Intelligent CIO Middle East Issue 23 - Page 85

EDITOR’S QUESTION MOHAMMAD JAMAL TABBARA, SENIOR SYSTEMS ENGINEER UAE AT INFOBLOX T he Dark Web refers to millions of websites that exist on the Tor network (AKA Onion network), an encrypted network that cannot be found by using traditional browsers or search engines. These websites are commonly known to be malicious and with bad intentions containing cyber threats (Ransomware, Malware, Botnet, etc), identity and data theft, impersonation and spoofing, terrorist activists, pornography, illegal drugs, and weapon markets. The Dark Web can be accessed by a special browser that connects via the Tor nodes (gateways) represented by IP addresses, domain names, and URLs. As a first security measure, organisations must block access and communication attempts to and from the Tor network that hosts the Dark Web. This fundamental security measure should start by preventing the users in your organisation from having the ability to download and run the Tor web browser, along with blocking any IP address communication or domain name resolution that affiliates with the Tor Exit Nodes. Tor Exit Nodes are the gateways where encrypted Tor traffic hits the Internet. This means an exit node can be used to monitor Tor traffic (after it leaves the onion network). It is in the design of the Tor network that locating the source of that traffic through the network should be difficult to determine. organisation should be able to mitigate and react quickly to cyber threats and incidents that could be initiated or emerged from the Dark Web, along with having the capabilities to sustain your services and infrastructure against targeted cyber threats. This is where you must have the following three essential security aspects to sustain against these attacks: This is where you need an intelligent DNS security and IP based security that is automatically updated frequently with the list of domains and IP addresses of the Tor Nods (Dark Web entry and exit points) and its affiliates. Infoblox DNS Security can provide you with such essential intelligence. After blocking access to the Tor network, your 2) Malware Mitigation and Data leakage mitigation: More than 90% of Dark Web affiliated malware that communicates with the Tor network uses DNS at various stages of the cyber kill chain to penetrate the network, infect devices, propagate laterally, and both infiltrate and exfiltrate data. Malware and data theft are pervasive 1) Infrastructure Protection: Your network should be able to ]X Z]Y]K[\Z[X]YZ[[\[\]XXXH]X\˂\[HX]\H۝[[ۘ[X\X\]H][ۜ\H\YۙYœXYZ[\][ۜ]Y[X]H]H܈\˂HX]۝Z[Y[[\][ۜΈY[\ܙ[\][ۜ\BZH[ [HYYXZH\H][H\HXH۝Z[\HX]\™\\XH[[\H]X\]BX[\X\[[Y[\ۜHX[\[[B[[ۈ\][ۘ[\[\[Z\X]۝Z[Y[YܝX\[YX][[Y[KXقX]۝^[X[X[\\˂\\[[ۙ\[YYX][ۈ[Y\›܈ܜH[Z[\HXۈX]˂HX[]H\ۙ\ [[ݚ[˜X\X]]\Z[H[YY\\[[[ ܝ[][KH[؛X\]H][ۜ˜\HZ[ݚYH[\ܙ[\][ۈ][HXݙH^H\X˂SSQSSŽ