We've talked about anonymous proxies on this blog in the past, and recently I came across an article that discussed why someone would want to host an anonymous proxy. I've attached the link above and included some of the relevant information below:
Anonymous proxies require a lot of bandwidth to host. This bandwidth costs money, sometimes quite a lot. So who is hosting these proxies, and who is footing the bill? A few proxies are hosted by technically-adept students, bypassing their school filters, and limiting the use to a select group of their peers. Frequently these types of proxy are hosted on a home broadband connection, but with a handful of users, that’s no problem. These are the only truly ‘free’ forms of proxy and they can also be pretty tricky to block – URL list-based filters will have difficult time trying to catch them!
Public web proxies on the other hand (the most common type) can eat their way through many gigabits of bandwidth. The cost of this is usually offset by placing pay per click adverts on the proxy page. Revenue is miniscule, but with many hits, it all adds up. Of course, the proxy owners have to advertise too – top proxy lists are one way of doing this, but sometimes legitimate ads are placed as well. Some software-based proxies charge a fee but the majority are free and don’t carry any ads. Since it is highly unlikely that the creators are magnanimously footing the hosting bills, these proxy services will undoubtedly be selling on browsing habits, injecting ads or unwanted text, and even pushing malware.
Many students who use anonymous proxies are also unaware of the risks to their own personal security and identity. Malicious proxy servers do exist and are capable of recording everything sent to the proxy, including unencrypted logins and passwords. Although some proxy networks claim to only use ‘safe’ servers, due to the ‘anonymous’ nature of these tools, proxy server safety is impossible to police. Students should be educated to understand that whenever they use a proxy, they risk someone “in the middle” reading their data.
Other tips to prevent proxy abuse:
•Educate teachers to recognise illicit surfing or proxy abuse and report it to the IT department
•Educate students about the danger of using proxies.
•Allow slightly more lenient filtering outside of core hours
•Make sure your AUP covers anonymous proxying and that both students and teachers are familiar with its content. Make it clear that proxy abuse can be tracked to individuals.
Welcome to the Proxy Update, your source of news and information on Proxies and their role in network security.
Thursday, October 1, 2009
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment