Tor: Problematic for IT

January 6, 2015 | Garrett Gross

TorAre you aware of everything that your users are accessing from your environment? While most of the time, non-work-related internet browsing is harmless (looking at pictures of cats, online shopping, social media, etc.) there are some instances where you could be an unknowing and unwilling participant in criminal activity. That is, when users hide that activity via the Tor network, or the Dark Net.

The Onion Router, or “Tor” is a piece of software that is designed to allow a user to browse the internet anonymously via a volunteer network of more than 5000 relays. There are arguably legitimate uses for this technology, such as providing internet access in repressively regulated countries. However, Tor is often associated with illicit activity (child pornography, selling controlled substances, identity theft, money laundering, and so on.). Most admins will want to prohibit their users from using the Tor network due to its association with nefarious activity.

Since the point of origin is nearly impossible to determine with conventional means, many bad actors leverage the Tor network to hide the location of Command & Control servers, machines taking ransomware payments, etc. This makes identifying these them and their malware that much harder.

Users browsing the Tor network (for illicit purposes or not) from your environment can open you up to hosting malicious/illegal content, ransomware infection, or unknowingly participating in other malicious activity. Yes, if your users are browsing with Tor and they are looking at child pornography, your company may be liable. And Wired recently reported that 80% of visits to Tor hidden services relate to child pornography.

You can use AlienVault Unified Security Management (USM) to detect when users access hidden services using the Tor network. The correlation directives and IDS signatures can detect when a system is attempting to resolve a Tor domain, and allow you to take corrective action.

Garrett Gross

About the Author: Garrett Gross

Garrett Gross has always had an insatiable appetite for technology and information security, as well as an underlying curiosity about how it all works. Garrett has over 15 years of professional experience in information technology, filling several roles: systems administration, network engineering, product marketing, technical support, and helpdesk. In his current role in field enablement, he uses his experience to help managed security service providers be successful in evangelizing and operationalizing AlienVault USM.

Read more posts from Garrett Gross ›

‹ BACK TO ALL BLOGS

Get the latest security news in your inbox.

Subscribe via Email

Watch a Demo ›
Get Price Free Trial