Tor & Onion Routing Security Implications
What is Onion Routing?
Onion Routing is a technique for anonymous communication over a computer network. Messages are repeatedly encrypted and then sent through several network nodes called onion routers. Each onion router removes a layer of encryption to uncover routing instructions, and sends the message to the next router where this is repeated. This prevents these intermediary nodes from knowing the origin, destination, and contents of the message. Interesting….
So how is Onion Routing related to Tor? Well, Tor is the predominant technology that employs Onion Routing.
Tor. What's it for?
It sounds like a name right out of the movie, Clash of the Titans, right? Sorry! Tor is a network of virtual tunnels that allows people and groups to improve their privacy and security on the Internet. Tor enables software developers to create new communication tools with built-in privacy features. Tor provides the foundation for a range of applications that allow organizations and individuals to share information over public networks without compromising their privacy.
Individuals use Tor to keep websites from tracking them and their family members, or to connect to news sites, instant messaging services, or the like when these are blocked by their local Internet providers. Tor’s hidden services let users publish web sites and other services without needing to reveal the location of the site. Individuals also use Tor for socially sensitive communication: chat rooms and web forums for rape and abuse survivors, or people with illnesses.
So what’s the big deal?
If you’re an IT or Infosec professional, the wheels are probably already turning in your head. What are the real implications of this level of masquerading and what effect will it have on the corporate landscape. Now, I’m a big proponent of privacy on the net. I dislike SPAM and identity theft just as much as the next guy. While I see great benefits in the privacy realm, I also see a whole new level of potential for attacker masquerading taking place here.
How? Some advancements in attack surfaces may include:
• Malware masquerading
• Hidden services/websites (greater botnet propagation)
• Covert network attacks over Tor
Using Tor to hide a Command and Control botnet server will greatly increase the likelihood for botnet propagation. Since many botnets are identified by their IP addresses/ranges, this would obviously complicate network ACL remediation efforts. As for the network attacker, imagine the integration of Onion Routing/Tor in Metasploit. Once again, it would become quite complex to fingerprint an attack who had just managed to pop your box with a reverse shell.
As stated previously, I am a firm supporter of online privacy, but I’m perplexed at the potential for malicious activity that these new technologies bring. Nonetheless, we should all embrace advances in security technology. This also means that we, as IT Security Professionals, should ensure the organizations that we protect have sound and solid security foundations.
Keep on patching…
Categories
Contact Us
Phone number:
1-612-234-7848
E-mail: