INTERNET INFORMATION TECHNOLOGIES (VARIETIES) - NEW FEATURES OR...

The article is about new information technologies of the Internet, such as anonymizers, intranet, extranet, proxy servers and overlay networks in particular. Their features, types, characteristics, positive and negative sides are also presented. Special attention is paid to personal information security.

Holes in the Geofence: Privacy Vulnerabilities in “Smart” DNS Services

Smart DNS (SDNS) services advertise access to geofenced content (typically, video streaming sites such as Netflix or Hulu) that is normally inaccessible unless the client is within a prescribed geographic region. SDNS is simple to use and involves no software installation. Instead, it requires only that users modify their DNS settings to point to an SDNS resolver. The SDNS resolver “smartly” identifies geofenced domains and, in lieu of their proper DNS resolutions, returns IP addresses of proxy servers located within the geofence. These servers then transparently proxy traffic between the users and their intended destinations, allowing for the bypass of these geographic restrictions. This paper presents the first academic study of SDNS services. We identify a number of serious and pervasive privacy vulnerabilities that expose information about the users of these systems. These include architectural weaknesses that enable content providers to identify which requesting clients use SDNS. Worse, we identify flaws in the design of some SDNS services that allow any arbitrary third party to enumerate these services’ users (by IP address), even if said users are currently offline. We present mitigation strategies to these attacks that have been adopted by at least one SDNS provider in response to our findings.

Demystifying Global Cybersecurity Threats in Financial Services

The financial sector across the globe ensures sustainable growth in the economy by mobilizing investments, funds, and savings. This chapter attempts to comprehend the current state of cybersecurity within the financial services industry worldwide. The chapter explores the different aspects of global cyber-attacks in financial sectors to elucidate the salient problems, issues, threats, safeguards, and solutions. As technology is progressing, highly technology-savvy criminals are becoming a new threat in the cybercrime space. The entire industry needs an intense transformation to create innovative, state-of-the-art information, and an up-to-date architecture of cybersecurity that is capable of confronting the continuous tides of cyber-attacks and data breaches on an everyday basis. The use of security tools like proxy servers, firewalls, multi-layered email strategy, virus security software, and effective governance strategies are necessary to protect financial sectors from cyber threats and attacks.

A Client Bootstrapping Protocol for DoS Attack Mitigation on Entry Point Services in the Cloud

This paper presents a client bootstrapping protocol for proxy-based moving target defense system for the cloud. The protocol establishes the identity of prospective clients who intend to connect to web services behind obscure proxy servers in a cloud-based network. In client bootstrapping, a set of initial line of defense services receive new client requests, execute an algorithm to assign them to a proxy server, and reply back with the address of the chosen proxy server. The bootstrapping protocol only reveals one proxy address to each client, maintaining the obscurity of the addresses for other proxy servers. Hiding the addresses of proxy servers aims to lower the likelihood that a proxy server becomes the victim of a denial-of-service (DoS) attack. Existing works address this problem by requiring the solution of computationally intensive puzzles from prospective clients. This solution slows the progression of attacks as well as new clients. This paper presents an alternative idea by observing that limited capacity of handling initial network requests is the primary cause of denial-of-service attacks. Thus, the suggested alternative is to utilize cost-effective high-capacity networks to handle client bootstrapping, thus thwarting attacks on the initial line of defense. The prototype implementation of the protocol using Google’s firebase demonstrates the proof of concept for web services that receive network requests from clients on mobile devices.

SiegeBreaker: An SDN Based Practical Decoy Routing System

Decoy Routing (DR), a promising approach to censorship circumvention, uses routers (rather than end hosts) as proxy servers. Users of censored networks, who wish to use DR, send specially crafted packets, nominally addressed to an uncensored website. Once safely out of the censored network, the packets encounter a special router (the Decoy Router) which identifies them using a secret handshake, and proxies them to their true destination (a censored site). However, DR has implementation problems: it is infeasible to reprogram routers for the complex operations required. Existing DR solutions fall back on using commodity servers as a Decoy Router. But as servers are not efficient at routing, most web applications show poor performance when accessed over DR. A further concern is that the Decoy Router has to inspect all flows in order to identify the ones that need DR. This may itself be a breach of privacy for other users (who neither require DR nor want to be monitored). In this paper, we present a novel DR system, Siege- Breaker (SB), which solves the aforementioned problems using an SDN-based architecture. Previous proposals involve a single unit which performs all major operations (inspecting all flows, identifying the DR requests and proxying them). In contrast, SB distributes the tasks for DR among three independent modules. (1) The SDN controller identifies DR requests via a covert, privacy preserving scheme, and does not need to inspect all flows. (2) The reconfigurable SDN switch intercepts packets, and forwards them to a secret proxy efficiently. (3) The secret proxy server proxies the client’s traffic to the censored site. Our modular, lightweight design achieves performance comparable to direct TCP downloads, for both in-lab setups, and Internet based tests involving commercial SDN switches.

Machine Learning for Web Proxy Analytics

Proxy servers used around the globe are typically graded and built for small businesses to large enterprises. This does not dismiss any of the current efforts to keep the general consumer of an electronic device safe from malicious websites or denying youth of obscene content. With the emergence of machine learning, we can utilize the power to have smart security instantiated around the population's everyday life. In this work, we present a simple solution of providing a web proxy to each user of mobile devices or any networked computer powered by a neural network. The idea is to have a proxy server to handle the functionality to allow safe websites to be rendered per request. When a website request is made and not identified in the pre-determined website database, the proxy server will utilize a trained neural network to determine whether or not to render that website. The neural network will be trained on a vast collection of sampled websites by category. The neural network needs to be trained constantly to improve decision making as new websites are visited.

Tractable near-optimal policies for crawling

The problem of maintaining a local cache of n constantly changing pages arises in multiple mechanisms such as web crawlers and proxy servers. In these, the resources for polling pages for possible updates are typically limited. The goal is to devise a polling and fetching policy that maximizes the utility of served pages that are up to date. Cho and Garcia-Molina [(2003) ACM Trans Database Syst 28:390–426] formulated this as an optimization problem, which can be solved numerically for small values of n, but appears intractable in general. Here, we show that the optimal randomized policy can be found exactly in O(n⁡log⁡n) operations. Moreover, using the optimal probabilities to define in linear time a deterministic schedule yields a tractable policy that in experiments attains 99% of the optimum.