Cyberattacks continue to grow year over year. An astounding 5,126,930,507 breached records in 2021 represent an 11% increase in security incidents compared to 2020, based on IT governance analysis. Security professionals are in a constant battle to improve organizational security posture and prevent risks across all potential attack surfaces.
Web threats are, by far, the dominant attack vector for which Secure Web Gateways (SWGs) and NG Firewalls utilize URL/content filtering, advanced threat defense, and malware protection to defend users from internet-borne threats, as well as help enterprises enforce internet policy and regulation compliance. While security teams focus on the inbound threats from adversaries, they should also keep in mind in their risk assessments the weakest link in the security chain.
Humans. People are fallible, and they make mistakes. Even with proper awareness and education by IT teams to online risks, we all can be tricked to click on a phishing link that seems legit. Adversaries are taking advantage of human nature and use social engineering attacks to play on our emotions and curiosity. They often invoke urgency so that people will not stop to think. In their haste, people act against the companys and their own best interests. Employees also attempt to bypass security controls to gain access to websites that breach acceptable internet usage policies, such as adult content sites, gaming and gambling sites, and P2P file sharing websites. Rogue employees, or even overly enthusiastic employees with good intention, may try to circumvent the organizations security restrictions to perform tasks or other assignments by downloading unauthorized applications, connecting to unsanctioned online applications and cloud services, or using public proxy servers or VPN services, all of which impose greater risk to the organization by extending the attack surface.
In this blog post, I will address the different ways organizations can improve their security posture from internal risks imposed by either rogue employees trying to bypass security controls, or compromised hosts with malware that tries to exfiltrate data.
A rogue employee undermines the organization by ignoring rules and policies. They might openly break these rules, without concern of being fired, or covertly subvert them to keep from being discovered. Their actions might be relatively harmless, or serious enough to pose a risk to the security of the organizations data. In the worst cases, they may open the door to malware, or attempt to undermine the organization by giving data to a competitor or engage in corporate espionage.
As organizations utilize excessive restrictions to protect data and reduce the attack surface, the first thing users are going to do is look for a way around them, and then the security measures completely fail. Some of the tools available to circumvent security controls and organizational policy are web proxies and VPN. Both proxies and VPNs enable a high degree of privacy, allowing anonymous access of the internet. By doing so, the user is able to hide online activity and bypass any security policies, exposing the organization to malicious sites or data exfiltration. Lets dive into the differences found in such anonymity tools.
A proxy server acts as gateway between users and the internet. A proxy server has an IP address of its own, so internet traffic appears to be coming from somewhere else, hiding the sources true IP address. Proxy is ideal for basic functions like anonymous web browsing and circumventing content restrictions. Proxys main advantage is performing IP masking and misdirection, making it good for the viewing of geographically limited content. Proxies allow users to bypass content restrictions, monitoring, or enforcement of website content restrictions.
The different proxy types include:
A Virtual Private Network, or simply VPN, gives you online privacy and anonymity by creating a private network from a public internet connection. A VPN is similar to a proxy server in that it makes internet traffic appear to be coming from a remote IP address. However, with VPNs, traffic runs through an encrypted tunnel between the remote VPN network and the users computer or device, making VPNs an effective solution for ensuring network security and anonymity.
A VPN from a reliable provider ensures users have a safe way to browse the internet, especially when using Wi-Fi at a public location such as airports, hotels, and cafs, but you actually may be logged into a Wi-Fi network created by cybercriminal who now can easily spy on your browsing and steal any personal information you used online.
VPNs have been used by the business sector for many years. Remote employees use VPNs to create a tunnel from their device to the organization over the internet. Once a VPN tunnel is established, users on the public network are able to send and receive data as if they were directly connected to the private network. VPN usage skyrocketed by 41% in a single month, according to industry research on how COVID accelerated the distributed workforce.
There are many VPN services out there from free to premium VPN with ultra-speed connectivity. VPN services arent without their drawbacks, though. While theyre meant to protect your privacy, a VPN provider can see your web traffic and, in some cases, log it.
While Proxies and VPNs are good tools to remain anonymous and circumvent any organizational/governmental restrictions, Tor stands out first in the line when we compare the level of anonymity provided by various tools. Tor, or The Onion Router, is an open-source privacy network that enables anonymous web browsing. The worldwide Tor computer network uses secure, encrypted protocols to ensure that users online privacy is protected. Tor users digital data and communications are shielded using a layered approach that resembles the nested layers of an onion.
Tor technology was initially developed and solely used by the U.S. Navy to protect sensitive government communications. The network was later made available to the public as an open-source platform, meaning that Tors source code is accessible to everyone. Tor is upgraded and enhanced by volunteer developers in the Tor network. (source: https://www.torproject.org/about/history/)
Using a distributed network of nodes on the Internet, Tor provides anonymity to users. Internet Service Providers (ISPs), governments, and corporations cant know which sites youve been visiting. Authorities also cannot censor content or know your location.
Tor is able to do this because it hides your IP address and the addresses of sites you visit. Your packets are bounced across multiple nodes, with each node having only information about the previous and next hops along the route. Moreover, Tor nodes are run by volunteers without any centralized control. Tor is a network service, not a peer-to-peer service like BitTorrent.
The easiest way to use Tor is to use the Tor Browser, but there are many other services and software based on Tor. Due to the extreme anonymity Tor provides, its also been widely used by cyber criminals conducting illegal activities in the deep and dark web. Unless your organization is involved with analyzing the dark web using Tor for security research, Tor access should be blocked and no one in the organization should have any reason to search there.
Security professionals in charge of applying security measures need to find the balance between over-security, which impacts productivity and may result in frustrated employees or inspire over-enthusiastic employees to bypass the restrictions, and less-security, which may expose the organization to cyber risks. It is important for IT to strike a balance between not excessively clamping down on users activities while simultaneously educating users to stay secure and use IT infrastructure responsibly.
Employee security awareness training and education about cyberthreats are crucial to minimize damage from phishing emails and opening suspicious links, the impact of ransomware attacks on the organization, and the risk of sensitive data falling into the wrong hands. Some of the practices you should perform include:
I remember taking the Google phishing quiz a few month ago and I admit that I missed a few phishing cases. Even a trained eye can be fooled in regard to the legitimacy of a phishing website or a phishing email. So, monitoring and policy enforcement is essential. Goes without saying that web security, content filtering, and firewall policies should be in place to block malicious content.
A good practice is to block access to proxies, VPNs, and Tor. An application control system can be implemented to prevent the installation of the Tor browser, for example. Even if someone did manage to install it, using the network security system rules can be set to detect Tor traffic. Additionally, access to public proxies and VPNs should be restricted. There is no reason for an employee to use such services besides going to online apps or services that arent allowed by organizational policy, or in attempts to exfiltrate data and hide their tracks.
The Allot Traffic Management and Assurance platform is an inline network solution for checking and inspecting each packet in the network. Its Deep Packet Inspection (DPI) engine and classification logic are powered by machine learning and AI. Additionally, dedicated data and security researchers optimize, update, and create new detection logic to detect the most obfuscated proxies, VPNs, and Tor traffic out there. Our recent research is able even to detect applications and types of activities varying from file transfer, streaming, or web surfing within encrypted links (stay tuned for more info about it later on), enabling security professionals to gain visibility and control on everything that is running in the network.
Allots solution for traffic management and enforcement can also be used to detect and block any activities done over proxy, VPN, or Tor, and complement any security device already in place. Since the Allot engine inspects every packet on the network layer, it provides another layer of protection, detecting unauthorized traffic and stopping it. Please contact us for more information.
In short, security awareness training, constant monitoring and enforcement, and access restrictions are all strategies you can employ to stop rogue employees.
Read this article:
How to protect against the weakest link in cybersecurity THE USERS - Security Boulevard
- Tor Browser Has a New WebTunnel Feature to Avoid Censorship - How-To Geek - March 14th, 2024 [March 14th, 2024]
- The CIA Is Now Trying to Recruit Russian Spies On Telegram - TIME - May 18th, 2023 [May 18th, 2023]
- Dark Web Alerts: Identifying Criminal Data Exposure on the Dark Web - Security Boulevard - May 18th, 2023 [May 18th, 2023]
- Mullvad aces security audit with this new privacy tool - TechRadar - May 18th, 2023 [May 18th, 2023]
- Billions of Google Chrome users warned to avoid browser over red alert privacy concerns check your sett... - The US Sun - May 18th, 2023 [May 18th, 2023]
- How the decision on Space Command's home will be made - POLITICO - May 18th, 2023 [May 18th, 2023]
- Bitcoin Mixers: Clearnet vs. Darknet Which Offers Greater Anonymity? - Crypto Mode - April 27th, 2023 [April 27th, 2023]
- Matt Taibbi: Report on the Censorship-Industrial Complex - Scheerpost.com - April 27th, 2023 [April 27th, 2023]
- The Ultimate 2023 Guide to The Tor Browser Explained - Pixel Privacy - January 31st, 2023 [January 31st, 2023]
- What is Tor & How Do You Use It? Microsoft 365 - January 17th, 2023 [January 17th, 2023]
- Improving privacy when browsing web: Alternative browsers and chrome extensions - HackRead - October 19th, 2022 [October 19th, 2022]
- Tor Browser Bundle - Free download and software reviews - CNET Download - October 11th, 2022 [October 11th, 2022]
- Hacktivists seek to aid Iran protests with cyberattacks and tips on how to bypass internet censorship - CNBC - October 11th, 2022 [October 11th, 2022]
- This security firm claims to have the right tool for your privacy, and it's not a VPN - TechRadar - September 15th, 2022 [September 15th, 2022]
- A VPN Isn't the Only Way to Change Your IP Address - CNET - September 11th, 2022 [September 11th, 2022]
- Hi, I'll be your ransomware negotiator today but don't tell the crooks that - The Register - August 6th, 2022 [August 6th, 2022]
- Rewards for Justice Reward Offer for Information on Russian Interference in U.S. Elections - United States Department of State - Department of State - July 29th, 2022 [July 29th, 2022]
- How Tor Is Fightingand BeatingRussian Censorship - WIRED - July 29th, 2022 [July 29th, 2022]
- What Is Incognito Mode And Should You Be Using It? - Forbes - July 29th, 2022 [July 29th, 2022]
- TOR Browser - Onion VPN on the App Store - July 17th, 2022 [July 17th, 2022]
- Tor Browser now bypasses internet censorship automatically - BleepingComputer - July 17th, 2022 [July 17th, 2022]
- The dangers of the dark web: being safe online - Open Access Government - July 13th, 2022 [July 13th, 2022]
- Tor vs VPN: Which One Should You Use? - Dignited - June 30th, 2022 [June 30th, 2022]
- Rewards for Justice Offers Up to $10 Million for Information on Foreign Interference in US Elections - HS Today - HSToday - June 30th, 2022 [June 30th, 2022]
- Kremlin tightens control over Russians' online lives threatening domestic freedoms and the global internet - Jacksonville Journal-Courier - June 30th, 2022 [June 30th, 2022]
- Defence in Amanda Todd 'sextortion' trial zeroes in on missing data - The Tri-City News - June 30th, 2022 [June 30th, 2022]
- Now that 'Roe' has been overturned, it's up to the tech industry to protect our data - Fast Company - June 30th, 2022 [June 30th, 2022]
- QAnon Is Celebrating the Return of Its Leader After 18 Months of Silence - VICE - June 30th, 2022 [June 30th, 2022]
- 3 ways to find out if your passwords are being sold on the Dark Web - Komando - June 22nd, 2022 [June 22nd, 2022]
- EXPLAINER: EFCC 'Linked Naira Marley to the Dark Web'. Here's What You Need to Know About the Internet's Most Hidden Part - FIJ NG - June 11th, 2022 [June 11th, 2022]
- What is the Dark Web? - AOL - May 28th, 2022 [May 28th, 2022]
- Cookie Banners Can Be AnnoyingHere's How To Block Them - WRAL News - May 28th, 2022 [May 28th, 2022]
- DuckDuckGo tries to explain why its browsers won't block some Microsoft web trackers - The Register - May 28th, 2022 [May 28th, 2022]
- Proton VPN Secure Core: what it is and when you should use it - TechRadar - May 28th, 2022 [May 28th, 2022]
- How to Download & Install Tor Browser in Windows 10 - May 7th, 2022 [May 7th, 2022]
- How to Unblock a Webpage from Behind a Firewall - Beebom - May 7th, 2022 [May 7th, 2022]
- Download Tor Browser For Windows & MAC (Offline Installer) - May 1st, 2022 [May 1st, 2022]
- Tor Browser - Dark Web Portal Exposed | Dark Web Wiki - May 1st, 2022 [May 1st, 2022]
- Top 10 dark web links & Tor websites for 2022 - Surfshark - May 1st, 2022 [May 1st, 2022]
- How to Install the Tor Browser on a Chromebook - May 1st, 2022 [May 1st, 2022]
- How to Anonymous access to the dark web with Tor - BollyInside - May 1st, 2022 [May 1st, 2022]
- How to Change the Tor Browser Language - How-To Geek - April 29th, 2022 [April 29th, 2022]
- Bites of Life: Shining Light on the Dark Web - Macalester College The Mac Weekly - April 29th, 2022 [April 29th, 2022]
- What Is Dark Social and Why It Matters - Legal Talk Network - April 29th, 2022 [April 29th, 2022]
- IP bans - why they happen and how to prevent them - Oneindia - April 29th, 2022 [April 29th, 2022]
- Deep Web Tor Browser - Tor Links - Onion Links (2022) - April 20th, 2022 [April 20th, 2022]
- How to Install and Use the Tor Browser on Linux - April 20th, 2022 [April 20th, 2022]
- The Best VPN for Binance 2022 [How to Use Binance With a VPN] - Cloudwards - April 20th, 2022 [April 20th, 2022]
- Three tactics for security providers in the age of Dark Web collaboration - SecurityInfoWatch - April 20th, 2022 [April 20th, 2022]
- Simple way to Install Tor Browser in Rocky Linux 8 - Linux Shout - March 17th, 2022 [March 17th, 2022]
- Laptop in Veltman apartment had what appeared to be 'hate-related material': docs - Lethbridge News Now - March 17th, 2022 [March 17th, 2022]
- How to Access Blocked Websites anywhere and for Free - BollyInside - March 17th, 2022 [March 17th, 2022]
- Download Tor Browser for Mac - Free - 10.0 - Digital Trends - March 11th, 2022 [March 11th, 2022]
- Open in Tor Browser Get this Extension for Firefox (en-US) - March 11th, 2022 [March 11th, 2022]
- Use Brave Private Browsing with Tor to Hide IP Address - OSXDaily - February 21st, 2022 [February 21st, 2022]
- Are Crypto Transactions More Transparent Than Wire Transfers? - InvestingCube - February 21st, 2022 [February 21st, 2022]
- The Truth about Dark Web Is It Really Dangerous? - Crypto Mode - February 21st, 2022 [February 21st, 2022]
- Tech-Savvy Professionals Among 22 Arrested In Dark Web Narcotics Operation - NDTV - February 15th, 2022 [February 15th, 2022]
- Download Tor Browser for Windows - Free - 11.0.3 - February 1st, 2022 [February 1st, 2022]
- Tor Project heads to Russian court to appeal against censorship - The Daily Swig - February 1st, 2022 [February 1st, 2022]
- Firefox Monitor may remove personal information now from the Internet - Ghacks Technology News - December 9th, 2021 [December 9th, 2021]
- The Real Russia. Today. Reining in an unruly Communist Party Meduza - Meduza - December 9th, 2021 [December 9th, 2021]
- See the stunning mansion Josh Duggar is calling home during his child pornography trial ahead of possible... - The US Sun - December 9th, 2021 [December 9th, 2021]
- Whats the Difference Between the Deep Web and the Dark Web? - How-To Geek - December 9th, 2021 [December 9th, 2021]
- How to Access the Dark Web Complete Guide? - The Bulletin Time - December 7th, 2021 [December 7th, 2021]
- Theres More to Threat Intelligence Than Dark Web Monitoring - Security Boulevard - November 25th, 2021 [November 25th, 2021]
- You have to work on this through the routeras options diet plan, as some items immediately restore previous setup after a forced reboot - ADOTAS - November 25th, 2021 [November 25th, 2021]
- What is Tor (Browser) & How does it work? | CyberNews - November 23rd, 2021 [November 23rd, 2021]
- Privacy-Protective Internet Browser Tor Is Running Low on Servers - Gizmodo - November 23rd, 2021 [November 23rd, 2021]
- Yes, the Internet has become safer but a VPN is still needed - TechGenix - November 19th, 2021 [November 19th, 2021]
- Scots businessman caught with the 'most serious' category of child abuse images jailed - Scottish Daily Record - November 19th, 2021 [November 19th, 2021]
- Anna and Josh Duggar welcomed daughter Madyson Lily on October 23, their 7th child * starcasm.net - Starcasm - November 17th, 2021 [November 17th, 2021]
- Tor Browser (Alpha) 11.0.9 Download | TechSpot - November 5th, 2021 [November 5th, 2021]
- US government offers $10 million bounty for information on Colonial Pipeline hackers - The Verge - November 5th, 2021 [November 5th, 2021]
- The Tor Browser: What is it and why would you use it ... - October 24th, 2021 [October 24th, 2021]
- Tor Explained: What is Tor? How Does It Work? Is It Illegal? - October 21st, 2021 [October 21st, 2021]
- Alternatives to Using a VPN That Provided Excellent Anonymity While Online - TechBullion - October 21st, 2021 [October 21st, 2021]
- Slicing open The Onion Router (Tor) with no tears - ComputerWeekly.com - October 19th, 2021 [October 19th, 2021]
- What is the dark web? - fox4kc.com - October 19th, 2021 [October 19th, 2021]
- Use of VPNs in India spiking because of blocked websites, experts say ban proposal will not help users - India Today - October 19th, 2021 [October 19th, 2021]