RealTime IT News

Security Players Take Aim at Anonymous Proxies

A core element of good network policy is the ability to understand who users are and where they are going. Yet in businesses and schools everywhere, some users try to circumvent identification by using techniques that can, in some cases, anonymize their traffic.

To combat the issue, a new generation of filtering technology is being rolled out by vendors to identify when users are using Web proxies to cover their tracks if they're up to no good.

It's an issue that affects all classes of technology users, and if not caught, could bring a network to a standstill, experts warn.

"A single filter-avoidance technique can blow apart an entire Internet usage policy," Joe Lowry, director of channel development at Web security gateway vendor Cymphonix, told InternetNews.com. "People that are able to download large files can be disruptive for organizations, and we feel that the filter avoidance issues are huge."

The news comes as the latest way that managers of business networks are seeking to strike a blow against the unprecedented threats they face. While the security and networking industries are busily developing and promoting new tools and innovations like Network Access Control to combat internal and external threats, data thieves and mischief-makers are growing ever more sophisticated.

But the threat posed by anonymous surfers is one area the industry may be near locking down. Cymphonix is set to release anonymous proxy protection next week for its network composer gateway security appliances. Web filtering vendor Webroot is also getting into the same approach with its Dynamic Anonymizer and Proxy Bypass technology in the new Webroot Web Security SaaS release this week.

"Dynamic Anonymizer and Proxy Bypass are a significant problem and have traditionally and primarily been a severe problem in the education sector," Bryan Czarny, vice president of solutions marketing at Webroot, told InternetNews.com.

"With the rise of Web filtering adoption in the workplace, however, we are seeing a considerable increase in the use of these methods, and it is now becoming more mainstream," he said. "The average Internet user can now build their own proxies that are not on any URL list. There are even instructions available on the Web, including on YouTube, to build these proxies for the explicit purpose of bypassing Web filtering solutions."

Web acceleration and security vendor Blue Coat is also active in the anonymous proxy detection space, though it still sees more avoidance-related issues in the education area than in others.

"Visit any K-12 school environment and be prepared for the continuous efforts by students to get around any and all Web gateway controls," Tom Clare, senior product marketing manager at Blue Coat, told InternetNews.com. "However, this changes in college as most Web gateways are fairly open, and then in work environments, an employee's career and job is at risk for violating Web usage policies, the issue becomes smaller."

There are a number of different techniques that the vendors use to identify users that don't want their Web activities to be identified. Willy Leichter, director of product marketing at security vendor Websense, noted that the his company's Web Security Gateway analyzes Web traffic in real time, instantly categorizing new sites and dynamic content, proactively discovering security risks and blocking dangerous malware.

Blue Coat's Clare said his company attacks the problem using WebPulse, a "community watch"-style cloud service that continuously updates WebFilter for malware hosts, phishing, reputations, Web content and Web applications, such as anonymizers.

At Webroot, Czarny said his firm decrypts URLs that can be hidden and then applies the appropriate policy, preventing users from going to sites that should be blocked.

For Cymphonix, Lowry noted that it treats proxy avoidance much the same way it deals with viruses, constantly updating its appliance for new approaches.

He explained that Cymphonix uses two layers of proxy detection. One of them is for recognizing hardware-based proxies, in which users are moving traffic over non-filtered and non-standard ports. The other is for the identification of Web-based proxy services, which Cymphonix determines with the help of its content analysis system.

Even though anti-proxy and filtering technology is part of Cymphonix's appliance, not all of its customers -- many of whom, like hotel giant Marriott, are in the hospitality industry -- are likely to take full advantage of the technology.

"The hospitality clients are not using the filtering component as much as others," Brent Nixon, Cymphonix's president, told InternetNews.com. "They actually have a legal liability to not know what a particular room is doing. They're using as more as a traffic prioritization tool."