A Real Threat to Your Business Network: Anonymous Proxies

Network managers and administrators face a steep uphill battle in effectively monitoring and managing network resources and controlling unwanted traffic. To keep their network safe, organizations have invested time and resources in developing appropriate network usage policies and implementing firewalls, URL filters and intrusion detection solutions. But just as organizations plug one network security gap, another opens up.

Anonymous proxy servers and applications pose one of the most pervasive threats to network security and performance. Anonymous proxies allow users to easily bypass an organization's network usage policies and to do so while going completely undetected by firewalls and filters. New anonymous proxies become available every day, which makes it extremely difficult for an organization to block their access.

Anonymous proxies create the opportunity for users to access improper, banned or illegal sites, content and applications that may expose an organization to legal or regulatory consequences. Anonymous proxies also jeopardize the security and privacy of users and data by creating a security gap through which malicious traffic including malware and Trojans can gain access to the network.

Anonymous proxy traffic may also degrade network performance and slow the response times for critical applications. When unwanted applications are allowed to circumvent usage policies and consume bandwidth intended for legitimate business applications, productivity suffers and the entire organization may be put at risk.

How can organizations overcome the challenges of identifying and controlling anonymous proxy traffic on the network?  The solution may lie in next generation shaping appliances.

Anonymous Proxy Servers

An anonymous proxy server is intended to conceal a user's identity. One of the more common approaches is the open proxy. An open proxy is a proxy server that can be accessed by any Internet user. Anonymous open proxies allow any user of the Internet to conceal his or her IP address, identity and location from the service being accessed. The server receives requests from the "anonymizing" proxy server, and thus does not receive information about the "true" end user's IP address.

Many anonymous proxy servers are funded through advertising. For example, a site might allow users to evade organizational restrictions by providing encrypted HTTPS access to blocked Web sites such as MySpace, newsgroups, email or instant messaging. In exchange for providing this service, an ad is displayed to the user and cannot be removed unless the user pays to subscribe to the service.

Open proxies are very difficult to track which makes them especially useful to anyone seeking online anonymity - from political dissidents to grade school and university students to computer criminals.

While many users of anonymous proxies are motivated by a desire to protect their personal privacy online and mean no harm to an organization's network, others may have more sinister motives for wanting to hide their identities. Hackers often make anonymous proxies available to users in order to bypass firewalls and create a backdoor into the user's network. Once a backdoor has been created, hackers can exploit this security gap to collect personal information such as credit card numbers, passwords or sensitive organizational data.

In this scenario, the proxy acts like a Trojan horse, which appears to perform a desired function for the user but at the same time facilitates unauthorized access to the unwitting user's network and computer system. Once a proxy application or script is installed on the user's internal system, it can work in the background silently and undetected.

Given the very real threat of cybercrime and the loss of sensitive data, it is in the best interests of organizations to find a simple and effective means to detect and control anonymous proxy server traffic.

Anonymous Proxy Applications

There is also a wide array of anonymous proxy applications available online that are designed specifically to bypass an organization's firewall or filtering rules. There are literally thousands of anonymous proxy applications available to savvy users with new applications appearing each day. The sheer number makes it difficult for network administrators - already under pressure to conserve bandwidth for critical applications - to keep up.

Perhaps even more alarming is the growing sophistication of anonymous proxy servers and applications, which employ an arsenal of different evasive techniques. For example, proxy servers will constantly change their IP addresses - an anonymous proxy site may come online one hour and be gone the next.

Anonymous proxy servers and so-called "anonymizers" may use tunneling, encryption, encapsulation or other means to avoid detection and allow a user to access restricted sites or applications.

Why Should Organizations Care?

Anonymous proxies place a constant burden on network administrators and IT staff, but they are not merely an IT problem. They may have serious and wide-ranging implications for an organization including:

• Compliance breaches that exposes an organization to regulatory or legal consequences
• Security holes that expose the network to malware, Trojans and other threats
• Loss, theft or exposure of sensitive or confidential information
• Increased costs through unwanted and unrestrained bandwidth usage
• Network performance issues that lead to unacceptable application response times and diminished employee productivity
• IT resources, time and effort diverted from more important strategic initiatives
• Potential damage to an organization's reputation that can be difficult to repair

Given the risks, organizations simply cannot afford to allow users to bypass the security measures and policies they have put in place to restrict access to unwanted Web sites and applications.

To address the threat of anonymous proxies, organizations must be able to:

1. Detect anonymous proxy traffic on the network

2. Leverage application signatures to categorize network traffic

3. Implement network usage policies to shape traffic

Summing Up

Today's networks are under siege. Legitimate business applications now compete with

Facebook, MySpace, YouTube and P2P applications like BitTorrent, Limewire and Kazaa for a limited amount of available bandwidth. Unwanted recreational traffic places a strain on networks that are already under pressure to deliver business applications.

When users deliberately circumvent network usage and security policies using anonymous proxies, it can create serious application delivery challenges for network administrators. More concerning are the potential security risks and dangers associated with anonymous proxies. Organizations have every right to ask why a user needs to be anonymous if he or she isn't doing anything wrong.

Every day, anonymous proxy servers and applications enable savvy users to access blocked sites - games, chat rooms, instant messaging, social networking and offensive content such as Internet pornography. Even if the user doesn't mean any harm to the organization, anonymous proxy server sites are often run by untrusted third parties that may have questionable intentions.

By providing visibility into all traffic on the network including anonymous proxy traffic, next generation traffic-shapers help organizations maintain appropriate network usage policies and make the most of their available bandwidth. With these next generation traffic-shaping appliances, network administrators have a way to detect and control unwanted and potentially malicious traffic so that application performance and security are preserved.