Are you aware of everything that your users are
accessing from your environment?
While most of the time, non-work-related Internet
browsing is harmless (looking at pictures of cats, online shopping, social
media, etc.) there are some instances where you could be an unknowing and
unwilling participant in criminal activity. That is, when users hide that
activity via the Tor network, or the Dark Net.
The Onion Router, better known as "Tor", an
open source project, launched in 2002, is designed to allow a user to browse
the Internet anonymously via a volunteer network of more than 5000 relays. It
doesn't share your identifying information like your IP address and physical
location with websites or service providers.
A user that navigate Internet using Tor, it's quite
difficult to trace its activities ensuring his online privacy. There are
arguably legitimate uses for this technology, such as providing Internet access
in repressively regulated countries.
Tor has been a favorite target of intelligence
agencies. NSA targeted the Tor users, using a zero-day vulnerability in Firefox
browser, bundled with Tor, that allowed them to get the real IP address of the
anonymous Tor users.
Using same techniques, FBI was also able to track the
Owner of 'Freedom Hosting', the biggest service provider for sites on the
encrypted Tor network, hosted many child pornography sites.
However, Mozilla has then fixed that Firefox flaw
exploited by government law enforcement officials.
Moreover, Tor is often associated with illicit
activity (child pornography, selling controlled substances, identity theft,
money laundering, and so on). Most admins will want to prohibit their users
from using the Tor network due to its association with nefarious activity.
Since the point of origin is nearly impossible to
determine with conventional means, many bad actors leverage the Tor network to
hide the location of Command & Control servers, machines taking ransomware
payments, etc. This makes identifying these them and their malware that much
harder.
Users browsing the Tor network (for illicit purposes
or not) from your environment can open you up to hosting malicious/illegal
content, Ransomware infection, or unknowingly participating in other malicious
activity. Therefore it is also known as DeepNet or Deep Web.
To know more detail about the Deep Web you can read
our detailed article, "What is the Deep Web? A first trip into the
abyss".
WHAT I CAN DO ABOUT TOR?
AlienVault Unified Security ManagementTM (USM) can
help. USM provides asset discovery, vulnerability assessment, threat detection
(IDS), behavioral monitoring and SIEM in a single console, plus weekly threat
intelligence updates developed by the AlienVault Labs threat research team.
No comments:
Post a Comment