In recent days a number of music companies have secured court orders in Ireland which will prevent customers of certain ISPs accessing Pirate Bay. The hope is that it may prevent the illegal downloading of music and other copyrighted material. Blocking access to certain websites is not a new phenomenon. I am sure we have all sat behind a corporate filter at some point which prevented access to certain websites during working hours. However, blocking websites, especially at a state level, increases the interest and use of ways around these filters. While it all may seem like harmless fun and maybe even a challenge, technologies and services used to circumvent filters can create security risks and increase the attack surface of your computer and network.
For this blog post, I am going to take a look at the most popular ways around filters. There are many options out there including the tunneling of traffic over protocols like SSH and DNS. However, these are not that popular as they require lots of technical knowledge to get them working. For the ones that I take a look at I am rating them on a scale of 1 to 10. Anything near 10 means avoid and steer well clear of as they are dangerous and may cause harm.
Copies of the original website
Taking down websites is sometimes like weeding your garden. As soon as you have pulled them all up and turned your back, a thousand more will have taken their place. When websites are shutdown or blocked, people immediately start searching for an alternative to get around the filters. While some of these websites may be okay, the majority will be a source of malware. You should always be very wary of any website which purports to be a copy of another. The logos and download links may look the same but instead of downloading the latest movie release, you may end up with a dodgy copy which wont play unless you buy a non-existent video codec.
Anonymizers come in different forms but the most popular just use a web form where a user types in the website that they need to access. The network protocols running between the user’s PC and the anonymizer site are still HTTP/HTTPS. Once the anonymizer gets the request it will go off and retrieve content from the desired website and send it back to the user. As far as a web filter is concerned the user is not accessing the ‘banned’ site. Most filters will block access to these sites but new alternatives are always coming on line so it can be a time consuming task keeping lists up to date. You can even use language translation services to do a similar task, just enter in the website you want to access and the translation service will serve it back to you.
The problem with some of these services is that you don’t know who is running the sites. In some cases they may be capturing your data or in others they may be a source of malware. Whenever you use a search engine, the results may include services that these sites are affiliated with. At the end of the day they have to make money some way and its normally done by messing with your web browsing session.
A proxy server is simply an application that acts as an intermediary between a user and the website they are trying to get to. Proxy servers are often deployed on corporate networks to cache data and provide a single point for Internet access. Proxy servers differ from anonymizer services as a different protocol is used to communicate between the clients and the proxy server. A simple search using your favourite search engine will return lots of results for open proxy servers on the Internet.
The problem with proxy servers out on the Internet is that you may not know who is running them. They may be capturing sensitive data so unless you only want to check out a newspaper or something I would suggest you avoid these services unless you know exactly who is running them and what their security policy is. Another trend which is taking off at the moment is the deployment of personal proxies in the cloud. Many cloud providers offer free personal plans so it’s easy to use this service to host your own proxy which can be accessed from anywhere in the world.
Anonymity networks differ from anonymizers in that your computer remains part of the network even after you have finished browsing the Internet. Most anonymity networks involve the installation of a client and your request to browse a site is routed though many layers which is called onion routing. The connections between your connection and the anonymity network are encrypted which is why Internet filters cannot block sites when they accessed this way.
When it comes to security, the problem with these services is that your data must leave the network via an exit node. If someone is monitoring activity on this node then they may be able to capture your data.
A VPN service operates by providing a secure tunnel to go from a network where a website is blocked to a network where the site is not. For example, I could setup VPN access to my home network so if I ever found myself on a network where sites were blocked, I could use a VPN connection to my home network to browse the sites from there. So long as you use encryption between your computer and the other network you are not extending your attack surface. This only applies if you know and trust the operator of the network that you are connecting to. If you don’t know who is providing the services then my danger rating shoots up to a perfect 10.
Have you come across users trying to bypass filters on your network? Comments welcome.