21 11-2013 anonymous-browsing_protection_or_revealing_privacy
DESCRIPTION
In an exceedingly digitally connected world, one small mistake or a click event can trigger an influx of sophisticated attacks in enterprise networks, leaving businesses wide open to evolving threats and cyber security risks. Researchers, analysts, bloggers, journalists all have offered varying theories and analysis into this growing menace of malware and botnet mayhem, suspecting anonymous browsing service as the root cause. Through this webinar Cyberoam shares useful insights into adopting future-ready security measures and guidelines to lay in-depth defense against such security risksTRANSCRIPT
© Copyright 2013 Cyberoam Technologies Pvt. Ltd. All Rights Reserved. www.cyberoam.com
www.cyberoam.com
© Copyright 2013 Cyberoam Technologies Pvt. Ltd. All Rights Reserved.
Our Products
Network Security Appliances - UTM, NGFW (Hardware & Virtual)
Modem Router Integrated Security appliance
Protecting or Revealing PrivacyPresenter: Cyberoam
© Copyright 2013 Cyberoam Technologies Pvt. Ltd. All Rights Reserved. www.cyberoam.com
Anonymous Browsing
- What, Why & How
Understanding Anonymity tools
Risks of Anonymity
Traditional Practice to protect against Anonymity
Cyberoam protecting privacy
Webinar agendaWebinar agenda
© Copyright 2013 Cyberoam Technologies Pvt. Ltd. All Rights Reserved. www.cyberoam.com
Browsing the World Wide Web while hiding the user's IP
address and any other personally identifiable
information from the websites that one is visiting
What is Anonymous web browsing?What is Anonymous web browsing?
Anonymous web browsingAnonymous web browsing
© Copyright 2013 Cyberoam Technologies Pvt. Ltd. All Rights Reserved. www.cyberoam.com
The way Internet censorship is clamping down, it is vital to remain anonymous some times
To hide one’s identity while surfing unproductive websites
To circumvent any organizational or country specific web access restrictions
Online shopping also is being recorded, both by retailer and your email provider (details of order receipts)
Anonymous web browsingAnonymous web browsing
Why do you need Anonymity?Why do you need Anonymity?
© Copyright 2013 Cyberoam Technologies Pvt. Ltd. All Rights Reserved. www.cyberoam.com
Anonymous web browsing – Approaches to AnonymityAnonymous web browsing – Approaches to Anonymity
Web based proxies – Works with a web browser and server side software
Secure/SSL proxies – Uses HTTPS connections to create a secure tunnel where content are encrypted.
Proxy networks – Uses layered encryption and peer-to-peer networking, for e.g. TOR
– known as “onion routing”Software applications – Client side application
software to automatically configure browser’s proxy settings, e.g. Ultrasurf, Freegate etc.
VTunnel.comHideMyAss.com
Proxy.org
Anonymouse.org
XRoxy.com
Proxify.com
EvadeFilters.com
UnBlockAll.netThe-Cloak.com
ProxyBoxOnline.com
Freegate
Hotspot Shield
UltraSurf
GTunnel
Vpn One ClickSpotflux
Tor BrowserGappProxy
Hyk-proxyGpassTunnelier
© Copyright 2013 Cyberoam Technologies Pvt. Ltd. All Rights Reserved. www.cyberoam.com
Web Based ProxyWeb Based Proxy
© Copyright 2013 Cyberoam Technologies Pvt. Ltd. All Rights Reserved. www.cyberoam.com
Incognito browsersIncognito browsers
Private Browsing Firefox Mozilla
Incognito Browsing Google Chrome
InPrivate Browsing Internet Explorer
© Copyright 2013 Cyberoam Technologies Pvt. Ltd. All Rights Reserved. www.cyberoam.com
Proxy NetworksProxy Networks
Hiding Identity using VPN
Does it really hide your identity?
Anonymous proxy servers just hide IP address….
Monitoring of Logs and Cookies can reveal your
identity!
© Copyright 2013 Cyberoam Technologies Pvt. Ltd. All Rights Reserved. www.cyberoam.com
Proxy ApplicationsProxy Applications
Administrator has blocked access to Facebook.
User will install proxy application like Wi-Free to
circumvent corporate policies
Proxy & Protocol based detection
Wi-Free Tunnel server//
Wi-Free application masks facebook traffic as general HTTP traffic that is allowed
by Firewall and Proxy & protocol detection tools
User successfully bypasses corporate policies and
accesses www.facebook.com
Wi-Free client
www.facebook.com
© Copyright 2013 Cyberoam Technologies Pvt. Ltd. All Rights Reserved. www.cyberoam.com
Why users are using such tools?Why users are using such tools?
I browse what I want to I get it easily It’s FREE!!
Are you sure you are not paying any cost for it?
Let us understand their business model
© Copyright 2013 Cyberoam Technologies Pvt. Ltd. All Rights Reserved. www.cyberoam.com
What do they invest?What do they invest?
They are not non-profit or community organizations.They are running business…
What do they need to run business?
Infrastructure costs
Skilled developers
Advertisements and branding
Administration and Maintenance costs
© Copyright 2013 Cyberoam Technologies Pvt. Ltd. All Rights Reserved. www.cyberoam.com
How do they get money to run business?How do they get money to run business?
You don’t pay Money…. You pay much more
There are risks associated with you hiding your identity
Advertisements on their software
Monitoring of user surfing pattern
© Copyright 2013 Cyberoam Technologies Pvt. Ltd. All Rights Reserved. www.cyberoam.com
Dramatic Increase in Tor Activity
Tor users were vulnerable to the Firefox 17 ESR vulnerability, which allows an attacker to perform arbitrary code execution
Silk Road, an illegal drug market operating on the Tor network, was shut down in October
A spike in the number connections starting near the middle of August and continuing through September can clearly be seen
Increase in traffic during August and September can likely be attributed to a new variant of the Mevade malware family.
© Copyright 2013 Cyberoam Technologies Pvt. Ltd. All Rights Reserved. www.cyberoam.com
Top Used Anonymizer Applications
Applciation Category Region Application Name % of OrganizationsAnonymizer Americas Tor 24% CGI-Proxy 16% Hamachi 8% Hopster 8% Ultrasurf 7% EMEA Tor 23% CGI-Proxy 12% Hamachi 4% Hopster 7% Hide my Ass 7% APAC Tor 20% Hopster 6% CGI-Proxy 6% Hamachi 6% Hide My Ass 7%
© Copyright 2013 Cyberoam Technologies Pvt. Ltd. All Rights Reserved. www.cyberoam.com
Risks of AnonymityRisks of Anonymity
© Copyright 2013 Cyberoam Technologies Pvt. Ltd. All Rights Reserved. www.cyberoam.com
Pay per install mechanism Can lead to
- Malware entry through malicious websites
- Targeted attacks through phishing
Collected huge data for user network activities, surfing behavior
User data transferred in clear text format – easy to sniff
Sell data to hackers in grey market
Targeted attacks through phishing
Advertisements Traffic monitoring and analysis
Let us understand how this business model works
© Copyright 2013 Cyberoam Technologies Pvt. Ltd. All Rights Reserved. www.cyberoam.com
Typical exploitation method for anonymity desired usersTypical exploitation method for anonymity desired users
Snap of a web-based proxy where ad is displayed.
User clicks on the ad
Malicious program hosted on website
Proxy servers can easily monitor your network activities
Attacker can use this user information to plan a targeted attack or can simply sell it to other hacker/attacker
Attacker identifies the user’s browser and exploits the vulnerability of browser or browser plug-in
On successful exploit, a malicious software is copied to user’s computer
User’s computer gets infected and sends user’s network activities to the command & control center
1
2
3
© Copyright 2013 Cyberoam Technologies Pvt. Ltd. All Rights Reserved. www.cyberoam.com
Legal risk – Schools must comply with CIPA from offensive internet content
Cyberbullying – helps to cover the tracks so that the user can taunt other employees and department heads with impunity
Phishing and password theft – sharing of password or critical information over the proxy servers which act as middle one leads to a breach
GeoLocation – using such servers can allow its operators to figure out the general physical location, identify details of their device and also install advertising cookies to track ones movements
Risks of AnonymityRisks of Anonymity
© Copyright 2013 Cyberoam Technologies Pvt. Ltd. All Rights Reserved. www.cyberoam.com
Top 7 countries targeted by FlameSource: securelist.com
Anonymity leading to attacksAnonymity leading to attacks
What harm can it bring to me or my company?
© Copyright 2013 Cyberoam Technologies Pvt. Ltd. All Rights Reserved. www.cyberoam.com
Mechanisms used to block Anonymous browsingMechanisms used to block Anonymous browsing
Transparent proxy Firewall
Challenges involved in protecting against anonymity tools…
Anonymity tools are built to evade such security mechanisms
Anonymity tools are frequently updated – Security mechanisms take time to release patch
© Copyright 2013 Cyberoam Technologies Pvt. Ltd. All Rights Reserved. www.cyberoam.com
Mechanisms failing to protect against risks of anonymityMechanisms failing to protect against risks of anonymity
Administrator has blocked access to Facebook.
User will install proxy application like Wi-Free to
circumvent corporate policies
TCP: Port 80 Identified
If allowed user will be
successful to bypass Firewall
Wi-Free clientwww.facebook.com
Proxy & Protocol based detection
Wi-Free Tunnel server//
HTTP protocol identified
If allowed user will be
successful to bypass Proxy and protocol
detection
User is successfully tunneled to Wi-Free application server and able to surf www.facebook.com
All the user details are transferred through Tunneled server.
The Wi-Free application has total visibility of user information,
credentials, surfing behavior, etc.
© Copyright 2013 Cyberoam Technologies Pvt. Ltd. All Rights Reserved. www.cyberoam.com
Vendor
Do not consider anonymity risks as Organizational risk
Frequently releasing applications – Updated database – with longer time duration – longer response time to patch the newly released proxy applications
Ineffective ways to block AnonymityIneffective ways to block Anonymity
© Copyright 2013 Cyberoam Technologies Pvt. Ltd. All Rights Reserved. www.cyberoam.com
Cyberoam protecting privacyCyberoam protecting privacy
© Copyright 2013 Cyberoam Technologies Pvt. Ltd. All Rights Reserved. www.cyberoam.com
Consider Anonymity risks as Organizational Threat
Dedicated resources for Application research and identify new vulnerabilities
Cyberoam threat research labs observes cyber criminals targeting
skype to spread malware threats
Cyberoam, the leading global network security appliances company, today announced its Threat
Research Labs has identified a new variant of the well-known "Dorkbot" worm. Perpetrators behind
this worm attack are using Skype, one of the most popular internet communication platforms, as the
carrier to distribute the worm to target systems / PCs running over Windows operating system.
Cyberoam Threat Research Labs (CTRL) unearthed this new variant while studying two zero-day
sample files that were sent through Skype, comprising of an .exe and a .zip file. Consisting of a pool of
dedicated network security experts and researchers, Cyberoam Threat Research Labs conducts
vulnerability analysis on the outbreak of various network and application threats on regular basis.
Cyberoam finds Flaw in Facebook Authorization
Likely to Trigger Malicious Attacks
New malware sample with BitCoin Mining attributes found!
It seems Cyber criminals have not got enough with the BitCoin mining malware. A new
sample of malware [MD5: fac01db6348df89757c8c5172538bbed] has been found by
Cyberoam Threat Research Lab (CTRL). As per the initial analysis, it has been found to be
involved in BitCoin mining activities. - See more at: http://www.cyberoam.com/blog/new-
malware-sample-with-bitcoin-mining-attributes-found/#sthash.oOozYkQ1.dpuf
Identify emerging threats and zero-day
vulnerabilities
Post vulnerabilities to global bodies
Release signatures
Cyberoam Threat Research Labs (CTRL)Cyberoam Threat Research Labs (CTRL)
Cyberoam approach towards risks of anonymityCyberoam approach towards risks of anonymity
© Copyright 2013 Cyberoam Technologies Pvt. Ltd. All Rights Reserved. www.cyberoam.com
• Malware analysis • Signature updates
Cyberoam Security Center
AntivirusSignatures
Web Categories
IPS Signatures
Auto-updated security intelligenceDynamic threat monitoring and response
Cyberoam Security CenterCyberoam Security Center
Cyberoam approach towards risks of anonymityCyberoam approach towards risks of anonymity
© Copyright 2013 Cyberoam Technologies Pvt. Ltd. All Rights Reserved. www.cyberoam.com
Proxy
FirewallPORT
IP & MAC
Protocol detection
Deep Packet Inspection & Application Filtering
User (Layer-8)User Mark is using Wi-Free application that is tunneling http traffic through port 80
Identifies Application
Identifies Protocol
Identifies Port
Wi-Free application Identified that tunnels http traffic
HTTP protocol
Port 80
√
√
X
X
Cyberoam Network Security Appliance
Cyberoam protecting privacyCyberoam protecting privacy
© Copyright 2013 Cyberoam Technologies Pvt. Ltd. All Rights Reserved. www.cyberoam.com
Cyberoam’s advance application detection modelCyberoam’s advance application detection model
Inspects single packet to identify application
Fails to create correlation among multiple packets to identify application
Packet-based scanning
Inspects multiple packets to identify application
Inspects as aggregated information in the form of flow
Flows provide information and patterns about network connection
Flow-based scanning
Combination of both Rules and Behavior based inspection eliminates chances of any security escape
© Copyright 2013 Cyberoam Technologies Pvt. Ltd. All Rights Reserved. www.cyberoam.com
Application Visibility & ControlApplication Visibility & Control
© Copyright 2013 Cyberoam Technologies Pvt. Ltd. All Rights Reserved. www.cyberoam.com
Application Visibility & ControlApplication Visibility & Control
Industry leading coverage for Visibility & Control over 2000+ key applications
Support for Business & Collaboration applications
Dedicated research team to continuously update Application signature database
© Copyright 2013 Cyberoam Technologies Pvt. Ltd. All Rights Reserved. www.cyberoam.com
Control over combination of
Bandwidth TimeUser or
User GroupApplication or
Application Category
Comprehensive database of anonymity applicationsComprehensive database of anonymity applications
© Copyright 2013 Cyberoam Technologies Pvt. Ltd. All Rights Reserved. www.cyberoam.com
Eliminates the need for manual intervention by administrators to update policies for new applications or applications versions added to the list
Select P2P Applications
Block all future P2P applications without adding applications manually
Set Action
Proactive protection modelProactive protection model
© Copyright 2013 Cyberoam Technologies Pvt. Ltd. All Rights Reserved. www.cyberoam.com
Protection against Phishing and Fraudulent websitesProtection against Phishing and Fraudulent websites
© Copyright 2013 Cyberoam Technologies Pvt. Ltd. All Rights Reserved. www.cyberoam.com
Link: http://demo.cyberoam.com
Credentials: guest /guest
Get a 30 day FREE Evaluation of Cyberoam Virtual appliance
Experience CyberoamExperience Cyberoam
© Copyright 2013 Cyberoam Technologies Pvt. Ltd. All Rights Reserved. www.cyberoam.com
Thank you