Presentation is loading. Please wait.

Presentation is loading. Please wait.

1 A Cautionary Note on Automatic Proxy Configuration 11 th December 2003 CNIS 2003 Andreas Pashalidis.

Similar presentations


Presentation on theme: "1 A Cautionary Note on Automatic Proxy Configuration 11 th December 2003 CNIS 2003 Andreas Pashalidis."— Presentation transcript:

1 1 A Cautionary Note on Automatic Proxy Configuration 11 th December 2003 CNIS 2003 Andreas Pashalidis

2 2 “There are probably thousands of organizations using automatic proxy configuration.” - Dr. Ian Cooper (editor of IETF “Web Proxy Auto-Discovery Protocol” Draft) e-mail excerpt, August 18 th, 2003.

3 3 Agenda Why do we need it ? How does it work ? What can go wrong ? What else can go wrong ? Live demo ! Countermeasures. Conclusions.

4 4 Agenda Why do we need it ? How does it work ? What can go wrong ? What else can go wrong ? Live demo ! Countermeasures. Conclusions.

5 5 Why do we need it ?

6 6 We want selection to occur automatically & in real time!

7 7 Why do we need it ? To eliminate manual configuration.

8 8 Agenda Why do we need it ? How does it work ? What can go wrong ? What else can go wrong ? Live demo ! Countermeasures. Conclusions.

9 9 How does it work ? Just by ticking this checkbox!

10 10 How does it work ?

11 11 How does it work ?

12 12 How does it work ?

13 13 How does it work ?

14 14 How does it work ?

15 15 How does it work ?

16 16 How does it work ?

17 17 How does it work ?

18 18 Agenda Why do we need it ? How does it work ? What can go wrong ? What else can go wrong ? Live demo ! Countermeasures. Conclusions.

19 19 What can go wrong ?

20 20 What can go wrong ? Interception Web spoofing

21 21 What can go wrong ? Interception Web spoofing

22 22 What can go wrong ? Interception Web spoofing

23 23 What can go wrong ?

24 24 What can go wrong ?

25 25 Agenda Why do we need it ? How does it work ? What can go wrong ? What else can go wrong ? Live demo ! Countermeasures. Conclusions.

26 26 What else can go wrong ?  The attack can be massive or selective.  The attack can be hidden. ( e.g. “use attack proxy only during weekends/for specific sites” )  Web browsers cannot display the configuration.

27 27 What else can go wrong ? SSL/TLS Interception

28 28 Agenda Why do we need it ? How does it work ? What can go wrong ? What else can go wrong ? Live demo ! Countermeasures. Conclusions.

29 29 Agenda Why do we need it ? How does it work ? What can go wrong ? What else can go wrong ? Live demo ! Countermeasures. Conclusions.

30 30 Countermeasures Authentication of proxy servers ( realistic? ) Firewalls (protection against outsiders). Use SSL/TLS to authenticate proxy, BUT New certificate type for this purpose. Change web browsers’ code path. Authentication failure = fatal error.

31 31 Agenda Why do we need it ? How does it work ? What can go wrong ? What else can go wrong ? Live demo ! Countermeasures. Conclusions.

32 32 Conclusion Think about these things before deploying an automatic proxy configuration solution.

33 33 Thanks! Questions?


Download ppt "1 A Cautionary Note on Automatic Proxy Configuration 11 th December 2003 CNIS 2003 Andreas Pashalidis."

Similar presentations


Ads by Google