This tip originally appeared on SearchSecurity.com.
Web anonymizers can be beneficial in preventing employees from accessing specific Web sites while on your network. However, when employees use anonymizers, they become dangerous. Anonymizers can be misused to evade corporate firewalls, defeating your efforts to stop employees from accessing their personal email accounts and engaging in inappropriate – and sometimes illegal – Web surfing to pornography and gambling sites. In some cases, employees use anonymizers to hide businesses they're running on company time and company servers, lowering their productivity and eating up precious bandwidth. Misuse of Internet access through anonymizers, whether mischievous or malicious, can open your company up to liability and expose your network to malware and intrusions.
What are anonymizers?
An anonymizer is a proxy that hides a user's real IP address – in this case, your company's IP address – from the Internet. It is software installed on the client that creates a virtual proxy that links either with a proxy network or to a public proxy server. There are hundreds of public proxies listed on the Web, some of which anonymizers are tuned to call.
Many enterprises with heavy-duty firewalls use proxies to control traffic into and out of their network. The proxy is the gateway between the company's internal network and the Internet, and can be configured to block certain traffic, inappropriate Web sites or any activity the company deems malicious. As long as your users have Internet access, the anonymizer's request to a public proxy outside your network appears on your Web logs as just anot
To continue reading for free, register below or login
To read more you must become a member of SearchEnterpriseDesktop.com
her innocent request to a seemingly innocuous Web site. That makes it tricky to detect and block anonymizers on your network. So what can you do to find anonymizers and protect your network? Let's look at some options.
Detecting anonymizers
Web content filtering products, like Websense and Blue Coat, can be configured to detect users trying to download software, inappropriate or otherwise, and then tuned to block them. It's easy to tune any content blocker to watch for the two main anonymizer products: Anonymizer from Anonymizer, Inc. and Tor from the Electronic Freedom Frontier (EFF) Organization. But there are also dozens of other lesser-known, free products available on the Web that are harder to fingerprint and weed out. So, besides blocking content, you can detect them indirectly by reviewing intrusion detection system (IDS) logs for unusual traffic. This can point to malicious use of your network possibly caused by anonymizer use. A routine analysis could point to a desktop with an anonymizer installation.
Blocking anonymizers
As for preventing their use, with careful planning, you can block elusive anonymizers from causing trouble on your network. The following are some steps, short of the draconian measure of stripping Internet access from all your employees:
About the author
Joel Dubin, CISSP, is an independent computer security consultant in Chicago. He is a Microsoft MVP, specializing in Web and application security, and the author of The Little Black Book of Computer Security available from Amazon. As an expert for SearchSecurity.com, Joel is available to answer your questions on identity and access management.
