Here at NetWatcher we are seeing an increasing amount of Tor on our customer’s networks. Tor, short for The Onion Router, is a software that enables anonymous communication, and conceals the user’s location and usage activity. In many instances of network activity this communication is not good and potentially damaging to the company.
Tor intercepts network traffic from the user’s computer and shuffles it through random computers before moving onto its destination. This process disguises the user’s location and makes it difficult for servers to identify and monitor the user. The computers involved in the routing process are called “relays.”
Tor can pose a threat for a number of reasons, including:
Users of Tor are also at risk of having malware implanted on their computer via Tor exit nodes or having their identity exposed.
There are instances when Tor is not a bad thing, for example:
The weak link occurs when your data emerges at the exit node. Whatever you’re sending and receiving can easily be seen by the person operating the final exit node.
So while Tor provides for end-user anonymity at the network/packet level (IP Address), it does not provide for end-to-end data secrecy. The traffic coming off the exit node is exactly what protocol and data your application sent out and if that is clear text then the owner of the exit node can see everything. Repeat after me: Tor is not an end-to-end encryption tool.
Bad actors can also be manipulating these exit nodes for criminal gain. For example, a safe executable is downloaded but when it passes through a compromised exit node, malware is added to the package. Then, when you run your .exe file the malicious code separates itself and starts to run in the background.
Tor is not safe for the average user. There are ways to use Tor with a VPN client to make it safer (see here), but only users that truly understand networking and security should be using such tools.
Your company network needs to be monitored and maintained in order to protect against the threats of Tor. NetWatcher’s Security Hygiene feature actively monitors networks 24/7 and warns you if there is suspicious activity happening on your network. It’s not easy to block Tor, but it is possible.