30 Days of Compliance Q&A #11: How Can I Detect Tor on My Network?

One of AccelOps’ major customers came for a visit to our Santa Clara headquarters recently and told us how they used AccelOps to get Tor off their network.

Tor (previously an acronym for The Onion Router) is software that enables online anonymity and censorship resistance. Tor directs Internet traffic through a free, worldwide, volunteer network of more than 5,000 relays to conceal a user’s location or usage from anyone conducting network surveillance or traffic analysis.

Using Tor makes it more difficult to trace Internet activity, including visits to Web sites, online posts, instant messages and other communication forms, and is intended to protect the personal privacy of users, as well as their freedom and ability to conduct confidential business by keeping their Internet activities from being monitored.

Tor may have some benefits to some organizations, but if one of your employees is personally using Tor on a company computer, chances are good they’re up to something they shouldn’t be doing at work. Which means you probably want to know who has Tor installed on their machine.

Our customer said that using AccelOps’ discovery and reporting capabilities, they ran a report as to who had Tor on their machines, then IT Security notified them to uninstall it immediately. They then ran a follow-up AccelOps report to make sure all employees had complied.

Compliance auditors inquire about items that might show weakness in your processes. If you are unaware of an unlicensed software program, such as a Tor installation, that may hurt you during an audit. You need to have the right automated detection and reporting processes in place.

With an integrated, real-time, cross-correlated view into your network, devices, apps and user logs, AccelOps simplifies the collection of data that impacts your business.

Using our powerful analytics engine, automated Configuration Management Database (CMDB) and event consolidation, smart anomaly detection, identity and location binding, and flexible data management, AccelOps redefines the next generation of malware and Advanced Persistent Threat (APT) detection.

Want to learn how AccelOps can help you detect Tor on your network? Contact us; we’re here to help.