Akamai Diversity

The Akamai Blog

Q2 SOTI Security Preview: Tor Pros and Cons

The Q2 2015 State of the Internet Security Report (SOTI Security) is due out in the next couple of weeks, and today we continue previewing various sections. 

Tuesday we told you about security risks that come into play when third-party plug-ins are used with Wordpress. Yesterday we looked at attack vectors the bad guys favored in Q2. Today we look at the security risks businesses face when using Tor.

The Onion Router (Tor) concept was a Defense Advanced Research Projects Agency (DARPA) project that was originally created to enable US Navy personnel to conduct Open Source Intelligence (OSINT) operations without disclosing their source IP addresses, and potentially their location. A few years afterwards, a group of computer scientists implemented it, and the US Naval Research Laboratory released it as open source software.

The Tor project uses a concept called onion routing, which ensures the entry node to the network is not the same as the exit node. This process creates anonymity for the client when interacting with the destination system. By hopping among internal nodes, it could theoretically be impossible to detect the origin of the request. However, a number of cyberattacks have attempted to unmask Tor users, using network analysis, metasploit and relay early cells.

Due to the promise of anonymity, Tor became popular among diverse groups including:
● People under censorship who seek access to information
● People who care about their privacy and do not want to be tracked
● Malicious actors who want to hide their location from law enforcement

The benefit of anonymity for Tor users is obvious; however, its value is not the same for website owners. There are many industries, such as financial services, that employ user-profiling techniques to help prevent fraud. The Tor network complicates this process. On the other hand, many ecommerce sites don't place importance on where users originate as long as they provide valid credit card data when purchasing their products.

The question becomes, Should you allow connections from Tor to your website? As outlined above, it is highly dependent upon your business model and risk tolerance. This section will provide analysis that shows the overall risk of malicious traffic emanating from Tor vs. non-Tor traffic.

To read the full story, pre-register for your copy of the Q2 2015 State of the Internet Security Report.