Being Invisible on the Internet
Today there is a match between India and Australia. You got an SMS from your friend that India need 10 more runs in the last over to win. You try to open Cricinfo.com from your office and…. guess what!!!… "The web site was restricted by the rule 'Block Access Rules\Block - Sports & Cricket. Your attempt to access this site has been recorded. Please contact the IT Helpdesk if you need access to this site for business purpose".
Now the next thought that comes to mind is to by pass the rules!!! You want to access Cricinfo.com and at the same time don’t want to be tracked for your Internet activities. Here comes in the idea of being invisible on the Internet using the magical phenomenon of Anonymous Browsing.
When accessing any website, the Web server keeps some information to track the client. The Client shares its IP and other information to establish a connection with the server. Web server also creates and access cookies on the client machine and uses all these information to track the user.
Anonymous browsing is a normal web browsing method in which most of the user’s identity is hidden. Anonymity can be achieved by using proxy tools, here in the user’s IP address is shared with the anonymous proxy server only. The Proxy server creates a connection with the target site on the behalf of the user. In this case only the proxy server’s identity is shared with the Web server. The Proxy server hides the user’s identity by redirecting communication through itself. A good anonymous proxy server creates a SSL or TSL tunnel with the anonymous surfer.
What are these restrictions?
- Internet Censorship
Censorship is a mechanism used by the Government to achieve counter intelligence by deleting or restricting any information of value to the enemy or is against the country.
Intent Censorship is control or suppression of the publishing or accessing of information on the Internet. The Government blocks or bans websites to ensure the country’s security and harmony.
- Region based Restrictions
There can be two types of region based restrictions:
- No access for the outside countries or continent. For example pandora.com cannot be accessed outside of the US.
- Access is restricted for the countrymen. For example Facebook is banned in Iran.
- Restrictions by organizations or institutes
Most organizations or institutes restrict their employees or students from accessing the unnecessary sites like Facebook, Cricinfo or pornographic sites. Normally these sites are blocked by firewall or other traffic filtering device.
Case Study: Tor
Tor is an open source system designed for online anonymity. Tor is an implementation of onion routing, connected through a network of systems run by volunteers across the globe. The Tor system is composed of a client software and network of servers to relay encrypted traffic. Tor client allows users to anonymise their IP. For example if you are accessing google.com then Google will record your IP and other information and one can be tracked by this information. In case of Tor, Google will record Tor’s IP and your identity will be hidden.
Whatismyip.com shows your IP address for the Internet. For testing anonymity achieved by Tor, you can check your public IP before and after running Tor. The IP shown by whatismyip.com will be different after running TOR. As soon as you start Tor client, it connects user to an anonymous network. It assigns a random IP to the user from different continent. Now if you try to open google.com, Google may present Google Indonesia or Google America’s index page depending on the IP assigned by the Google. It clearly shows Google is identifying you as an Indonesian or American which is not your true identity on the Internet.
Whatismyip.com page before and after running Tor
IP Address before running Tor (IP from India)
IP Address after running Tor (IP from Germany)
Google’s home page before and after running Tor
Google India Page (Before running Tor)
Google Deutschland Page (After running Tor)
Onion routing is a network of multiple relay routers that only knows the IP of last connecting node and nothing behind it. Onion router gets the encrypted message with next hop’s address only. This way none of the nodes can track down the user.
Combating with Proxy Tools
There is no perfect way to block anonymous servers. They keep changing user’s IP to ensure true anonymity. Blocking number IPs though belonging to volunteers is not the best way to combat proxy tools. Still there are some ways to detect proxy servers.
Organization should audit employees Desktops or Laptops for proxy tools. It should happen periodically and randomly.
Administrator should use a utility to monitor clients. There are number of utilities available in market to serve this. With the help of these utilities, the administrator can remotely monitor what all programs or processes are running on any machine in the organization.
There are few Nessus plugins are available in the market which can detect well known tunneling tools. Here is the link to the reference page.
Pros and Cons of Anonymous Browsing
- Protects online privacy & helps in hiding identity.
- Freedom of accessing restricted useful information.
- Keep user‘s session untraceable.
- Bypass Internet Censorship.
- Cyber criminals can be untraceable.
- Children can use anonymous proxies to access inappropriate contents.
Manish Chasta is a CISSP and Certified Digital Evidence Analyst, working with Paladion Networks as Senior Security Consultant.