Is Tor tearing holes through your network? Close the door to malware and illegal activity with Spikes.

NoTor

I started to write this post after a conversation with my babysitter. We were talking about Facebook, and she mentioned that she used Tor at work to access Facebook and Gmail, which were restricted by her company. Since I’ve started writing, the climate has gotten much worse for Tor.

My babysitter is far from a techie, yet she was able to install and use Tor to bypass her company’s security procedures. While opening herself her network to Facebook and Gmail, she was also opening up the network to malware, bots, and viruses.

Tor, originally The Onion Router, is a proxy used to bypass firewalls to access the Internet anonymously and without restriction.  Tor used to be very rather cumbersome to install, require manual proxy adjustments, but has evolved to offer very easy to install packages. Easy enough for my babysitter to use.

Tor has value. It’s used by millions of people to bypass firewalls, and has provided for way for people to communicate who are behind the blocked and monitored firewalls of oppressive states. Some argue that the dissident movements in Iran and Egypt would have a lot of trouble communicating to the rest of the world if it wasn’t for the anonymity that Tor provides.

But the downside of Tor is the potential for abuse. Tor is used by people to perform criminal activity, such as stealing intellectual property, illegal financial exchanges,  and viewing child pornography. ( I would be extremely upset as both a father and a security professional knowing that there was the potential for someone to use my network for this type of activity.)

Tor does not offer perfect secrecy. Tor exit nodes are often hosted by volunteer hosting providers and they can be isolated, and the traffic analyzed, unencrypted, and traced back to the user.

In August, 2013, The FBI arrested Eric Eoin Marques for operating an illegal child pornography network over Tor. The FBI was able to obtain this information by placing malware on a Tor exit server.

How to Restrict Tor

Tor is treacherous, and is designed to use different outgoing ports for traffic. Tor can operate over ports 80 and 443, 9001, 9030, or any open available ports.  It’s essential to limit outbound ports to those you need and to those locations that you need. This is often very difficult to do.

spikes-logo
Stopping Tor with Spikes 
Spikes AirGap Pro Browser is the world’s most secure browser. Spikes uses air gap technology to physically separate browser hardware and software from the client machine, streaming a hardened virtualized browsing machine to the client. The result is a browser with the highest level of security available today.
Spikes offers some unique advantages to protect against the use of Tor. Since the Spikes appliance can be configured on non-standard ports to one location, the Spikes appliance. Other ports are non-essential. This makes access to the network by Tor impossible, but still allows safe Internet usage.
Stopping Tor without Spikes
If you don’t have Spikes, you still can have some protection against Tor. You can build a script that pushes an ACL list of Tor exit nodes, like the one found at http://goo.gl/i8jsJ3, up to a router or firewall. It’s kind of like whack-a-mole, but it’s better than nothing.
Another option is to install application whitelisting on your client machines, to keep Tor executables  from running.
Tor has upsides and downsides, but it has no place on your network.
For more information on Spikes, visit www.spikes.com or contact Paul Misner, paul@spikes.com,  or call 1-410-740-3490.

Leave a Comment

Your email address will not be published. Required fields are marked *

6 + 2 =