Download presentation
Presentation is loading. Please wait.
1
1 A Cautionary Note on Automatic Proxy Configuration 11 th December 2003 CNIS 2003 Andreas Pashalidis
2
2 “There are probably thousands of organizations using automatic proxy configuration.” - Dr. Ian Cooper (editor of IETF “Web Proxy Auto-Discovery Protocol” Draft) e-mail excerpt, August 18 th, 2003.
3
3 Agenda Why do we need it ? How does it work ? What can go wrong ? What else can go wrong ? Live demo ! Countermeasures. Conclusions.
4
4 Agenda Why do we need it ? How does it work ? What can go wrong ? What else can go wrong ? Live demo ! Countermeasures. Conclusions.
5
5 Why do we need it ?
6
6 We want selection to occur automatically & in real time!
7
7 Why do we need it ? To eliminate manual configuration.
8
8 Agenda Why do we need it ? How does it work ? What can go wrong ? What else can go wrong ? Live demo ! Countermeasures. Conclusions.
9
9 How does it work ? Just by ticking this checkbox!
10
10 How does it work ?
11
11 How does it work ?
12
12 How does it work ?
13
13 How does it work ?
14
14 How does it work ?
15
15 How does it work ?
16
16 How does it work ?
17
17 How does it work ?
18
18 Agenda Why do we need it ? How does it work ? What can go wrong ? What else can go wrong ? Live demo ! Countermeasures. Conclusions.
19
19 What can go wrong ?
20
20 What can go wrong ? Interception Web spoofing
21
21 What can go wrong ? Interception Web spoofing
22
22 What can go wrong ? Interception Web spoofing
23
23 What can go wrong ?
24
24 What can go wrong ?
25
25 Agenda Why do we need it ? How does it work ? What can go wrong ? What else can go wrong ? Live demo ! Countermeasures. Conclusions.
26
26 What else can go wrong ? The attack can be massive or selective. The attack can be hidden. ( e.g. “use attack proxy only during weekends/for specific sites” ) Web browsers cannot display the configuration.
27
27 What else can go wrong ? SSL/TLS Interception
28
28 Agenda Why do we need it ? How does it work ? What can go wrong ? What else can go wrong ? Live demo ! Countermeasures. Conclusions.
29
29 Agenda Why do we need it ? How does it work ? What can go wrong ? What else can go wrong ? Live demo ! Countermeasures. Conclusions.
30
30 Countermeasures Authentication of proxy servers ( realistic? ) Firewalls (protection against outsiders). Use SSL/TLS to authenticate proxy, BUT New certificate type for this purpose. Change web browsers’ code path. Authentication failure = fatal error.
31
31 Agenda Why do we need it ? How does it work ? What can go wrong ? What else can go wrong ? Live demo ! Countermeasures. Conclusions.
32
32 Conclusion Think about these things before deploying an automatic proxy configuration solution.
33
33 Thanks! Questions?
Similar presentations
© 2025 SlidePlayer.com. Inc.
All rights reserved.