Presentation is loading. Please wait.

Presentation is loading. Please wait.

1 A Cautionary Note on Automatic Proxy Configuration 11 th December 2003 CNIS 2003 Andreas Pashalidis.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "1 A Cautionary Note on Automatic Proxy Configuration 11 th December 2003 CNIS 2003 Andreas Pashalidis."— Presentation transcript:

1 1 A Cautionary Note on Automatic Proxy Configuration 11 th December 2003 CNIS 2003 Andreas Pashalidis

2 2 “There are probably thousands of organizations using automatic proxy configuration.” - Dr. Ian Cooper (editor of IETF “Web Proxy Auto-Discovery Protocol” Draft) e-mail excerpt, August 18 th, 2003.

3 3 Agenda Why do we need it ? How does it work ? What can go wrong ? What else can go wrong ? Live demo ! Countermeasures. Conclusions.

4 4 Agenda Why do we need it ? How does it work ? What can go wrong ? What else can go wrong ? Live demo ! Countermeasures. Conclusions.

5 5 Why do we need it ?

6 6 We want selection to occur automatically & in real time!

7 7 Why do we need it ? To eliminate manual configuration.

8 8 Agenda Why do we need it ? How does it work ? What can go wrong ? What else can go wrong ? Live demo ! Countermeasures. Conclusions.

9 9 How does it work ? Just by ticking this checkbox!

10 10 How does it work ?

11 11 How does it work ?

12 12 How does it work ?

13 13 How does it work ?

14 14 How does it work ?

15 15 How does it work ?

16 16 How does it work ?

17 17 How does it work ?

18 18 Agenda Why do we need it ? How does it work ? What can go wrong ? What else can go wrong ? Live demo ! Countermeasures. Conclusions.

19 19 What can go wrong ?

20 20 What can go wrong ? Interception Web spoofing

21 21 What can go wrong ? Interception Web spoofing

22 22 What can go wrong ? Interception Web spoofing

23 23 What can go wrong ?

24 24 What can go wrong ?

25 25 Agenda Why do we need it ? How does it work ? What can go wrong ? What else can go wrong ? Live demo ! Countermeasures. Conclusions.

26 26 What else can go wrong ?  The attack can be massive or selective.  The attack can be hidden. ( e.g. “use attack proxy only during weekends/for specific sites” )  Web browsers cannot display the configuration.

27 27 What else can go wrong ? SSL/TLS Interception

28 28 Agenda Why do we need it ? How does it work ? What can go wrong ? What else can go wrong ? Live demo ! Countermeasures. Conclusions.

29 29 Agenda Why do we need it ? How does it work ? What can go wrong ? What else can go wrong ? Live demo ! Countermeasures. Conclusions.

30 30 Countermeasures Authentication of proxy servers ( realistic? ) Firewalls (protection against outsiders). Use SSL/TLS to authenticate proxy, BUT New certificate type for this purpose. Change web browsers’ code path. Authentication failure = fatal error.

31 31 Agenda Why do we need it ? How does it work ? What can go wrong ? What else can go wrong ? Live demo ! Countermeasures. Conclusions.

32 32 Conclusion Think about these things before deploying an automatic proxy configuration solution.

33 33 Thanks! Questions?

Download ppt "1 A Cautionary Note on Automatic Proxy Configuration 11 th December 2003 CNIS 2003 Andreas Pashalidis."

Similar presentations

Cloud PIV Authentication and Authorization Demo PIV Card User Workstation Central Security Server In order to use Cloud Authentication and Authorization.

Cloud PIV Authentication and Authorization Demo PIV Card User Workstation Central Security Server In order to use Cloud Authentication and Authorization.
Copyright © 2012 Certification Partners, LLC -- All Rights Reserved Lesson 4: Web Browsing.

Copyright © 2012 Certification Partners, LLC -- All Rights Reserved Lesson 4: Web Browsing.
VOYAGER: Yet Another Secure Web Browser to Demonstrate Secure Socket Layer Working and Implementation By : Shrinivas G. Deshpande Advisor: Dr. Chung E.

VOYAGER: Yet Another Secure Web Browser to Demonstrate Secure Socket Layer Working and Implementation By : Shrinivas G. Deshpande Advisor: Dr. Chung E.
ITA, 2.11.2011, 8-TLS.pptx 1 Internet Security 1 (IntSi1) Prof. Dr. Andreas Steffen Institute for Internet Technologies and Applications (ITA) 8 Transport.

ITA, , 8-TLS.pptx 1 Internet Security 1 (IntSi1) Prof. Dr. Andreas Steffen Institute for Internet Technologies and Applications (ITA) 8 Transport.
Information System protection and Security. Need for Information System Security §With the invent of computers and telecommunication systems, organizations.

Information System protection and Security. Need for Information System Security §With the invent of computers and telecommunication systems, organizations.
N Stage Authentication with Biometric Devices Presented by: Nate Rotschafer Sophomore Peter Kiewit Institute Revised: July 8, 2002.

N Stage Authentication with Biometric Devices Presented by: Nate Rotschafer Sophomore Peter Kiewit Institute Revised: July 8, 2002.
IPsec: Internet Protocol Security Chong, Luon, Prins, Trotter.

IPsec: Internet Protocol Security Chong, Luon, Prins, Trotter.
Windows Vista And Longhorn Server PKI Enhancements Avi Ben-Menahem Lead Program Manager Windows Security Microsoft Corporation.

Windows Vista And Longhorn Server PKI Enhancements Avi Ben-Menahem Lead Program Manager Windows Security Microsoft Corporation.
Client/Server Computing Model of computing in which very powerful personal computers (clients) are connected in a network with one or more server computers.

Client/Server Computing Model of computing in which very powerful personal computers (clients) are connected in a network with one or more server computers.
A Security Pattern for a Virtual Private Network Ajoy Kumar and Eduardo B. Fernandez Dept. of Computer Science and Eng. Florida Atlantic University Boca.

A Security Pattern for a Virtual Private Network Ajoy Kumar and Eduardo B. Fernandez Dept. of Computer Science and Eng. Florida Atlantic University Boca.
Firewalling Proxy Server for Innopac

Firewalling Proxy Server for Innopac
 Proxy Servers are software that act as intermediaries between client and servers on the Internet.  They help users on private networks get information.

 Proxy Servers are software that act as intermediaries between client and servers on the Internet.  They help users on private networks get information.
1 Lecture 20: Firewalls motivation ingredients –packet filters –application gateways –bastion hosts and DMZ example firewall design using firewalls – virtual.

1 Lecture 20: Firewalls motivation ingredients –packet filters –application gateways –bastion hosts and DMZ example firewall design using firewalls – virtual.
Secure Remote Access to an Internal Web Server Christian Gilmore, David Kormann, and Aviel D. Rubin ATT Labs - Research “The security policy usually amounts.

Secure Remote Access to an Internal Web Server Christian Gilmore, David Kormann, and Aviel D. Rubin ATT Labs - Research “The security policy usually amounts.
Exam Cram. 2 | SharePoint Saturday St. Louis 2013.

Exam Cram. 2 | SharePoint Saturday St. Louis 2013.
SHASHANK MASHETTY Email security. Introduction Electronic mail most commonly referred to as email or e- mail. Electronic mail is one of the most commonly.

SHASHANK MASHETTY security. Introduction Electronic mail most commonly referred to as or e- mail. Electronic mail is one of the most commonly.
By : Windi Widiastuti XII TKJ -3 31.  DEFINITION.

By : Windi Widiastuti XII TKJ  DEFINITION.
8: Network Security8-1 Security in the layers. 8: Network Security8-2 Secure sockets layer (SSL) r Transport layer security to any TCP- based app using.

8: Network Security8-1 Security in the layers. 8: Network Security8-2 Secure sockets layer (SSL) r Transport layer security to any TCP- based app using.
SQL Power Injector Avadanei AlinBalan Robert. What is SQL Power Injector ?  A graphical application created in C#.Net 1.1 that helps the penetration.

SQL Power Injector Avadanei AlinBalan Robert. What is SQL Power Injector ?  A graphical application created in C#.Net 1.1 that helps the penetration.
WEB SPOOFING by Miguel and Ngan. Content Web Spoofing Demo What is Web Spoofing How the attack works Different types of web spoofing How to spot a spoofed.

WEB SPOOFING by Miguel and Ngan. Content Web Spoofing Demo What is Web Spoofing How the attack works Different types of web spoofing How to spot a spoofed.

Similar presentations

Ads by Google