Author

Topic: US Govt shares tips on defending against cyberattacks via Tor (Read 122 times)

sr. member
Activity: 1554
Merit: 413
My bad. I completely misunderstood the article.

Done rewriting my post. Thanks.
sr. member
Activity: 535
Merit: 267
Yes, you read that right.

Since cyberattackers use Tor to mask and hide their online identification, CISA (Cybersecurity and Infrastructure Security Agency) and the FBI recommends that companies consider using Tor for their online activities.

Quote
CISA and the FBI recommend that organizations assess their individual risk of compromise via Tor and take appropriate mitigations to block or closely monitor inbound and outbound traffic from known Tor nodes.

Summary: https://www.bleepingcomputer.com/news/security/us-govt-shares-tips-on-defending-against-cyberattacks-via-tor/
Full report: https://www.us-cert.gov/ncas/alerts/aa20-183a

I am not a security expert but I was still surprised reading this. Government agencies such as the FBI is the least expected to recommend using Tor service. I believe they would rather want to know everything. But educating legitimate companies to increase their online privacy and anonymity via Tor is probably the better way to starve cyber attackers.


I don't read anywhere that they are recommending to companies to consider using Tor for protect their online activities.
They give recommendations to avoid being attacked by an attacker that is using Tor.

It would make no sense for most companies to use Tor, because it would be less secure since the data would transit between servers that could be compromised and that aren't owned by these same companies.
sr. member
Activity: 1554
Merit: 413
Yes, you read that right.

Since cyberattackers use Tor to mask and hide their online identification, CISA (Cybersecurity and Infrastructure Security Agency) and the FBI are teaching private companies measures to detect activities that are malicious and mitigate cyber threats. Measures includes:
Quote
Most restrictive approach: Block all web traffic to and from public Tor entry and exit nodes (does not completely eliminate the threat of malicious actors using Tor for anonymity, as additional Tor network access points, or bridges, are not all listed publicly.)
Less restrictive approach: Tailor monitoring, analysis, and blocking of web traffic to and from public Tor entry and exit nodes: orgs that do not wish to block legitimate traffic to/from Tor entry/exit nodes should consider adopting practices that allow for network monitoring and traffic analysis for traffic from those nodes, and then consider appropriate blocking. This approach can be resource-intensive but will allow greater flexibility and adaptation of defensive. Legitimate usage examples: deployed military or other overseas voters.
Blended approach: Block all Tor traffic to some resources, allow and monitor for others (i.e., intentionally allowing traffic to/from Tor only for specific websites and services where legitimate use may be expected and blocking all Tor traffic to/from non-excepted processes/services). This may require continuous re-evaluation as an entity considers its own risk tolerance associated with different applications. The level of effort to implement this approach is high.

Summary: https://www.bleepingcomputer.com/news/security/us-govt-shares-tips-on-defending-against-cyberattacks-via-tor/
Full report: https://www.us-cert.gov/ncas/alerts/aa20-183a

Educating the public is a good approach by Government agencies I must say.
Jump to: