close
Add To Bookmark

What Are The Risks Of Using Anonymous Proxies?


By NIIT Editorial

Published on 07/11/2021

8 minutes

Over the years, anonymous proxies have grown to become one of the leading security threats to corporations, educational institutions, other institutions, and individuals around the globe.

There has been a dramatic increase in the number of anonymous proxy services available over the past year. Over 100,000 registered websites and about 300,000 privately owned, home-based websites offer anonymity services today. The phenomenon originated in 2002 when a few dozen sites offered anonymous access to Internet resources.

An increase in the number of users desiring these services is the principal cause of this dramatic increase. It has become increasingly popular for individuals to charge users a monthly fee for anonymity services in order to make money. 

This may be because of technological advancements. Anonymizer software is now open-source, making web-based proxy services available to anyone who wants to use them. It is now possible for even non-technical users to create anonymous proxies on the fly with this new open-source approach. In this way, Internet filters are bypassed on newly created or home-based websites that use these proxy servers.

A Description Of How Anonymous Proxies Work

The most popular and effective way to bypass Internet filters is to use anonymous proxies. A proxy Anonymizer site appears as an unblocked web page and allows users to enter any URL in a form. The proxy server will retrieve the web page even if the organization's Internet filter blocked the access when the form is submitted. 

There Are Two Main Methods Of Accessing Open-Source Anonymous Proxies:

While you go through risks associated with them, it is better to enroll in cyber security pg course, cyber security diploma course, information security courses to master the methods of anonymous proxies. 

A CGI-based Proxy: CGI Scripts can access any resource available on the server from which they are running. To retrieve an HTML resource from a proxy, all links must point back to that proxy, including images and submissions. Many configurable options include text-only support, SSL support, selective cookie and script removal, simple ad filtering, server access restrictions, and custom URL and cookie encoding.

Proxy for PHP:  You can easily install Web HTTP proxy scripts written in PHP on PHP-enabled web servers. CGI-proxy is very similar to PHP-proxy in terms of its web interface. Through it, users can bypass and access firewalls and other content filter restrictions by using the web server as a proxy.

Anonymous Proxies Pose Risks

Risks associated with anonymous proxies include:

  • They often permit students to access inappropriate and potentially harmful sites, and a data pattern is deemed unacceptable by their schools' Internet policies.
  • Organizations are exposed to drive-by spyware, viruses, and trojans.
  • As a result, users are at risk of identity theft, pharming, and phishing attacks.
  • Organizations are exposed to information theft and attack pattern.
  • Providing anonymity to those abusing corporate resources (e.g., workers using company systems for illegal activities, posting inappropriate content, etc.).
  • Web filters do not monitor users’ online activities and look at an attack pattern.

Inappropriate Internet Usage Dominates The Headlines

The United States Congress passed the Children's Internet Protection Act (CIPA) in December 2000 for the schools and libraries to not have access to any offensive materials on the Internet. 

The CIPA clearly states that schools and libraries must have a data pattern and technology protection measures to protect the students against any obscene, child pornographic, and other harmful images that may be displayed on computers with Internet access. 

These excerpts illustrate the anonymous threat proxies pose from the perspective of enforcing Internet use policies in corporations and educational institutions:

An Aspect Of Malice

Based on a study of publicly available anonymous proxy servers, 5% of these servers contained and had access to malicious content. It was discovered that a server directory and data pattern contained infected files, such as trojans, script viruses, and exploits, spyware, and adware.

An Aladdin CSRT vulnerability analysis revealed that 70 percent of 1,000 anonymous proxy websites tested were vulnerable to remote code execution and cross-site scripting attacks. 

Defeating anonymous proxies

Organizations can block anonymous proxy access in several ways:

  • If we believe the estimates, nearly 40% of these websites are inaccessible by analyzing form methods and meta tags.
  • By using pattern-based detection and HTTP header analysis, organizations can identify requests for anonymous proxies in real-time. Hence, it protects them against circumvention and anonymization techniques.
  • An analysis showed that only 5% of the SSL-enabled anonymous proxies had valid certificates. The rest of the credentials were expired, self-signed, matched incorrectly, or otherwise doubtful. One can prevent access to an SSL-enabled website by validating the SSL certificate and ensuring the certificate issued is a trusted source.
  • An ‘uncategorized’ filter is often included in URL-filtering products (as sites not covered by the product). It cannot access an anonymous proxy server installed on a home computer through this filter.

Conclusion

Malicious anonymous proxy servers will continue to grow in number, which may pose a severe threat in the future. Anonymous proxies are becoming increasingly popular, and sites that offer anonymous proxy services are multiplying rapidly, increasing security concerns as most of these sites are vulnerable to high severity attacks. 

The number of phishing and social engineering attacks to get users to use or install anonymous proxy services will increase exponentially. A reliance on list-based and reactive security systems and continuously chasing updates will prove increasingly unreliable.

 



PGP in Cybersecurity

Become an industry-ready StackRoute Certified Cybersecurity Specialist. This program transforms learners with no Information Technology background into cybersecurity specialists. This is a Job-Assured Program with a minimum CTC of ₹ 4LPA*

Job Assurance*

Flexible Payment Option

Top