DOCSLIB.ORG

Symantec™ Threat Isolation Platform Guide for Administrators

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Symantec™ Threat Isolation Platform Guide for Administrators Symantec™ Threat Isolation Platform Guide for Administrators Version 1.14 August 2020 Guide for Administrators - Revisions Version Date New/Enhanced Features 1.14 August 2020 n Regional Cloud Document Isolation Server n Localization of end user messages n PAC File Security using Zone Internal Settings n HSM Integration n Activity Log Forwarding to Amazon S3 n Log export verbosity level setting n Management portal location change n Deleting Logged Data t Automatic log purging t Manual deletion of Activity / Audit /Event log index files n Monitoring the Management Audit Logs Service n Licensing - license entitlements view n Matching rule using destination port criteria n Selective forwarding based on hostname or URL n Selective Isolation in online service suites t Option to isolate some online services included in online service suites. t Ability to customize the list of suite service URLs n Logging Server Authentication steps n New content action - Altered n RADIUS MFA and Password Complexity n Downstream proxy object - support forwarding of custom headers Symantec™ Threat Isolation Platform Guide for Administrators Page 2 Version Date New/Enhanced Features 1.13 September 2019 n Bandwidth Usage Reduction n Browser's Native Menu Support n Data Criteria Matching in Request Body n Data Leakage Prevention Server Settings integrated in Upload Profile Scan Settings n Document Isolation Actions Policy n Exporting Activity Logs Analytics and Narrow By Filter Results to PDF n Gateway Cluster Time Zone Selection n Geolocation Destination Match Criteria n Isolation Policy for iframes n Inspect Advanced Settings in Download and Upload Profiles n Isolation Indication Custom Color n Keytab Settings Workflow Modifications n Management Users "Terms of Use" Page n Media Quality - Controlling Audio, Video and Image Settings n Mobile Browser Rendering Support n Multiple Organizations n Native Context Menu Support n Prompting End User Before File Download n Request Filters Data Criteria n Rule Editing New Capabilities n SAML Authentication in Management Users n Session Activity Settings n Symantec Cynic Sandbox n Website Subresources Policy in Rule Advanced Settings 1.12 December 2018 n Authentication Connectivity Improvements n Block Page Integration n Clear Authorization Claims n Cloning Objects n Convenient Activation of Report Server n Customized List of URLs in VRM for Grid Rendering n Doc Isolation Viewer: Open File in New Tab n Email Threat Isolation (ESS/SMG) n Enhanced Granularity for Download Scanner Settings n Media Quality n Read-Only Enhancements n Symantec AV Support n Votiro v3.0 Support Symantec™ Threat Isolation Platform Guide for Administrators Page 3 Version Date New/Enhanced Features 1.11 September 2018 n Anti-Bot Protection n Customized Text for Untrusted Certificate Message n Gateway Audit Logs n Management Identity Providers n Management Roles n On-premises Document Isolation Server n SNMP Servers n Trusting Only Imported Certificates 1.10 April 2018 n Application Destination n Downstream Proxy n Easy Gateway Registration n Licensing n Log Forwarding to Apache Kafka n Next Hop Proxy/Server n Risk Levels 1.9 December 2017 n About Symantec Threat Isolation Dialog n License Agreement n New Gateway/PDP Registration n Private Data Processing n SAML IdP Configuration Web n Troubleshooting n Web Application Isolation Mode 1.8 July 2017 n ArcSight CEF Fields Mapping n Management Supported Browsers n Minimum System Requirements n Read-Only Webpages Symantec™ Threat Isolation Platform Guide for Administrators Page 4 Contents 1 Preface 21 1.1 Abstract 21 1.2 Document Purpose 22 1.3 Using this Document 22 1.4 References 23 1.5 Terminology 23 2 Symantec Threat Isolation Solution Overview 25 2.1 Goals and Scenarios 25 2.2 Returned HTML Content 26 2.3 High-level Data Architecture 26 Data Flow 27 2.4 Platform Components 28 2.5 Protection Scenarios 29 2.5.1 Overview 29 2.5.2 Protecting an Organization’s Endpoints from Attack 30 2.5.3 Protecting an Organization’s Web Applications from Attack 32 2.6 Deployment Topologies 32 2.6.1 Overview 33 2.6.1.1Symantec Threat Isolation Explicit Proxy 34 2.6.2 Symantec Threat Isolation Cloud Service 35 Accessing Symantec Threat Isolation Cloud Service from the Organization's Network 35 Accessing Symantec Threat Isolation Cloud Service from Outside the Organization 36 2.6.3 Symantec Threat Isolation with Downstream Proxy Forwarding 37 2.6.4 Symantec Threat Isolation with Block Page Integration 38 Symantec™ Threat Isolation Platform Guide for Administrators Page 5 2.6.5 Symantec Email Threat Isolation 40 2.6.6 Symantec Threat Isolation as Web Application Isolation Gateway Mode 43 2.6.6.1Using a Load Balancer 43 2.6.6.2Not Using a Load Balancer 44 2.7 Cloud Services 45 2.8 How Symantec Threat Isolation Processes Private Data 45 2.8.1 Cookies and Session Data 45 2.8.2 Browsing Logging Data 46 2.8.3 Cloud Telemetry Data 46 2.8.4 Third-Party File Sanitizer Data 47 2.8.5 Document Viewer Data 47 2.8.6 Flash Activation Request Data 48 2.9 Reducing Bandwidth Usage 48 3 Installing the Symantec Threat Isolation Platform 49 3.1 System Requirements 49 3.2 Supported Platforms 50 3.3 Supported Browsers 51 3.3.1 Management Browser 51 3.3.2 Endpoint Browser 51 3.4 Preparing for Symantec Threat Isolation Platform Installation 52 3.4.1 Overview 52 3.4.2 Defining Components Per Machine 52 3.4.3 Defining Networking 54 3.4.3.1TIE Public DNS Name Considerations 55 3.4.3.2Signing the CA Certificate 56 3.4.3.3Prerequisite 58 3.4.3.4Generating the Encrypted Private Key 58 Symantec™ Threat Isolation Platform Guide for Administrators Page 6 Signing the CA Certificate File 60 Using an intermediate CA certificate signed by your organizational root CA 60 Using a self-signed CA certificate 61 3.4.3.5Transferring Encrypted Private Key and CA Certificate File 62 3.5 Installing the Symantec Threat Isolation Platform 62 3.5.1 Overview 62 3.5.2 Preparing the Symantec Threat Isolation Platform Machine 64 3.5.3 Downloading the ISO File and Verifying the MD5 Signature 65 3.5.4 Configuring the Machine for Loading the ISO File 65 3.5.5 Booting the Machine and Starting Installation 65 3.5.5.1Changing the Operating System Password 67 3.5.6 Initializing the Symantec Threat Isolation Platform 67 3.5.6.1Initializing the Symantec Threat Isolation Platform 67 3.5.6.2Initializing the Management Gateway 67 3.5.7 Defining the Management Gateway 68 3.5.8 Defining Symantec Threat Isolation Components 78 3.5.8.1Deciding Where the PDP Will Reside 78 3.5.9 Initializing Gateways 79 Registering the Gateway 80 3.5.9.1Checking Gateway Registrations 82 3.5.10 Associating the CA Certificate with Your Zone 82 3.5.11 Installing the CA Certificate as Trusted Root CA on the Client Side 84 3.5.11.1Deploying the CA Certificate File to the End Users 84 3.5.11.2Installing the CA Certificate in Windows Browsers 84 3.5.11.3Installing the CA Certificate in a Firefox Browser 88 3.5.11.4Installing the CA Certificate on a Mac Machine 88 3.5.12 Verifying the Trusted Root CA in the Endpoint Browser 90 Symantec™ Threat Isolation Platform Guide for Administrators Page 7 3.5.13 Making Sure Third-Party Cookies Are Accepted 90 3.6 Configuring Your Deployment Topology 92 3.6.1 Configuring the Symantec Threat Isolation Explicit Proxy Topology 93 3.6.1.1Editing the Proxy Auto-Configuration (PAC) File 93 3.6.1.2Configuring the PAC File in a Single Endpoint Browser 93 96 3.6.1.3Verifying PAC File Configuration in the Endpoint Browser 96 3.6.1.4Defining Firewall Rules 100 3.6.1.5Defining Firewall Rules for the Cloud Deployment 108 3.6.2 Configuring Symantec Threat Isolation with Downstream Proxy Forwarding 109 3.6.2.1Configuring the Downstream Proxy for Communication over HTTPS 111 Adding forwarding hosts to the downstream proxy 111 SSL Inspection 111 Adding rules to the downstream proxy for HTTPS 111 3.6.2.2Configuring the Downstream Proxy for Communication over HTTP 111 Adding rules to the downstream proxy for HTTP 112 3.6.2.3Defining Firewall Rules 112 3.6.3 Configuring Symantec Threat Isolation with Block Page Integration 118 3.6.3.1Configuring the NGFW/SWG to Redirect Traffic to the Isolation Portal 118 3.6.3.2Placing a Transparent SWG between NGFW and Threat Isolation 118 3.6.3.3Defining Firewall Rules 119 3.6.4 Configuring Symantec Email Threat Isolation 121 3.6.4.1Defining Firewall Rules 122 Symantec™ Threat Isolation Platform Guide for Administrators Page 8 3.6.5 Configuring Symantec Threat Isolation as Web Application Isolation Gateway Mode 125 3.6.5.1Defining Firewall Rules 125 3.6.6 Pushing Settings to the Gateways 127 3.7 Viewing Version and License Information, Credits 127 3.8 Moving Management to a Different Server 128 3.9 Upgrading the Symantec Threat Isolation System 128 3.9.1 Upgrading from Version 1.10 to Version 1.14 128 3.9.2 Upgrading from Version 1.11 to Version 1.14 128 3.10 Performing Shutdown 129 3.11 Performing Backup, Restore and Reset Procedures 129 3.11.1 Backing Up System Data 129 3.11.2 Restoring System Data 130 3.11.3 Resetting a Management User Password 130 3.11.3.1Password Policy 130 3.11.4 Restoring the Default Settings 131 4 Configuring Security Policy Settings 132 4.1 Overview 132 4.2 Defining Security Policies and Rules 134 4.2.1 Menu Search 134 4.2.2 Editing Your Policy 134 4.2.2.1Defining Authentication Profiles 137 4.2.2.2Authentication Mode 138 Proxy Authentication Mode 138 Skipping Authentication when Egress IP Has Been Authenticated139 Server Authentication Mode 140 Skipping Authentication when Egress IP Has Been Authenticated141 Activity Logs
Load more

Recommended publications
  • In Computer Networks, A
    Practical No.1 Date:- Title:- Installation of Proxy-Server Windows Server 2003 What is proxy server? In computer networks, a proxy server is a server (a computer system or an application program) that acts as an intermediary for requests from clients seeking resources from other servers. A client connects to the proxy server, requesting some service, such as a file, connection, web page, or other resource, available from a different server. The proxy server evaluates the request according to its filtering rules. For example, it may filter traffic by IP address or protocol. If the request is validated by the filter, the proxy provides the resource by connecting to the relevant server and requesting the service on behalf of the client. A proxy server may optionally alter the client's request or the server's response, and sometimes it may serve the request wit hout contacting the specified server. In this case, it 'caches' responses from the remote server, and returns subsequent requests for the same content directly . Most proxies are a web proxy, allowing access to content on the World Wide Web. A proxy server has a large variety of potential purposes, including: To keep machines behind it anonymous (mainly for security).[1] To speed up access to resources (using caching). Web proxies are commonly used to cache web pages from a web server.[2] To apply access policy to network services or content, e.g. to block undesired sites. To log / audit usage, i.e. to provide company employee Internet usage reporting. To bypass security/ parental controls. To scan transmitted content for malware before delivery.
    [Show full text]
  • Who Wrote Sobig? Copyright 2003-2004 Authors Page 1 of 48
    Who Wrote Sobig? Copyright 2003-2004 Authors Page 1 of 48 Who Wrote Sobig? Version 1.0: 19-August-2003. Version 1.1: 25-August-2003. Version 1.2: 19-November-2003. Version 1.3: 17-July-2004. This sanitized variation for public release. Scheduled for release: 1-November-2004. This document is Copyright 2003-2004 by the authors. The PGP key included within this document identifies the authors. Who Wrote Sobig? Copyright 2003-2004 Authors Page 2 of 48 Table of Contents Table of Contents................................................................................................................................................... 2 1 About This Document..................................................................................................................................... 3 2 Overview........................................................................................................................................................ 5 3 Spam and Virus Release History..................................................................................................................... 6 3.1 Identifying Tools .................................................................................................................................... 6 3.2 Identifying Individuals and Specific Groups ............................................................................................ 6 3.3 Identifying Open Proxies and Usage........................................................................................................ 8 3.4
    [Show full text]
  • Spam Solutions White Paper
    Spam Solutions White Paper Presented by: Net Sense Net Sense – IT Consulting 1 Phone: 919.870.8889 www.netsense.info Toll Free: 800.642.8360 Spam Solutions White Paper ...........................................................................................1 Spam Problem Overview.............................................................................................3 What Is Spam?.........................................................................................................3 Who Sends Spam?...................................................................................................3 How Is Spam Sent?..................................................................................................4 How Is Spam Identified? .........................................................................................4 What Problems Does Spam Cause?..........................................................................5 Legal Considerations For Business ..........................................................................5 Illegal or offensive content:..................................................................................6 Anti-Spam Laws......................................................................................................7 CAN-SPAM Act......................................................................................................7 How To Avoid Becoming A Spam Magnet..............................................................7 Tips for users:......................................................................................................7
    [Show full text]
  • Botnets, Zombies, and Irc Security
    Botnets 1 BOTNETS, ZOMBIES, AND IRC SECURITY Investigating Botnets, Zombies, and IRC Security Seth Thigpen East Carolina University Botnets 2 Abstract The Internet has many aspects that make it ideal for communication and commerce. It makes selling products and services possible without the need for the consumer to set foot outside his door. It allows people from opposite ends of the earth to collaborate on research, product development, and casual conversation. Internet relay chat (IRC) has made it possible for ordinary people to meet and exchange ideas. It also, however, continues to aid in the spread of malicious activity through botnets, zombies, and Trojans. Hackers have used IRC to engage in identity theft, sending spam, and controlling compromised computers. Through the use of carefully engineered scripts and programs, hackers can use IRC as a centralized location to launch DDoS attacks and infect computers with robots to effectively take advantage of unsuspecting targets. Hackers are using zombie armies for their personal gain. One can even purchase these armies via the Internet black market. Thwarting these attacks and promoting security awareness begins with understanding exactly what botnets and zombies are and how to tighten security in IRC clients. Botnets 3 Investigating Botnets, Zombies, and IRC Security Introduction The Internet has become a vast, complex conduit of information exchange. Many different tools exist that enable Internet users to communicate effectively and efficiently. Some of these tools have been developed in such a way that allows hackers with malicious intent to take advantage of other Internet users. Hackers have continued to create tools to aid them in their endeavors.
    [Show full text]
  • Anonymity, Integrity and Reliability Issues with Open Proxies
    Die approbierte Originalversion dieser Diplom-/Masterarbeit ist an der Hauptbibliothek der Technischen Universität Wien aufgestellt (http://www.ub.tuwien.ac.at). The approved original version of this diploma or master thesis is available at the main library of the Vienna University of Technology (http://www.ub.tuwien.ac.at/englweb/). Anonymity, Integrity And Reliability Issues With Open Proxies DIPLOMARBEIT zur Erlangung des akademischen Grades Diplom-Ingenieur im Rahmen des Studiums Wirtschaftsinformatik eingereicht von Christian Schmidt Matrikelnummer 0325576 an der Fakultät für Informatik der Technischen Universität Wien Betreuung Betreuer: PD Dr. Edgar Weippl Wien, 22.04.2010 (Unterschrift Verfasser) (Unterschrift Betreuer) Technische Universität Wien A-1040 Wien Karlsplatz 13 Tel. +43-1-58801-0 www.tuwien.ac.at Schmidt Christian Loitzbach 10 3240 Mank Hiermit erkläre ich, dass ich diese Arbeit selbständig verfasst habe, dass ich die ver- wendeten Quellen und Hilfsmittel vollständig angegeben habe und dass ich die Stellen der Arbeit – einschließlich Tabellen, Karten und Abbildungen –, die anderen Werken oder dem Internet im Wortlaut oder dem Sinn nach entnommen sind, auf jeden Fall unter Angabe der Quelle als Entlehnung kenntlich gemacht habe. Wien, 20. 04. 2010 (Unterschrift Verfasser/in) i Abstract An open proxy acts as a communication gateway in a network, which can be used without authentication. Client requests are transferred over the proxy as intermediary. Thus, open proxies are a significant danger for security as they cannot only intercept, but also modify data. After a theoretical introduction, this thesis focuses mainly on three research ques- tions. The first deals with proxylists which are available on Internet. What are possible attacks on the integrity of proxylists? In this regard we intend to smuggle in fake prox- ies into proxylists so that the list is useless for its users.
    [Show full text]
  • A Comparative Analysis of Residential and Open Proxies on the Internet
    Received May 6, 2020, accepted May 25, 2020, date of publication June 11, 2020, date of current version June 26, 2020. Digital Object Identifier 10.1109/ACCESS.2020.3000959 Understanding the Proxy Ecosystem: A Comparative Analysis of Residential and Open Proxies on the Internet JINCHUN CHOI 1,2, MOHAMMED ABUHAMAD 1,2, AHMED ABUSNAINA 2, (Graduate Student Member, IEEE), AFSAH ANWAR2, (Graduate Student Member, IEEE), SULTAN ALSHAMRANI 2, JEMAN PARK2, DAEHUN NYANG3, AND DAVID MOHAISEN 2, (Senior Member, IEEE) 1Inha University, Incheon 22212, South Korea 2University of Central Florida, Orlando, FL 32816, USA 3Ewha Womans University, Seoul 03760, South Korea Corresponding authors: Daehun Nyang ([email protected]) and David Mohaisen ([email protected]) This work was supported by the National Research Foundation under Grant NRF-2016K1A1A291275. ABSTRACT Proxy servers act as an intermediary and a gateway between users and other servers on the Internet, and have many beneficial applications targeting the privacy of users, including bypassing server-side blocking, regional restrictions, etc. Despite the beneficial applications of proxies, they are also used by adversaries to hide their identity and to launch many attacks. As such, many websites restrict access from proxies, resulting in blacklists to filter out those proxies and to aid in their blocking. In this work, we explore the ecosystem of proxies by understanding their affinities and distributions comparatively. We compare residential and open proxies in various ways, including country-level and city-level analyses to highlight their geospatial distributions, similarities, and differences against a large number of blacklists and categories therein, i.e., spam and maliciousness analysis, to understand their characteristics and attributes.
    [Show full text]
  • Addressing Malicious SMTP-Based Mass-Mailing Activity Within an Enterprise Network
    Addressing Malicious SMTP-based Mass-Mailing Activity Within an Enterprise Network David Whyte P.C. van Oorschot Evangelos Kranakis Abstract Malicious mass-mailing activity on the Internet is a serious and continuing threat that includes mass- mailing worms, spam, and phishing. A mechanism commonly used to deliver such malicious mass mail is an SMTP-engine, which turns an infected system into a malicious mail server. We present a technique that enables, in certain network environments, detection and containment of (even zero-day) SMTP-engine based mass-mailing activity within a single mailing attempt. Contrary to other mass- mailing detection techniques our approach is content independent and requires no attachment processing, statistical measures, or system behavioral analysis. It relies strictly on the observation of DNS MX queries within the enterprise network. Our approach can be used as an alternative to port 25 blocking and in conjunction with current proposals to address mass-mailing abuses (e.g. SPF, DomainKeys). Our analysis on network traces from a medium sized university network indicates that MX query activity from client systems is a viable SMTP-engine detection method with a very low false positive rate. Our detection and containment approach has been successfully tested with a prototype using a live mass- mailing worm in an isolated test network. 1 Introduction Internet users are inundated by a steady stream of emails infected with malicious code (mass-mailing worms and viruses), unwanted product advertisements (spam), and requests for personal information from criminals masquerading as legitimate entities to enable the commission of fraudulent activity (phishing). The use of gateway anti-virus (and per client) software and spam filters offers some measure of protec- tion.
    [Show full text]
  • An Extensive Evaluation of the Internet's Open Proxies
    Last updated: June 28, 2018 DRAFT – Please visit https://bit.ly/2ItDbPE for latest version An Extensive Evaluation of the Internet’s Open Proxies Akshaya Mani∗1, Tavish Vaidya†1, David Dworken2, and Micah Sherr1 1Georgetown University 2Northeastern University Abstract been (mis)used for malicious purposes, including (but not lim- ited to) sending spam, injecting ads, and serving as stepping Open proxies forward trac on behalf of any Internet user. stones for various attacks [38, 46]. But open proxies have also Listed on open proxy aggregator sites, they are often used to been used for far less nefarious reasons, including circumvent- bypass geographic region restrictions or circumvent censor- ing censorship eorts. More generally, they permit accessing ship. Open proxies sometimes also provide a weak form of otherwise inaccessible information and, controversially, can be anonymity by concealing the requestor’s IP address. used to bypass regional content lters (e.g., to watch a sporting To better understand their behavior and performance, we event that, due to licensing restrictions, would otherwise not conducted a comprehensive study of open proxies, encompass- be viewable). Importantly, along with VPNs, proxies have been ing more than 107,000 listed open proxies and 13M proxy re- suggested as a means of enhancing Internet privacy and pro- quests over a 50 day period. While previous studies have tecting browsing history in the face of the recent expansion of focused on malicious open proxies’ manipulation of HTML data collection rights by U.S. Internet service providers [30]. content to insert/modify ads, we provide a more broad study An interesting related question, and one that unfortunately that examines the availability, success rates, diversity, and also has not undergone rigorous study, is why the owners of open (mis)behavior of proxies.
    [Show full text]
  • 48-ELS-CHE Vacca-1630286 CH066O 101..122
    Chapter e66 Content Filtering Pete Nicoletti, CISSP, CISA, CCSK Director of Security Solutions and Compliance at Virtustream, Inc. 1. DEFINING THE PROBLEM G Higher costs as additional bandwidth is purchased to support legitimate and illegitimate business applications No one can deny that the Internet is one of the greatest G Network congestion; valuable bandwidth is being used inventions of the late 20th century. It has touched many for nonbusiness purposes, and legitimate business aspects of our everyday lives including, how we commu- applications suffer nicate, how we conduct business, or simply how we G Loss or exposure of confidential information through entertain ourselves. While there are many legitimate uses chat sites, nonapproved email systems, IM, peer-to- for the Internet like, social networking, entertainment, peer file sharing, etc. and work, there are also some very serious risks, some of G Infection and destruction of corporate information and which include: spam, viruses, worms, Trojans, keystroke computing resources due to increased exposure to loggers, identity theft, and Internet scams. While these Web-based threats (viruses, worms, Trojans, spyware, risks have the potential to impact us all, businesses today etc.) as employees surf nonbusiness-related Web sites. have some very unique risks when it comes to leveraging G Legal liability when employees access/download inap- the power of the Internet: propriate and offensive material (pornography, racism, G Loss of productivity etc.) G Sensitive data loss through intentional and uninten- G Copyright infringement caused by employees down- tional means loading and/or distributing copyrighted material such G Application performance issues caused by bandwidth as music, movies, etc.
    [Show full text]
  • NIST SP 800-45 Version 2, Guidelines on Electronic Mail Security
    Special Publication 800-45 Version 2 Guidelines on Electronic Mail Security Recommendations of the National Institute of Standards and Technology Miles Tracy Wayne Jansen Karen Scarfone Jason Butterfield NIST Special Publication 800-45 Guidelines on Electronic Mail Security Version 2 Recommendations of the National Institute of Standards and Technology Miles Tracy, Wayne Jansen, Karen Scarfone, and Jason Butterfield C O M P U T E R S E C U R I T Y Computer Security Division Information Technology Laboratory National Institute of Standards and Technology Gaithersburg, MD 20899-8930 February 2007 U .S. Department of Commerce Carlos M. Gutierrez, Secretary Technology Administration Robert C. Cresanti, Under Secretary of Commerce for Technology National Institute of Standards and Technology William Jeffrey, Director Reports on Computer Systems Technology The Information Technology Laboratory (ITL) at the National Institute of Standards and Technology (NIST) promotes the U.S. economy and public welfare by providing technical leadership for the Nation’s measurement and standards infrastructure. ITL develops tests, test methods, reference data, proof of concept implementations, and technical analysis to advance the development and productive use of information technology. ITL’s responsibilities include the development of technical, physical, administrative, and management standards and guidelines for the cost-effective security and privacy of sensitive unclassified information in Federal computer systems. This Special Publication 800-series reports on ITL’s research, guidance, and outreach efforts in computer security, and its collaborative activities with industry, government, and academic organizations. National Institute of Standards and Technology Special Publication 800-45 Version 2 Natl. Inst. Stand. Technol. Spec. Publ. 800-45 Version 2, 139 pages (Feb.
    [Show full text]
  • An Extensive Evaluation of the Internet's Open Proxies
    An Extensive Evaluation of the Internet’s Open Proxies Akshaya Mani∗ Tavish Vaidya∗ Georgetown University Georgetown University [email protected] [email protected] David Dworken Micah Sherr Northeastern University Georgetown University [email protected] [email protected] ABSTRACT 1 INTRODUCTION Open proxies forward traffic on behalf of any Internet user. Listed Open proxy servers are unrestricted proxies that allow access from on open proxy aggregator sites, they are often used to bypass geo- any Internet user. Open proxies are fairly prevalent on the Internet, graphic region restrictions or circumvent censorship. Open proxies and several websites are devoted to maintaining large lists of avail- sometimes also provide a weak form of anonymity by concealing able open proxies. In contrast to VPNs [29] and some (but not all) the requestor’s IP address. anonymity systems, open proxies are generally easy for users to To better understand their behavior and performance, we con- use, requiring only minimal configuration changes (e.g., adjusting ducted a comprehensive study of open proxies, encompassing more “network settings”) rather than the installation of new software. than 107,000 listed open proxies and 13M proxy requests over a 50 As surveyed in this paper, there is a variety of types of open prox- day period. While previous studies have focused on malicious open ies, with differing capabilities. This leads to variation in how proxies proxies’ manipulation of HTML content to insert/modify ads, we are used in practice. Clearly, open proxies have been (mis)used for provide a more broad study that examines the availability, success malicious purposes, including (but not limited to) sending spam, rates, diversity, and also (mis)behavior of proxies.
    [Show full text]
  • Understanding Open Proxies in the Wild
    Understanding Open Proxies in the Wild Will Scott, Ravi Bhoraskar, and Arvind Krishnamurthy fwrs, bhora, [email protected] University of Washington Abstract is simple enough that many different implementations have emerged, with regional communities forming around This paper conducts an extensive measurement study of them. Web proxies also have a wide charter compared open proxies to characterize how much these systems are to many other protocols. The same software is used to used, what they are used for, and who uses them. We offload popular requests from popular web servers, to re- scanned the Internet to track proxy prevalence and mon- duce costs and validate traffic leaving organizations, and itored public statistics interfaces to gain insight into the to improve the speed of accessing the web on airplanes. machines hosting open proxies. We estimate that 220 TB of traffic flows through open proxies each day, making them one of the largest overlay networks in existence. We While open proxies have been around for nearly 20 find that automatic traffic taking advantage of multiple years [16], and a rich ecosystem thrives around their use, vantage points to the Internet overwhelms the traffic of we know little about them. There are few verified statis- individual ‘end users’ on open proxies. We present a char- tics on how many open proxies are on the Internet, or acterization of the workload experienced by these systems how much traffic is served by these systems. We have that can inform the design of future open access systems. even less insight into how these systems are used.
    [Show full text]