I've talked about forward and reverse proxies in this blog, and commented on anonymous proxies as well as how proxies are deployed. I came across a list of other proxy types (or terminology used to describe proxies, and thought I'd share this information).
You may see references to four different types of proxy servers that are available on the Internet (as opposed to the forward or reverse proxies that enterprises use):
Transparent Proxy - This type of proxy server identifies itself as a proxy server and also makes the original IP address available through the http headers. These are generally used for their ability to cache websites and do not effectively provide any anonymity to those who use them. However, the use of a transparent proxy typically allow end-user to get around simple IP bans. They are transparent in the terms that the end-user's IP address is exposed, not transparent in the terms that the end-user is unaware of using it.
Anonymous Proxy - This type of proxy server indentifies itself as a proxy server, but does not make the original IP address available. This type of proxy server is detectable, but provides reasonable anonymity for most end-users.
Distorting Proxy - This type of proxy server identifies itself as a proxy server, but make an incorrect original IP address available through the http headers.
High Anonymity Proxy - This type of proxy server does not identify itself as a proxy server and does not make available the original IP address.
There are risks to using proxies freely available on the Internet. In using a proxy server (for example, anonymizing HTTP proxy), all data sent to the service being used (for example, HTTP server in a website) must pass through the proxy server before being sent to the service, mostly in unencrypted form. It is therefore possible, and has been demonstrated, for a malicious proxy server to record everything sent to the proxy: including unencrypted logins and passwords. By chaining proxies which do not reveal data about the original requester, it is possible to obfuscate activities from the eyes of the user's destination. However, more traces will be left on the intermediate hops, which could be used or offered up to trace the user's activities. If the policies and administrators of these other proxies are unknown, the user may fall victim to a false sense of security just because those details are out of sight and mind.
The bottom line of this is to be wary when using free Internet proxy servers, and only use proxy servers of known integrity (e.g., the owner is known and trusted, has a clear privacy policy, etc.), and never use proxy servers of unknown integrity. If there is no choice but to use unknown proxy servers, do not pass any private information (unless it is properly encrypted) through the proxy.
It's a good idea to keep your end-users educated about the corporate proxy as well as the dangers of free proxies that they may be attempting to use to bypass your corporate proxy.
Wednesday, February 25, 2009
Tuesday, February 24, 2009
Top 8 Web 2.0 Security Threats
The Secure Enterprise 2.0 Forum has just released their 2009 industry report on top Web 2.0 security threats. This document attempts to identify the security risks that operators of Web 2.0 sites face. They point out 8 specific risks that leave a Web 2.0 site vulnerable and a risk to those using the website. Vulnerable Web 2.0 sites of course pose a risk for the proxy administrator, trying to keep malware and viruses off the corporate network.
This is just a good reminder to those of us who are IT administrators to keep our proxies and web filtering software up to date and to make sure we have some type of anti-malware running on our proxy systems.
This is just a good reminder to those of us who are IT administrators to keep our proxies and web filtering software up to date and to make sure we have some type of anti-malware running on our proxy systems.
Sunday, February 22, 2009
Do as I say not as I do
This article on security hits upon something most IT admins are probably familiar with. While many of us impose restrictions and policy on our end-users, there's often times we bypass them ourselves, putting our own systems at risk. In addition as the article talks about, even if we are diligent at work, we're less so with our own personal computers at home.
We take the risk thinking it's not likely we'll get infected if we bypass the web proxy at work, and we don't have any URL filtering or web based protection on our home computers. There's really no excuse for bypassing the proxy at work, but at home that's a less simple problem to solve. Most of us aren't going to shell out the money to buy a proxy for home like the one at work. There's good news here though. Blue Coat Systems (maker of the Proxy SG appliance) offers a free version of their software for home use. It's called "K-9" and can be found at www.getk9.com. It uses the same web filtering software as their Proxy SG appliance for the home PC. It's available for Windows and Mac, so there's no excuse not to protect your home system now.
We take the risk thinking it's not likely we'll get infected if we bypass the web proxy at work, and we don't have any URL filtering or web based protection on our home computers. There's really no excuse for bypassing the proxy at work, but at home that's a less simple problem to solve. Most of us aren't going to shell out the money to buy a proxy for home like the one at work. There's good news here though. Blue Coat Systems (maker of the Proxy SG appliance) offers a free version of their software for home use. It's called "K-9" and can be found at www.getk9.com. It uses the same web filtering software as their Proxy SG appliance for the home PC. It's available for Windows and Mac, so there's no excuse not to protect your home system now.
Friday, February 20, 2009
McAfee, Inc. Announces Results of a Commissioned Study by Independent Research Firm on the State of Web Security
McAfee commissioned a study by Forrester Consulting surveying 253 global IT professionals and security decision makers in companies around the world, ranging from 500 to 5000 employees.
They found the role of Web filtering is changing from an IT security function to more of a business function. Increasingly organizations are using Web filtering beyond basic security protection to incorporate functions such as productivity management, traffic quality of service (QoS) management, and single sign-on (SSO). The study also looked at the use of Web 2.0 technology in the enterprise, expecting it to continue growing in the near future. They expected social networking and streaming media become not only commonplace, but critical to business operations.
What was more surprising, was that although corporations placed DLP high on the list of priorities, fewer companies had implemented DLP. Eighty six percent considered data leaks an important threat, when asked what policy they have to govern internal employees contributing content to external blogs and wikis, only sixty eight percent said they impose some form of restriction (either complete block or selective block), while thirty one percent said they do not have any restriction for employees to access these third-party sites.
Other trends noticed included the consolidation of the content security industry. Eighty five percent of all respondents indicated that they would be more likely to employ an integrated content filtering solution that provides items like centralized policy management, configuration, and integrated DLP.
Also the study found that the Web filtering device (aka the proxy) is taking on functionality outside of security or usage policies. Organizations are realizing that the Web filtering solution may be the right place for other related traffic management functions. (Does this lend credence to Blue Coat's purchase of Packeteer?)
The study also had some specific recommendations based on the findings. The study recommended vendors with a solid in-the-cloud infrastructure, specific Web malware detection, and strong integration and consolidation strategy.
They noted that Web malware is different from traditional virus. Many Web malware are script-based, and they can change rapidly and take on many different forms. Traditional signature-based scanning approach is less effective against Web malware. This of course validates the multi-layer defense strategy promoted by most security vendors.
They found the role of Web filtering is changing from an IT security function to more of a business function. Increasingly organizations are using Web filtering beyond basic security protection to incorporate functions such as productivity management, traffic quality of service (QoS) management, and single sign-on (SSO). The study also looked at the use of Web 2.0 technology in the enterprise, expecting it to continue growing in the near future. They expected social networking and streaming media become not only commonplace, but critical to business operations.
What was more surprising, was that although corporations placed DLP high on the list of priorities, fewer companies had implemented DLP. Eighty six percent considered data leaks an important threat, when asked what policy they have to govern internal employees contributing content to external blogs and wikis, only sixty eight percent said they impose some form of restriction (either complete block or selective block), while thirty one percent said they do not have any restriction for employees to access these third-party sites.
Other trends noticed included the consolidation of the content security industry. Eighty five percent of all respondents indicated that they would be more likely to employ an integrated content filtering solution that provides items like centralized policy management, configuration, and integrated DLP.
Also the study found that the Web filtering device (aka the proxy) is taking on functionality outside of security or usage policies. Organizations are realizing that the Web filtering solution may be the right place for other related traffic management functions. (Does this lend credence to Blue Coat's purchase of Packeteer?)
The study also had some specific recommendations based on the findings. The study recommended vendors with a solid in-the-cloud infrastructure, specific Web malware detection, and strong integration and consolidation strategy.
They noted that Web malware is different from traditional virus. Many Web malware are script-based, and they can change rapidly and take on many different forms. Traditional signature-based scanning approach is less effective against Web malware. This of course validates the multi-layer defense strategy promoted by most security vendors.
Thursday, February 19, 2009
The trouble with SSL and web access
SSL is always a conundrum for the typical security and network administrator in an enterprise network. SSL is a good thing, in that keeps private data private, but it's a bad thing, when you've got corporate policies against sending out confidential information (even on secured connections).
End-users who are given access to the internet from work, can be protected from internet threats and have corporate policy enforced by sending them through a proxy, but what happens when they try to access a SSL encrypted site? Often a proxy will bypass SSL encrypted sites, unless you've got an SSL proxy capability installed on your proxy. If you're bypassing SSL, that means you have no visibility or protection when an end-user visits an SSL encrypted website. As previously discussed an SSL-encrypted site, or well-known site, is no guarantee that the website is free of malware or viruses. Many well-known sites are getting infected with malware and drive-by download threats.
With respect to visibility, without an SSL proxy, you will not have any knowledge or accountability when company confidential documents leave the corporate network through a secure web transaction.
If you do have an SSL proxy, you get protection from malware, and you have the capability of doing DLP (Data Leakage Protection) on secure connections to prevent loss of confidential data. The downside of this, is if any end-users are transacting personal business over secure connections, an SSL proxy will store that personal information in its cache. So, if you do implement an SSL proxy, you will need a splash page or acceptance page warning your end-users that SSL is intercepted and inspected and recommend they do not transact personal web affairs at work.
So do the pros outweigh the cons for implementing an SSL-intercept proxy? We believe so. It's not worth the risk of getting a drive-by virus or malware from an SSL encrypted session, and the only downside of an SSL proxy is making sure your end-users are aware of the implications when they access personal information across SSL-encrypted sites.
End-users who are given access to the internet from work, can be protected from internet threats and have corporate policy enforced by sending them through a proxy, but what happens when they try to access a SSL encrypted site? Often a proxy will bypass SSL encrypted sites, unless you've got an SSL proxy capability installed on your proxy. If you're bypassing SSL, that means you have no visibility or protection when an end-user visits an SSL encrypted website. As previously discussed an SSL-encrypted site, or well-known site, is no guarantee that the website is free of malware or viruses. Many well-known sites are getting infected with malware and drive-by download threats.
With respect to visibility, without an SSL proxy, you will not have any knowledge or accountability when company confidential documents leave the corporate network through a secure web transaction.
If you do have an SSL proxy, you get protection from malware, and you have the capability of doing DLP (Data Leakage Protection) on secure connections to prevent loss of confidential data. The downside of this, is if any end-users are transacting personal business over secure connections, an SSL proxy will store that personal information in its cache. So, if you do implement an SSL proxy, you will need a splash page or acceptance page warning your end-users that SSL is intercepted and inspected and recommend they do not transact personal web affairs at work.
So do the pros outweigh the cons for implementing an SSL-intercept proxy? We believe so. It's not worth the risk of getting a drive-by virus or malware from an SSL encrypted session, and the only downside of an SSL proxy is making sure your end-users are aware of the implications when they access personal information across SSL-encrypted sites.
Thursday, February 12, 2009
BlueCoat: Creating an economic advantage for users in 2009?
One of our favorite proxy vendors, Blue Coat Systems, has been at it again making news about their new Application Delivery Network vision that I've previously blogged about.
This time they took it to the analysts at a New York City Briefing Event and shared their roadmap and vision about proxies and how they relate to the vision of Application Delivery Networks. You can read all about it in ZDNet's review of the event.
This time they took it to the analysts at a New York City Briefing Event and shared their roadmap and vision about proxies and how they relate to the vision of Application Delivery Networks. You can read all about it in ZDNet's review of the event.
Wednesday, February 11, 2009
SaaS Still On the Rise, Despite Down Economy
SaaS (Software as a Service) increasing revenues in a down economy shouldn't be the surprise that Network World seems to indicate in their article. Most organizations see SaaS as a way to take what would have been a large hit to their bottom line and change to a recurring expense hit instead. As Network World rightly indicates, there are some pitfalls to moving to SaaS and longer term implications to the bottom line.
But what does SaaS have to do with the Secure Web Gateway Proxy that we talk about at The Proxy Update? It's important because once an organization decides to use a SaaS vendor that means workers in your organization are going through your proxy to get to the SaaS service. More often than not, these are secure websites, and end-users have to enter their credentials to get access to the SaaS service. This means you need to have SSL interception turned on at the proxy for it to be able to scan the SaaS websites for malware and viruses. At first glance you may think this isn't necessary, but we've written in the past on how well-known websites host malware, so it's especially important to make sure malware doesn't come into your organization from a secure website.
The more applications in the organization move to applications that are SaaS, the more important the role the proxy will play in your network.
But what does SaaS have to do with the Secure Web Gateway Proxy that we talk about at The Proxy Update? It's important because once an organization decides to use a SaaS vendor that means workers in your organization are going through your proxy to get to the SaaS service. More often than not, these are secure websites, and end-users have to enter their credentials to get access to the SaaS service. This means you need to have SSL interception turned on at the proxy for it to be able to scan the SaaS websites for malware and viruses. At first glance you may think this isn't necessary, but we've written in the past on how well-known websites host malware, so it's especially important to make sure malware doesn't come into your organization from a secure website.
The more applications in the organization move to applications that are SaaS, the more important the role the proxy will play in your network.
Tuesday, February 10, 2009
Social Networking's Security Pitfalls
The phenomenon of social networking is no surprise for any IT administrator who's seen their users use Facebook, MySpace or even LinkedIn. These sites have grown at phenomenal rates, as has the number of attacks on users who use these sites. The article linked above discusses one example of a recent security attack (the Koobface worm) on users who watched a video sent to them on a social networking site.
This security attack is a good reminder as to why we have corporate or enterprise proxies installed at the network edge. The proxy is the first line of defense block websites that have malware, viruses and worms on them. If you're just running a proxy, without running any content filtering (anti-virus, anti-malware, URL filtering), then you've only got half a solution implemented. A good proxy solution would have prevented Koobface from infecting your network.
This security attack is a good reminder as to why we have corporate or enterprise proxies installed at the network edge. The proxy is the first line of defense block websites that have malware, viruses and worms on them. If you're just running a proxy, without running any content filtering (anti-virus, anti-malware, URL filtering), then you've only got half a solution implemented. A good proxy solution would have prevented Koobface from infecting your network.
Monday, February 9, 2009
Where's the Priority for Security?
In today's economy, you may be looking for ways to cut the IT budget, reduce costs and keep your own job. Cutting or reducing recurring costs may be one way you're looking to keep the budget down. Unfortunately most recurring costs are associated with maintenance, or security subscriptions. Neither of which are ideal candidates for reduction or elimination.
Security may be one area you think you can get away with not having for a little while, the same way you think about insurance. It's a risk not to have it, and of course the first breach in security will have paid for having had the security.
In today's tough economy, there's probably more hackers and more malware trying to get into your organization, so any reduction in the level of security will probably prove to be a catastrophe for your organization. It may be that you'll need to spend a little more to save money in the long run, but don't skimp on security in these troubled times.
Security may be one area you think you can get away with not having for a little while, the same way you think about insurance. It's a risk not to have it, and of course the first breach in security will have paid for having had the security.
In today's tough economy, there's probably more hackers and more malware trying to get into your organization, so any reduction in the level of security will probably prove to be a catastrophe for your organization. It may be that you'll need to spend a little more to save money in the long run, but don't skimp on security in these troubled times.
Thursday, February 5, 2009
Unauthorized Web Use on the Rise
As anyone with a proxy knows, one of the reasons the proxy exists in your organization's network is to either enforce HR or corporate policy for web surfing. It's no surprise when one of your users complains they can't get to a website they are trying to reach, whether it's a legitimate site or not, it's of course the fault of the proxy that they can't get there.
So it's no surprise that users are finding ways around the enterprise proxy. What's perhaps surprising, is the fact that many IT departments aren't aware their users are circumventing the corporate proxy. Dark Reading reported only 15% of IT organizations were aware of users bypassing the corporate proxy, while a survey of end-users indicated at least 3 out of 4 organizations had users bypassing the proxy.
That should be a heads up to any IT administrator to make sure their firewalls and proxies are working together to prevent end-users from bypassing the corporate proxy using tools like anonymous proxies, TOR or Hopster. The IT admin should also check to make sure their proxy is running the latest software and has the latest tools available to prevent proxy avoidance.
So it's no surprise that users are finding ways around the enterprise proxy. What's perhaps surprising, is the fact that many IT departments aren't aware their users are circumventing the corporate proxy. Dark Reading reported only 15% of IT organizations were aware of users bypassing the corporate proxy, while a survey of end-users indicated at least 3 out of 4 organizations had users bypassing the proxy.
That should be a heads up to any IT administrator to make sure their firewalls and proxies are working together to prevent end-users from bypassing the corporate proxy using tools like anonymous proxies, TOR or Hopster. The IT admin should also check to make sure their proxy is running the latest software and has the latest tools available to prevent proxy avoidance.
Expecting All-in-One Security Headaches
All-in-one security devices are becoming more popular. They integrate what administrators have traditionally deployed as separate devices, such as proxies, routers, firewalls, email gateways, intrusion protection, print servers and other devices. While these all-in-one devices may work well for a home office or small office (SOHO), they are probably less desirable for medium to large organizations.
The referenced article points out there are security risks inherent with an all-in-one device, not to mention other issues (like single point of failure).
Our recommendation is to keep the devices separate (giving you added layers of defense), and buy best of breed products for your proxy, firewall, router, etc. You'll be glad you did the in the long run.
The referenced article points out there are security risks inherent with an all-in-one device, not to mention other issues (like single point of failure).
Our recommendation is to keep the devices separate (giving you added layers of defense), and buy best of breed products for your proxy, firewall, router, etc. You'll be glad you did the in the long run.
Wednesday, February 4, 2009
Security Players Take Aim at Anonymous Proxies
We've discussed anonymous proxies on this blog in the past so it's no surprise that the security vendors are taking a hard look at them as well.
Anonymous proxies are a threat to many organizations because they allow the end-user to bypass any security controls (such as proxies in the organization), and go directly to sites that may contain drive-by malware, viruses, and other threats (not to mention users that are trying to bypass HR or corporate policies on what sites are allowed). Your enterprise proxy should have some way to protect your users from using anonymous proxies. URL filtering is probably not enough by itself as new anonymous proxies are appearing daily, and it's a hard task to keep a list updated.
Make sure your protection uses some type of real-time detection for anonymous proxies, and you won't be regretting the fact that one of your users got to an anonymous proxy and some malicious website.
Anonymous proxies are a threat to many organizations because they allow the end-user to bypass any security controls (such as proxies in the organization), and go directly to sites that may contain drive-by malware, viruses, and other threats (not to mention users that are trying to bypass HR or corporate policies on what sites are allowed). Your enterprise proxy should have some way to protect your users from using anonymous proxies. URL filtering is probably not enough by itself as new anonymous proxies are appearing daily, and it's a hard task to keep a list updated.
Make sure your protection uses some type of real-time detection for anonymous proxies, and you won't be regretting the fact that one of your users got to an anonymous proxy and some malicious website.
Subscribe to:
Posts (Atom)
Posts
