Third-party anonymous proxies? No! No! No!

Two security pros explain why they'd never use an anonymous proxy service from a Web-based third party.
Page:

This is the third installment of a three-part series on the pros and cons of anonymous proxy services. Read the first installment here and listen to the second installment here.

There are a variety of legitimate reasons for security professionals to use anonymous proxy servers. But would they trust a third-party service that lives on the Web?

Dallas-based security practitioner Kevin Nixon's three-word answer: "No! No! No!"

Using a Web-based anonymous proxy service is about as safe and useful as a frontal lobotomy, says Nixon, a specialist in data privacy and international regulatory compliance.

"If you need more proof, just ask [US Republican VP candidate] Sarah Palin, who had her email hacked because" a hacker was able to easily access her Yahoo e-mail account information via the Ctunnel.com proxy service. Services like that have lax user policies, Nixon says, adding, "Why would anyone hand over a complete list of trusted TCP/IP addresses to any company that has [loose policies] like Ctunnel?"

Web-based anonymizers like this aren't compliant with regulations and industry standards such as FISMA, FACTA, HIPAA, GLBA or SOX, and trusting them sets the user up for an experience like the one Palin was forced to endure, Nixon says.

His concerns reflect those of others CSOonline interviewed regarding the trustworthiness of Web-based anonymous proxy services. One can never be sure who is controlling a given proxy or how strict their moral code may be, which is why George Johnson, chief security officer at the National Center for Crisis and Continuity Coordination (NC4), would never use one.

"Anyone who really cares about protecting what they are doing should not use a random proxy as you do not know who is controlling it," he says. "They could indeed be capturing all of your traffic and it could then be used against you at a later date."

He says those who truly care about the privacy of their transactions must do their homework and understand what protections are provided by the service they are thinking of using.

"That is difficult because it's hard to understand all of the players in the communications link," he says. "I am not aware of a single service that provides enough transparency for people to make an educated decision."

Page:
References show all

Comments

Post new comment

The content of this field is kept private and will not be shown publicly.
Users posting comments agree to the Computerworld comments policy.
Login or register to link comments to your user profile, or you may also post a comment without being logged in.
Related Coverage
Related Whitepapers
Latest Stories
Community Comments
Tags: internet security
Whitepapers
All whitepapers
Sign up now to get free exclusive access to reports, research and invitation only events.
Featured Download
/downloads/product/171/gadwin-web-snapshot/

Gadwin Web Snapshot

Gadwin Web Snapshot will effectively capture the entire page including all design elements when capturing web pages. It makes an image of the browser’s content ...

Computerworld newsletter

Join the most dedicated community for IT managers, leaders and professionals in Australia