#infosec #gdi #bigdata Anonymizing proxies are on the rise.
Proxy sites have proliferated considerably in the past few years due to availability of open source tools, which allow a proxy site to be created quickly and easily. This phenomenon emerged around 2002, when there were only a few sites offering anonymizing services. Now there are over 100,000 registered anonymous proxy sites, an estimated 300,000 home based anonymous proxies, and given the open source nature of the software, there are hundreds of new ones created every week.
-- Anonymous Proxy: A Growing Trend in Internet Abuse, and How to Defeat It
It’s a growing “threat”, so they say, this increase in the number of registered (and one assumes heavily used) anonymizing proxies. Tor is likely the most recognizable of these, but there are many others. The question is, is it a threat to your organization?
It could be. It might not be. Anonymizing proxies are used for legitimate purposes as well as less honorable ones. From concerns regarding censorship to competitive data mining to probing (and exploiting) vulnerabilities, anonymizing proxies are particularly troubling because they by definition obscure identity and thus often intent.
While the use of a web application firewall can ferret out malicious actions even when filtered through chains of anonymizing proxies, they cannot necessarily prevent competitive data mining or other potentially non-destructive but equally damaging business-related “attacks.”
The question whether IT should be concerned or not is ultimately a business and operational question for each organization. A blanket answer of “yes” or “no” is inappropriate given the vast differences in business models and ways in which organizations interact digitally with its customers.
What can be unequivocally stated is that if you are concerned and want to do something about it, or at least want to track their usage, you must first be able to recognize them. Doing so requires the ability to extract the context of a request and match it against a known list of anonymizing proxies. Given the known 100,000 plus registered such proxies, maintaining such a list seems a formidable task. Realizing there may be more than 300,000 home-based anonymous proxies makes it seem impossible.
Such information is tracked, however, and it is available somewhere “out there” on the Internet. It’s a part of the massive data sets commonly referred to as “big data” that exist but are generally unusable to IT except as a means to generate some other formatted list from which security policies might be created.
If there were a way to harness that big data, those lists of anonymous proxies, such that a connection through one to any or specific applications might be identified at the time it occurs, that would be valuable. What one might do with some information would depend on the organization, but simply having the information – being able to act on it, if necessary or required – would be a boon to IT in the form of faster reaction time. The availability of such information as a service, a frequently updated and externally maintained black-box service, would be even more valuable as it would ensure that the rapid proliferation of such sites would be available immediately without requiring manual synchronization of data sets by IT operations.
This is one just one of the ways in which “big data” might be harnessed by IT operations, through a service-based integration that puts the information IT needs to make real-time decisions in the hands of IT by making it immediately available to the infrastructure.
Should you be concerned about the other Anonymous? Perhaps, perhaps not. What is certain is that you would be better able to determine the level of concern (if any) required by your organization if you knew about and could gather your own information about how such connected users might be interacting with corporate resources.
Because knowing is half the battle. The rest is corporate policy.
Latest F5 Information