[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

IBM says Block Tor



On Wed, 2015-08-26 at 18:51 -0400, grarpamp wrote:
> http://public.dhe.ibm.com/common/ssi/ecm/wg/en/wgl03086usen/WGL03086USEN.PDF
> 
> IBM Advises Businesses To Block Tor
> 
> With Tor-based attacks on the rise, IBM says it's time to stop Tor in
> the enterprise.
> 
> New data from IBM's X-Force research team shows steady increase in SQL
> injection and distributed denial-of-service attacks as well as
> vulnerability reconnaissance activity via the Tor anonymizing service.

As best I can tell, the article refers to blocking access from the
corporate network to Tor, not necessarily e.g. blocking Tor exit node
connections to external corporate web servers. They also recommend
things like blocking personal VPN servers.

My concern is that they take the stance that allowing Tor is a
liability. Sure, there are people who will abuse Tor, but the benefits
of being able to access, say, Pepsi's web site without revealing you're
doing so from Coca-Cola's corporate network should not be ignored.
That's what Tor was originally intended to be used for, among other
things. I concede it was inevitable that some would use it for evil, but
isn't that true about a lot of things?

-- 
Shawn K. Quinn <[email protected]>