Slashdot is powered by your submissions, so send in your scoop

 



Forgot your password?
typodupeerror
×
IBM Security

IBM Tells Administrators To Block Tor On Security Grounds 70

Mickeycaskill writes: IBM says Tor is increasingly being used to scan organizations for flaws and launch DDoS, ransomware and other attacks. Tor, which provides anonymity by obscuring the real point of origin of Internet communications, was in part created by the US government, which helps fund its ongoing development, due to the fact that some of its operations rely on the network. However, the network is also widely used for criminal purposes. A report by the IBM says administrators should block access to Tor , noting a "steady increase" an attacks originating from Tor exit nodes, with attackers increasingly using Tor to disguise botnet traffic. "Spikes in Tor traffic can be directly tied to the activities of malicious botnets that either reside within the Tor network or use the Tor network as transport for their traffic," said IBM. "Allowing access between corporate networks and stealth networks can open the corporation to the risk of theft or compromise, and to legal liability in some cases and jurisdictions."
This discussion has been archived. No new comments can be posted.

IBM Tells Administrators To Block Tor On Security Grounds

Comments Filter:
  • by Calsar ( 1166209 )

    Yes, I know some people just use Tor because they don't want the government watching them, but I block Tor on general principal. Most of the traffic coming out of Tor is malicious. The only exception would be if I was running a site with information I wanted to provide to oppressed countries.

    • Re: (Score:3, Insightful)

      by Anonymous Coward

      Your an idiot. Blocking Tor *won't* do a damm thing at actually solving the security problem. All it does is give you the illusion of security when you don't know what your doing.

      • by Anonymous Coward

        I don't see why you're downvoted. This is true. Blocking tor isn't a solution. You should be patching your systems and not have crappy apps.

        If you have a smart load balancer that decides to threshold block tor nodes, that's fine. But explicitly blocking all tor nodes is just lazy and doesn't fix the problem.

      • Re:Duh (Score:5, Insightful)

        by Calsar ( 1166209 ) on Wednesday August 26, 2015 @04:17PM (#50398173) Homepage

        I didn't say blocking Tor made you secure, I simply said traffic coming out of Tor is malicious and should be blocked. If you think blocking Tor makes no difference you are wrong. A lot of attacks are coming out of Tor and you can eliminate them with little effort.

        • by Anonymous Coward

          I sympathize with your position, I really do, but where does that argument end? A lot of email is malicious too--should we just start blocking that? Webpages are often malicious as well. Come to think of it, maybe we should just keep all of our networks local.

          Tor has lots of good purposes also. Blocking it completely seems like an indiscriminate solution.

          • by orlanz ( 882574 )

            On a personal network... I don't care, your choice. But on a business network, this is a no brainer. Its clearly from IBM's "No shit Sherlock" department. Some intern needed to write a security recommendation. Few enterprises have a business need for Tor, so why not block it? What good reason is there to have it unblocked?

            As for where it stops ummm... when it actually hinders your business? If you business doesn't have ANY need to load webpages (ie: the book network at a stock exchange), then yes, you

      • Your an idiot.

        ...don't know what your doing.

        Good effort, but next time go for the triple combo!

    • by Anonymous Coward

      We say we want anonymity on the internet (and we do).

      Yet we don't want people wearing ski-masks entering banks or gas stations.

      The thing that sucks about anonymity is a small percent of people will utter destroy it. Tragedy of the commons, I guess.

    • by X.25 ( 255792 )

      Yes, I know some people just use Tor because they don't want the government watching them, but I block Tor on general principal. Most of the traffic coming out of Tor is malicious. The only exception would be if I was running a site with information I wanted to provide to oppressed countries.

      You have access to all outgoing Tor traffic?

      Nice.

  • Another layer (Score:3, Informative)

    by TechyImmigrant ( 175943 ) on Wednesday August 26, 2015 @02:52PM (#50397713) Homepage Journal

    I presume the enterprising TOR user could set up a couple of machines A and B somwhere on the internetz to act as a personal TOR entry and exit point. VPN to A. A TORs to B. B talks to the internetz.

     

    • Re: Another layer (Score:2, Informative)

      by Anonymous Coward

      That would defeat the purpose and isn't how Tor works.

    • Why not try an all meat diet? Smarter people than you do: http://www.jbc.org/content/87/... [jbc.org]

      Interestingly that article you link to was published in February 1930, right near the start of the "Great Depression" and states that "These studies were supported in part by a research grant from the Institute of American Meat Packers". They were probably scared stiff that nobody would be left with enough pennies in their pocket to buy meat.

      You want smart people? "It is my view that the vegetarian manner of li

  • by Anonymous Coward

    Blocking Tor doesn't do a damm thing for real security. It won't stop the "attacks". There are plenty of other avenues for malicious parties to use. The idea that getting rid of Tor somehow will stop the attack is just plain silly. It might sound good to the CEO, protect your job, etc. It won't actually improve security. If you want to improve security start with ridding your company of the proprietary software whose holes *can't* and won't be fixed. Fund *bug hunting*, reduce the bloat in your applications

    • by TheCarp ( 96830 ) <sjc AT carpanet DOT net> on Wednesday August 26, 2015 @03:11PM (#50397833) Homepage

      > Blocking Tor doesn't do a damm thing for real security. It won't stop the "attacks". There are plenty of other avenues for malicious parties to use.

      While mostly true, you do have to consider that exit nodes that are on your internal network are probably bad juju.

      Personally, I am all for using tor, but I wouldn't want to see random users putting up exit nodes inside my network. Exit nodes really should be setup with a bit more care to make sure they can't be used to access internal hosts, especially if internal networks have public IPs, which while less common these days, is not unheard of.

      My previous 2 employers both used public IPs on their internal networks (and each had their own class public B). So, by default, a tor exit node would constitute a hole in the firewall unless specifically setup to restrict access to "local" IPs.

      Not unmanagaeble at all if you want to manage it, but, not something you want to leave in the hands of Bob in accounting.

  • by nickweller ( 4108905 ) on Wednesday August 26, 2015 @03:01PM (#50397791)
    If security on these public and private-sector networks weren't so flaky, botnets wouldn't be such a problem. Remember all it took to compromise SONY was one malicious email attachment. Make you wonder how Internet security got so bad considering folks like the NSA helps these organizations securing their 'computers'.
    • by Nutria ( 679911 )

      considering folks like the NSA helps these organizations securing their 'computers'.

      All of the technical acumen in the world can't defend against a PHB running XP who clicks on everything.

  • If it can be blocked, or even if it's visible at all, it is dangerous for the user. If you can't blend in, you're gonna stick out..

  • by Dutch Gun ( 899105 ) on Wednesday August 26, 2015 @03:09PM (#50397827)

    You know, there's a completely different potential meaning between "IBM Tells Administrators to Block..." vs "IBM Tells Companies to Block..." I initially though IBM was discussing an internal policy, but they're advocating that OTHER companies simply block access to TOR nodes, in case it's not clear.

    Still, blocking these nodes seems like a fairly weak approach to security, doesn't it? It's not like you can't disguise your movement by utilizing a botnet server. It's sort of like saying "we could improve our security by banning all incoming traffic from China and Russia". Well, sure, if you're willing to just block lots of legitimate users in the meantime. It would be far better to try to implement better technologies and policies that actually improve computer security, rather than feel-good measures like this.

    For starters: eliminate dependence on old, out-of-data, vulnerable web based technologies. There are many corporate customers who still must use specific VULNERABLE versions of the Java plug-in, for instance. Oh, wait though... that would cost money! Nevermind, just block the TOR nodes, ok?

    • It's sort of like saying "we could improve our security by banning all incoming traffic from China and Russia". Well, sure, if you're willing to just block lots of legitimate users in the meantime. It would be far better to try to implement better technologies and policies that actually improve computer security, rather than feel-good measures like this.

      Yes, in a perfect world, companies would have perfect device security and it wouldn't matter from which direction an attack came.

      But here in the real world, there is no such thing as perfect security, and every little bit helps. They aren't suggesting you block TOR and ignore your firewall and stop updating patches, just that among other security measures, this might help.

      Anyway, what possible legitimate use could TOR have in a corporate environment outside of a media organization?

      • Yes, in a perfect world, companies would have perfect device security and it wouldn't matter from which direction an attack came.

        But here in the real world, there is no such thing as perfect security, and every little bit helps. They aren't suggesting you block TOR and ignore your firewall and stop updating patches, just that among other security measures, this might help.

        Anyway, what possible legitimate use could TOR have in a corporate environment outside of a media organization?

        Exactly right. Every little bit helps.

        If your company has no Chinese customers or suppliers or employees and does no business in China whatsoever, why not block China from your network? It's simple to do and costs nothing. Nobody is suggesting that you drop all your other security practices and rely just on blocking Chinese IPs.

      • I suppose it depends entirely on whether you run a consumer-facing website or not. I was initially thinking about this from the perspective of companies that run such sites, in which case it doesn't make a lot of sense. However, if you're in an entirely corporate-oriented company who typically doesn't deal directly with the general public, it probably makes some sense to do so. No client of yours is going to be running a TOR browser. IBM is among those types of companies, so I guess this advice makes se

  • Is it possible to add a proxy after a Tor node exit, bypassing the current "Ban Tor exit nodes" thus blending with traffic? So, in theory, blocking Tor exit nodes only blocks those who only use Tor .. isn't it (Ex: Not hardcode hackers, but only Tor kiddies)?

  • by jfbilodeau ( 931293 ) on Wednesday August 26, 2015 @03:15PM (#50397869) Homepage
    From the summary: "A report by _the_ IBM..."

    As opposed to just an IBM?
    • Yeah, The International Business Machine. It's run by President and Commander in Chief Executive Officer Donald Trump.
  • "IBM said its data shows a “steady increase” over the past few years in attacks originating from Tor exit nodes, with attackers increasingly using Tor to disguise botnet traffic."

    What part of "exit node" does IBM not understand?

    Once the traffic hits an exit node, it's no longer in Tor. It's also more or less impossible to "disguise botnet traffic" using Tor, since it's not like the botnet is running an entry or exit node.

    At worst, a bot on one of your servers will hit a Tor entry node in order

  • by JustAnotherOldGuy ( 4145623 ) on Wednesday August 26, 2015 @03:40PM (#50397989) Journal

    Once again proving that anything that can be abused, will be abused. The spammers, scammers, and scum of the Earth will use anything they can to steal whatever they can.

    • Comment removed based on user account deletion
  • Whatever is scary enough to convince us to give up privacy, that's the threat of the day. Nothing is your own except the few cubic centimetres inside your skull.

  • by koan ( 80826 )

    Isn't TOR a little slow and lacking bandwidth to make a good hacking front?

Genius is ten percent inspiration and fifty percent capital gains.

Working...