21 11-2013 anonymous-browsing_protection_or_revealing_privacy1. www.cyberoam.com
Protecting or Revealing Privacy
Our Products
© Copyright 2013 Cyberoam Technologies Pvt. Ltd. All Rights Reserved.
Network Security Appliances - UTM, NGFW
(Hardware & Virtual)
Presenter:
Cyberoam
Modem Router Integrated Security
appliance
© Copyright 2013 Cyberoam Technologies Pvt. Ltd. All Rights Reserved. www.cyberoam.com
2. Webinar agenda
Anonymous Browsing
- What, Why & How
Understanding Anonymity tools
Risks of Anonymity
Traditional Practice to protect against Anonymity
Cyberoam protecting privacy
© Copyright 2013 Cyberoam Technologies Pvt. Ltd. All Rights Reserved. www.cyberoam.com
3. Anonymous web browsing
What is Anonymous web browsing?
Browsing theWorld Wide Web while hiding the user's IP
address and any other personally identifiable
information from the websites that one is visiting
© Copyright 2013 Cyberoam Technologies Pvt. Ltd. All Rights Reserved. www.cyberoam.com
4. Anonymous web browsing
Why do you need Anonymity?
The way Internet censorship is clamping down, it
is vital to remain anonymous some times
To hide one’s identity while surfing unproductive
websites
To circumvent any organizational or country
specific web access restrictions
Online shopping also is being recorded, both by
retailer and your email provider (details of order
receipts)
© Copyright 2013 Cyberoam Technologies Pvt. Ltd. All Rights Reserved. www.cyberoam.com
5. Anonymous web browsing – Approaches to Anonymity
Web based proxies – Works with a web
browser and server side software
Secure/SSL proxies – Uses HTTPS connections to
create a secure tunnel where content are encrypted.
Proxy networks – Uses layered encryption
and peer-to-peer networking, for e.g. TOR
– known as “onion routing”
Software applications – Client side application
software to automatically configure browser’s proxy
settings, e.g. Ultrasurf, Freegate etc.
VTunnel.com
HideMyAss.com
Freegate
XRoxy.com
Proxy.org
Anonymouse.org
The-Cloak.com
Proxify.com
EvadeFilters.com
Vpn One Click
Tunnelier Gpass
UnBlockAll.net
UltraSurf
Spotflux
GTunnel
ProxyBoxOnline.com
Hotspot Shield
Hyk-proxy
Tor Browser
GappProxy
© Copyright 2013 Cyberoam Technologies Pvt. Ltd. All Rights Reserved. www.cyberoam.com
6. Web Based Proxy
© Copyright 2013 Cyberoam Technologies Pvt. Ltd. All Rights Reserved. www.cyberoam.com
7. Incognito browsers
Incognito Browsing Google Chrome
InPrivate Browsing Internet Explorer
Private Browsing Firefox Mozilla
© Copyright 2013 Cyberoam Technologies Pvt. Ltd. All Rights Reserved. www.cyberoam.com
8. Proxy Networks
Hiding Identity using VPN
Does it really hide your
identity?
Anonymous proxy servers just
hide IP address….
Monitoring of Logs and
Cookies can reveal your
identity!
© Copyright 2013 Cyberoam Technologies Pvt. Ltd. All Rights Reserved. www.cyberoam.com
9. Proxy Applications
Wi-Free client
www.facebook.com
Administrator has blocked
access to Facebook.
User will install proxy
application like Wi-Free to
circumvent corporate
policies
Proxy & Protocol
based detection
Wi-Free Tunnel
server//
Wi-Free application masks
facebook traffic as general
HTTP traffic that is allowed
by Firewall and Proxy &
protocol detection tools
User successfully bypasses
corporate policies and
accesses www.facebook.com
© Copyright 2013 Cyberoam Technologies Pvt. Ltd. All Rights Reserved. www.cyberoam.com
10. Why users are using such tools?
I browse what I
want to
I get it easily It’s FREE!!
Are you sure you are not paying any cost for it?
Let us understand their business model
© Copyright 2013 Cyberoam Technologies Pvt. Ltd. All Rights Reserved. www.cyberoam.com
11. What do they invest?
Infrastructure
costs
Skilled
developers
Advertisements
and branding
Administration and Maintenance costs
They are not non-profit or community organizations.
They are running business…
What do they need to run business?
© Copyright 2013 Cyberoam Technologies Pvt. Ltd. All Rights Reserved. www.cyberoam.com
12. How do they get money to run business?
Advertisements on their software
Monitoring of user surfing pattern
You don’t pay Money…. You pay much more
There are risks associated with you hiding your identity
© Copyright 2013 Cyberoam Technologies Pvt. Ltd. All Rights Reserved. www.cyberoam.com
13. Dramatic Increase in Tor Activity
Tor users were vulnerable to the Firefox 17 ESR
vulnerability, which allows an attacker to perform
arbitrary code execution
Silk Road, an illegal drug market operating on the Tor
network, was shut down in October
A spike in the number connections starting near the
middle of August and continuing through September
can clearly be seen
Increase in traffic during August and September can
likely be attributed to a new variant of the Mevade
malware family.
© Copyright 2013 Cyberoam Technologies Pvt. Ltd. All Rights Reserved. www.cyberoam.com
14. Top Used Anonymizer Applications
Applciation Category Region Application Name % of Organizations
Anonymizer Americas Tor 24%
CGI-Proxy 16%
Hamachi 8%
Hopster 8%
Ultrasurf 7%
EMEA Tor 23%
CGI-Proxy 12%
Hamachi 4%
Hopster 7%
Hide my Ass 7%
APAC Tor 20%
Hopster 6%
CGI-Proxy 6%
Hamachi 6%
Hide My Ass 7%
© Copyright 2013 Cyberoam Technologies Pvt. Ltd. All Rights Reserved. www.cyberoam.com
15. Risks of Anonymity
© Copyright 2013 Cyberoam Technologies Pvt. Ltd. All Rights Reserved. www.cyberoam.com
16. Advertisements Traffic monitoring and analysis
Pay per install mechanism
Can lead to
- Malware entry through malicious
websites
- Targeted attacks through
phishing
Collected huge data for user
network activities, surfing behavior
User data transferred in clear text
format – easy to sniff
Sell data to hackers in grey market
Targeted attacks through phishing
Let us understand how this business model works
© Copyright 2013 Cyberoam Technologies Pvt. Ltd. All Rights Reserved. www.cyberoam.com
17. Typical exploitation method for anonymity desired users
Snap of a web-based proxy
where ad is displayed.
User clicks on the ad
Malicious program
hosted on website
Proxy servers can easily monitor
your network activities
Attacker identifies the user’s
browser and exploits the
vulnerability of browser or
browser plug-in
On successful exploit, a
malicious software is copied
to user’s computer
User’s computer gets
infected and sends user’s
network activities to the
command & control center
1
2
3
Attacker can use this user information to plan a targeted
attack or can simply sell it to other hacker/attacker
© Copyright 2013 Cyberoam Technologies Pvt. Ltd. All Rights Reserved. www.cyberoam.com
18. Risks of Anonymity
Legal risk – Schools must comply with CIPA from offensive
internet content
Cyberbullying – helps to cover the tracks so that the user can
taunt other employees and department heads with impunity
Phishing and password theft – sharing of password or critical
information over the proxy servers which act as middle one
leads to a breach
GeoLocation – using such servers can allow its operators to
figure out the general physical location, identify details of
their device and also install advertising cookies to track ones
movements
© Copyright 2013 Cyberoam Technologies Pvt. Ltd. All Rights Reserved. www.cyberoam.com
19. What harm can it bring to me or my company?
Top 7 countries targeted by Flame
Source: securelist.com
Anonymity leading to attacks
© Copyright 2013 Cyberoam Technologies Pvt. Ltd. All Rights Reserved. www.cyberoam.com
20. Mechanisms used to block Anonymous browsing
Transparent
proxy
Firewall
Challenges involved in protecting against anonymity tools…
Anonymity tools are built to evade such security mechanisms
Anonymity tools are frequently updated – Security mechanisms take time to release patch
© Copyright 2013 Cyberoam Technologies Pvt. Ltd. All Rights Reserved. www.cyberoam.com
21. Mechanisms failing to protect against risks of anonymity
Wi-Free client
www.facebook.com
Administrator has blocked
access to Facebook.
User will install proxy
application like Wi-Free to
circumvent corporate
policies
TCP: Port 80
Identified
All the user details are transferred
through Tunneled server.
The Wi-Free application has total
If allowed user
visibility of user information,
will be
credentials, surfing behavior, etc.
successful to
bypass Firewall
Proxy & Protocol
based detection
Wi-Free Tunnel
server//
HTTP protocol
identified
If allowed user
will be
successful to
bypass Proxy
and protocol
detection
User is successfully tunneled to Wi-Free application server
and able to surf www.facebook.com
© Copyright 2013 Cyberoam Technologies Pvt. Ltd. All Rights Reserved. www.cyberoam.com
22. Ineffective ways to block Anonymity
Vendor
Do not consider anonymity risks as
Organizational risk
Frequently releasing applications –
Updated database – with longer time
duration – longer response time to patch
the newly released proxy applications
© Copyright 2013 Cyberoam Technologies Pvt. Ltd. All Rights Reserved. www.cyberoam.com
24. Cyberoam approach towards risks of anonymity
Consider Anonymity risks as
Organizational Threat
Dedicated resources for
Application research and
identify new vulnerabilities
Identify emerging
threats and zero-day
vulnerabilities
Post vulnerabilities
to global bodies
Release
signatures
Cyberoam Threat
Research Labs (CTRL)
© Copyright 2013 Cyberoam Technologies Pvt. Ltd. All Rights Reserved. www.cyberoam.com
25. Cyberoam approach towards risks of anonymity
Cyberoam Security Center
• Malware analysis • Signature updates
Cyberoam
Security Center
Antivirus
Signatures
Web
Categories
IPS
Signatures
Auto-updated security intelligence
Dynamic threat monitoring and response
© Copyright 2013 Cyberoam Technologies Pvt. Ltd. All Rights Reserved. www.cyberoam.com
26. Cyberoam protecting privacy
User (Layer-8)
Deep Packet Inspection &
Application Filtering
Protocol detection
Proxy
Firewall
PORT
IP & MAC
User Mark is using Wi-Free
application that is tunneling
http traffic through port 80
Identifies
Application
Identifies
Protocol
Identifies
Port
Wi-Free application Identified
that tunnels http traffic
HTTP protocol
Port 80
X
X
√
√
Cyberoam Network Security Appliance
© Copyright 2013 Cyberoam Technologies Pvt. Ltd. All Rights Reserved. www.cyberoam.com
27. Cyberoam’s advance application detection model
Packet-based scanning
Inspects single packet to identify
application
Fails to create correlation among
multiple packets to identify
application
Flow-based scanning
Inspects multiple packets to
identify application
Inspects as aggregated information
in the form of flow
Flows provide information and
patterns about network connection
Combination of both Rules and Behavior based inspection
eliminates chances of any security escape
© Copyright 2013 Cyberoam Technologies Pvt. Ltd. All Rights Reserved. www.cyberoam.com
28. Application Visibility & Control
© Copyright 2013 Cyberoam Technologies Pvt. Ltd. All Rights Reserved. www.cyberoam.com
29. Application Visibility & Control
Industry leading coverage
for Visibility & Control over
2000+ key applications
Support for Business & Collaboration applications
Dedicated research team to continuously update
Application signature database
© Copyright 2013 Cyberoam Technologies Pvt. Ltd. All Rights Reserved. www.cyberoam.com
30. Comprehensive database of anonymity applications
Control over combination of
Bandwidth Time
User or
User Group
Application or
Application Category
© Copyright 2013 Cyberoam Technologies Pvt. Ltd. All Rights Reserved. www.cyberoam.com
31. Proactive protection model
Eliminates the need for manual intervention by administrators to update policies for new applications or
applications versions added to the list
Select P2P
Applications
Set Action
Block all future P2P applications without adding
applications manually
© Copyright 2013 Cyberoam Technologies Pvt. Ltd. All Rights Reserved. www.cyberoam.com
32. Protection against Phishing and Fraudulent websites
© Copyright 2013 Cyberoam Technologies Pvt. Ltd. All Rights Reserved. www.cyberoam.com
33. Experience Cyberoam
Link:
http://demo.cyberoam.com
Credentials:
guest /guest
Get a 30 day FREE Evaluation of
Cyberoam Virtual appliance
© Copyright 2013 Cyberoam Technologies Pvt. Ltd. All Rights Reserved. www.cyberoam.com
34. Thank you
© Copyright 2013 Cyberoam Technologies Pvt. Ltd. All Rights Reserved. www.cyberoam.com