptable Use Policy (AUP) violations Copyright lawsuits
Most Common Users of Proxies Students (schools) Younger generation of professionals (18 – 30 years old) Disgruntled, frustrated or malicious employees (all ages)
04/10/2023 DeepNines Technologies, Inc. Confidential © 2009 28
Recommendations for Prevention
Internet Security Assessment Determine current vulnerabilities, gaps and risk levels
Proxy Blocker Technology Utilizes specially architected deep packet inspection
intellectual property to identify the fabric of what makes up a proxy in order to prevent or block the connection
Signature Updates Content filter (for known sites) Proxy blocker / DPI (for unknown sites)
04/10/2023 DeepNines Technologies, Inc. Confidential © 2009 29
Questions and Answers
04/10/2023 DeepNines Technologies, Inc. Confidential © 2009 30
Additional questions email: [email protected] call: 1-866-DEEP9-12
www.deepnines.com