Problem solve Get help with specific problems with your technologies, process and projects.

Anonymity programs and services for network engineers

Anonymity is very rarely discussed in the business world because in some respects, it is at odds with the ideas of non-repudiation and authentication. But in the interest of network security, administrators need to be familiar with the state of technology used for anonymity. Tom Lancaster explains anonymity services and provides several resources in this tip.

In the world of network security, there are a few domains that receive the lion's share of our attention. These are -- among others -- confidentiality, integrity and reliability, as well as non-repudiation and authentication. Anonymity is very rarely discussed in the business world because in some respects it is the opposite of non-repudiation and authentication. That is, when you're doing business with people electronically, you usually want to know who they are to ensure that they can't easily claim their identity was stolen and the transaction made by an impostor.

Still, as a network engineer or administrator, you should familiarize yourself with the state of technology used for anonymity because you may need it yourself someday, or you may need to prevent someone from using your network and exposing your company to liability or leaking your company's intellectual property.

Another thing to keep in the back of your mind as we discuss the services below is all this talk about a "Two-tiered Internet," which basically means that some subscribers will pay more than others. My prediction is that if the carriers go ahead with these plans, it will spawn a plethora of hacks like the toll-fraud issues that constantly attacked PSTN subscribers a few decades ago. I expect many of these to be similar to the services below, as users attempt to avoid paying for better service. Ironically, however, the one feature all the services below have in common is that they are currently dreadfully slow. Even so, I expect a renewed interest in anonymity, accompanied by a rapid increase in the pace of technology.

In this tip, we briefly survey a few programs and services and then provide some links for further reading.

The first thing to realize is that most of the services for anonymity are similar to peer-to-peer file sharing services in that they send your "anonymous" traffic through any number of proxies, which are in fact software on other people's PCs. Thus, if someone on your network has enabled the service, your network may be a transit used to hide anything from political dissent to whistle blowing, the difference being that these services are primarily HTTP and SSH oriented, rather than file sharing.

The two most popular services are "The Onion Router," otherwise known as TOR, and I2P. There are many differences between these services -- some subtle, others substantial -- but I2P has an excellent comparison page for several services. You can read more about them here.

The second thing to realize is that "anonymous" services aren't just for outbound access but for hosting services. You can use either of the above to host a Web site, for instance, while hiding the real location. Here is some information from TOR on this subject.

Another popular service is Freenet (which is not at all like the old "Freenet" community projects such as my favorite, Buffalo Freenet). And, of course, Gnunet, which is focused on anonymous file sharing.

More on this topic

More network engineering tips

Browse other tips by Tom Lancaster

One very interesting (and useful) program is Torpark. This application is essentially a portable instance of Firefox browser configured with TOR. If you're not familiar with portable software, it's basically the application in an executable that you can run from any directory without "installing" (i.e., no registry entries or files left in mysterious hidden/winnt/system directories). In other words, you can just explode the executable to a temporary directory on a flash drive, browse in relative anonymity from any PC with a USB port, and then erase that directory to get rid of cookies, etc.

By the way, there are many other portable apps, including the whole Open Office suite.

If you're just tuning in to the anonymity scene, a quick scan of the links above will get you started and hopefully give you a good idea of what may be going on in your network, or perhaps what you could use. For much more reading, check out the Anonymity Bibliography.

Tom Lancaster, CCIE# 8829 CNX# 1105, is a consultant with 15 years of experience in the networking industry. He is co-author of several books on networking, most recently, CCSPTM: Secure PIX and Secure VPN Study Guide, published by Sybex.

This was last published in June 2006

Dig Deeper on Network Security Best Practices and Products

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.