KnowBe4’s CEO and founder Stu Sjouwerman had an excellent blog post this week breaking down the differences between the surface, deep, and dark web here.
As a lifetime techie nerd I’ve always known about the deep web, or the part of the world wide web not accessible via surface web browsers such as Google or DuckDuckGo, however when I heard about all the exciting things happening on the dark web, I felt a surge of curiosity and knew I had to explore.
Fortunately for my employers, I knew better than to access these sites at work, but many users who are tech savvy enough to get to an .onion site may not take the dangers into account and use the work machines or their own machine on the organization’s network for those that have a BYOD policy.
Some tips to minimize these risks:
Start by rejecting inbound and outbound traffic on port 9001, this is the default port for Tor. This will not prevent the user or malicious actor from using the service (as this can be configured for commonly permitted ports such as 80) but is a good start if there is no legitimate business need for port 9001.
Configure your Antivirus product to prevent common tor executables from running on organization resources (Tor, Privoxy, Tor Browser). These executables can also be renamed to work around this, however this is a good first line of defense.
If your firewall supports it configure your firewall to inspect for Tor traffic and block the traffic from passing. This is going to depend on your firewall so consult the manufacturer’s documentation.
If you’re most concerned with user activity a software whitelisting application would reject unapproved software from running, in concert with APT defenses this could also be an appealing way to address these risks.
Adding known Tor exit nodes to a blacklist both inbound and outbound (Tor Documentation on polling exit nodes: https://www.torproject.org/projects/tordnsel.html.en). Note: this service is not going to list all nodes and new nodes appear often so you would need to regularly update this list.
What steps do you take to protect your environment from the deep and dark webs?
If you’re concerned about your organization’s sensitive information being available on the dark web, run a KnowBe4 EEC Pro report and see what information the bad guys have access to here.