EDITOR’S QUESTION
MOHAMMAD JAMAL TABBARA,
SENIOR SYSTEMS ENGINEER
UAE AT INFOBLOX
T
he Dark Web refers to millions
of websites that exist on the Tor
network (AKA Onion network), an
encrypted network that cannot be found
by using traditional browsers or search
engines. These websites are commonly
known to be malicious and with bad
intentions containing cyber threats
(Ransomware, Malware, Botnet, etc),
identity and data theft, impersonation
and spoofing, terrorist activists,
pornography, illegal drugs, and weapon
markets. The Dark Web can be accessed
by a special browser that connects via
the Tor nodes (gateways) represented by
IP addresses, domain names, and URLs.
As a first security measure, organisations
must block access and communication
attempts to and from the Tor network
that hosts the Dark Web.
This fundamental security measure
should start by preventing the users
in your organisation from having the
ability to download and run the Tor web
browser, along with blocking any IP
address communication or domain name
resolution that affiliates with the Tor Exit
Nodes. Tor Exit Nodes are the gateways
where encrypted Tor traffic hits the
Internet. This means an exit node can be
used to monitor Tor traffic (after it leaves
the onion network). It is in the design of
the Tor network that locating the source
of that traffic through the network should
be difficult to determine. organisation should be able to mitigate
and react quickly to cyber threats and
incidents that could be initiated or
emerged from the Dark Web, along
with having the capabilities to sustain
your services and infrastructure against
targeted cyber threats. This is where
you must have the following three
essential security aspects to sustain
against these attacks:
This is where you need an intelligent
DNS security and IP based security that
is automatically updated frequently
with the list of domains and IP
addresses of the Tor Nods (Dark Web
entry and exit points) and its affiliates.
Infoblox DNS Security can provide you
with such essential intelligence. After
blocking access to the Tor network, your 2) Malware Mitigation and Data
leakage mitigation: More than 90%
of Dark Web affiliated malware that
communicates with the Tor network
uses DNS at various stages of the cyber
kill chain to penetrate the network,
infect devices, propagate laterally,
and both infiltrate and exfiltrate data.
Malware and data theft are pervasive
www.intelligentcio.com
1) Infrastructure Protection: Your
network should be able to detect,
mitigate, and sustain threats against
your Internet reachable devices.
largely because conventional cyber
security solutions are not designed to
protect against DNS resolutions that
affiliate with the Tor Nodes.
3) Threat Containment and
Operations: If your organisations are
like most, you need to make sure that
you are able to contain these threats as
fast as possible and insure that security
teams, such as SOC and incident
response teams, do not fall into the
common operational gaps hindering
their threat containment efforts such
as siloed threat intelligence, lack of
threat context and manual processes.
This results in longer remediation times
or worse still failure to act on threats.
The ability to respond to fast-moving
cyber threats with certainty and speed
is paramount.
Fortunately, the Infoblox security solutions
are built to provide your organisation with
all the above key aspects.
INTELLIGENTCIO
85