21 11-2013 anonymous-browsing_protection_or_revealing_privacy

© Copyright 2013 Cyberoam Technologies Pvt. Ltd. All Rights Reserved. www.cyberoam.com

www.cyberoam.com

© Copyright 2013 Cyberoam Technologies Pvt. Ltd. All Rights Reserved.

Our Products

Network Security Appliances - UTM, NGFW (Hardware & Virtual)

Modem Router Integrated Security appliance

Protecting or Revealing PrivacyPresenter: Cyberoam


Anonymous Browsing

- What, Why & How

Understanding Anonymity tools

Risks of Anonymity

Traditional Practice to protect against Anonymity

Cyberoam protecting privacy

Webinar agendaWebinar agenda


Browsing the World Wide Web while hiding the user's IP

address and any other personally identifiable

information from the websites that one is visiting

What is Anonymous web browsing?What is Anonymous web browsing?

Anonymous web browsingAnonymous web browsing


The way Internet censorship is clamping down, it is vital to remain anonymous some times

To hide one’s identity while surfing unproductive websites

To circumvent any organizational or country specific web access restrictions

Online shopping also is being recorded, both by retailer and your email provider (details of order receipts)

Anonymous web browsingAnonymous web browsing

Why do you need Anonymity?Why do you need Anonymity?


Anonymous web browsing – Approaches to AnonymityAnonymous web browsing – Approaches to Anonymity

Web based proxies – Works with a web browser and server side software

Secure/SSL proxies – Uses HTTPS connections to create a secure tunnel where content are encrypted.

Proxy networks – Uses layered encryption and peer-to-peer networking, for e.g. TOR

– known as “onion routing”Software applications – Client side application

software to automatically configure browser’s proxy settings, e.g. Ultrasurf, Freegate etc.

VTunnel.comHideMyAss.com

Proxy.org

Anonymouse.org

XRoxy.com

Proxify.com

EvadeFilters.com

UnBlockAll.netThe-Cloak.com

ProxyBoxOnline.com

Freegate

Hotspot Shield

UltraSurf

GTunnel

Vpn One ClickSpotflux

Tor BrowserGappProxy

Hyk-proxyGpassTunnelier


Web Based ProxyWeb Based Proxy


Incognito browsersIncognito browsers

Private Browsing Firefox Mozilla

Incognito Browsing Google Chrome

InPrivate Browsing Internet Explorer


Proxy NetworksProxy Networks

Hiding Identity using VPN

Does it really hide your identity?

Anonymous proxy servers just hide IP address….

Monitoring of Logs and Cookies can reveal your

identity!


Proxy ApplicationsProxy Applications

Administrator has blocked access to Facebook.

User will install proxy application like Wi-Free to

circumvent corporate policies

Proxy & Protocol based detection

Wi-Free Tunnel server//

Wi-Free application masks facebook traffic as general HTTP traffic that is allowed

by Firewall and Proxy & protocol detection tools

User successfully bypasses corporate policies and

accesses www.facebook.com

Wi-Free client

www.facebook.com


Why users are using such tools?Why users are using such tools?

I browse what I want to I get it easily It’s FREE!!

Are you sure you are not paying any cost for it?

Let us understand their business model


What do they invest?What do they invest?

They are not non-profit or community organizations.They are running business…

What do they need to run business?

Infrastructure costs

Skilled developers

Advertisements and branding

Administration and Maintenance costs


How do they get money to run business?How do they get money to run business?

You don’t pay Money…. You pay much more

There are risks associated with you hiding your identity

Advertisements on their software

Monitoring of user surfing pattern


Dramatic Increase in Tor Activity

Tor users were vulnerable to the Firefox 17 ESR vulnerability, which allows an attacker to perform arbitrary code execution

Silk Road, an illegal drug market operating on the Tor network, was shut down in October

A spike in the number connections starting near the middle of August and continuing through September can clearly be seen

Increase in traffic during August and September can likely be attributed to a new variant of the Mevade malware family.


Top Used Anonymizer Applications

Applciation Category Region Application Name % of OrganizationsAnonymizer Americas Tor 24% CGI-Proxy 16% Hamachi 8% Hopster 8% Ultrasurf 7% EMEA Tor 23% CGI-Proxy 12% Hamachi 4% Hopster 7% Hide my Ass 7% APAC Tor 20% Hopster 6% CGI-Proxy 6% Hamachi 6% Hide My Ass 7%


Risks of AnonymityRisks of Anonymity


Pay per install mechanism Can lead to

- Malware entry through malicious websites

- Targeted attacks through phishing

Collected huge data for user network activities, surfing behavior

User data transferred in clear text format – easy to sniff

Sell data to hackers in grey market

Targeted attacks through phishing

Advertisements Traffic monitoring and analysis

Let us understand how this business model works


Typical exploitation method for anonymity desired usersTypical exploitation method for anonymity desired users

Snap of a web-based proxy where ad is displayed.

User clicks on the ad

Malicious program hosted on website

Proxy servers can easily monitor your network activities

Attacker can use this user information to plan a targeted attack or can simply sell it to other hacker/attacker

Attacker identifies the user’s browser and exploits the vulnerability of browser or browser plug-in

On successful exploit, a malicious software is copied to user’s computer

User’s computer gets infected and sends user’s network activities to the command & control center

1

2

3


Legal risk – Schools must comply with CIPA from offensive internet content

Cyberbullying – helps to cover the tracks so that the user can taunt other employees and department heads with impunity

Phishing and password theft – sharing of password or critical information over the proxy servers which act as middle one leads to a breach

GeoLocation – using such servers can allow its operators to figure out the general physical location, identify details of their device and also install advertising cookies to track ones movements

Risks of AnonymityRisks of Anonymity


Top 7 countries targeted by FlameSource: securelist.com

Anonymity leading to attacksAnonymity leading to attacks

What harm can it bring to me or my company?


Mechanisms used to block Anonymous browsingMechanisms used to block Anonymous browsing

Transparent proxy Firewall

Challenges involved in protecting against anonymity tools…

Anonymity tools are built to evade such security mechanisms

Anonymity tools are frequently updated – Security mechanisms take time to release patch


Mechanisms failing to protect against risks of anonymityMechanisms failing to protect against risks of anonymity

Administrator has blocked access to Facebook.

User will install proxy application like Wi-Free to

circumvent corporate policies

TCP: Port 80 Identified

If allowed user will be

successful to bypass Firewall

Wi-Free clientwww.facebook.com

Proxy & Protocol based detection

Wi-Free Tunnel server//

HTTP protocol identified

If allowed user will be

successful to bypass Proxy and protocol

detection

User is successfully tunneled to Wi-Free application server and able to surf www.facebook.com

All the user details are transferred through Tunneled server.

The Wi-Free application has total visibility of user information,

credentials, surfing behavior, etc.


Vendor

Do not consider anonymity risks as Organizational risk

Frequently releasing applications – Updated database – with longer time duration – longer response time to patch the newly released proxy applications

Ineffective ways to block AnonymityIneffective ways to block Anonymity


Cyberoam protecting privacyCyberoam protecting privacy


Consider Anonymity risks as Organizational Threat

Dedicated resources for Application research and identify new vulnerabilities

Cyberoam threat research labs observes cyber criminals targeting

skype to spread malware threats

Cyberoam, the leading global network security appliances company, today announced its Threat

Research Labs has identified a new variant of the well-known "Dorkbot" worm. Perpetrators behind

this worm attack are using Skype, one of the most popular internet communication platforms, as the

carrier to distribute the worm to target systems / PCs running over Windows operating system.

Cyberoam Threat Research Labs (CTRL) unearthed this new variant while studying two zero-day

sample files that were sent through Skype, comprising of an .exe and a .zip file. Consisting of a pool of

dedicated network security experts and researchers, Cyberoam Threat Research Labs conducts

vulnerability analysis on the outbreak of various network and application threats on regular basis.

Cyberoam finds Flaw in Facebook Authorization

Likely to Trigger Malicious Attacks

New malware sample with BitCoin Mining attributes found!

It seems Cyber criminals have not got enough with the BitCoin mining malware. A new

sample of malware [MD5: fac01db6348df89757c8c5172538bbed] has been found by

Cyberoam Threat Research Lab (CTRL). As per the initial analysis, it has been found to be

involved in BitCoin mining activities. - See more at: http://www.cyberoam.com/blog/new-

malware-sample-with-bitcoin-mining-attributes-found/#sthash.oOozYkQ1.dpuf

Identify emerging threats and zero-day

vulnerabilities

Post vulnerabilities to global bodies

Release signatures

Cyberoam Threat Research Labs (CTRL)Cyberoam Threat Research Labs (CTRL)

Cyberoam approach towards risks of anonymityCyberoam approach towards risks of anonymity


• Malware analysis • Signature updates

Cyberoam Security Center

AntivirusSignatures

Web Categories

IPS Signatures

Auto-updated security intelligenceDynamic threat monitoring and response

Cyberoam Security CenterCyberoam Security Center

Cyberoam approach towards risks of anonymityCyberoam approach towards risks of anonymity


Proxy

FirewallPORT

IP & MAC

Protocol detection

Deep Packet Inspection & Application Filtering

User (Layer-8)User Mark is using Wi-Free application that is tunneling http traffic through port 80

Identifies Application

Identifies Protocol

Identifies Port

Wi-Free application Identified that tunnels http traffic

HTTP protocol

Port 80

√

√

X

X

Cyberoam Network Security Appliance

Cyberoam protecting privacyCyberoam protecting privacy


Cyberoam’s advance application detection modelCyberoam’s advance application detection model

Inspects single packet to identify application

Fails to create correlation among multiple packets to identify application

Packet-based scanning

Inspects multiple packets to identify application

Inspects as aggregated information in the form of flow

Flows provide information and patterns about network connection

Flow-based scanning

Combination of both Rules and Behavior based inspection eliminates chances of any security escape


Application Visibility & ControlApplication Visibility & Control


Application Visibility & ControlApplication Visibility & Control

Industry leading coverage for Visibility & Control over 2000+ key applications

Support for Business & Collaboration applications

Dedicated research team to continuously update Application signature database


Control over combination of

Bandwidth TimeUser or

User GroupApplication or

Application Category

Comprehensive database of anonymity applicationsComprehensive database of anonymity applications


Eliminates the need for manual intervention by administrators to update policies for new applications or applications versions added to the list

Select P2P Applications

Block all future P2P applications without adding applications manually

Set Action

Proactive protection modelProactive protection model


Protection against Phishing and Fraudulent websitesProtection against Phishing and Fraudulent websites


Link: http://demo.cyberoam.com

Credentials: guest /guest

Get a 30 day FREE Evaluation of Cyberoam Virtual appliance

Experience CyberoamExperience Cyberoam


Thank you

21 11-2013 anonymous-browsing_protection_or_revealing_privacy

Technology

cyberoam technologies

anonymity cyberoam

identity copyright

web based proxy copyright

privacy copyright

risks of anonymity copyright

business model copyright

firefox mozilla copyright