TOR Client Software Found on 13% of Enterprise Networks

: @orinthomas Security Vendor Palo Alto Networks monitored a week’s worth of traffic traversing the internet gateways of 1,636 businesses each of which had at least 2,500 users and published a report about it here: http://www.paloaltonetworks.com/researchcenter/2012/01/browser-based-filesharing-usage-work-or-entertainment/ Although a lot of the commentary on this report focused on the widespread utilization of the site Megaupload and BitTorrent on these large enterprise networks, the figure that surprised me was that TOR traffic was found on 13% of these networks. TOR (The Onion Router) is an application designed to allow anonymity online. It works by routing traffic through a network of servers spread across the world. This routing hides a user’s location from anyone interested in performing traffic analysis, functionally eliminating the likelihood of being able to track or block users accessing restricted sites. Given the BitTorrent traffic measurements and the usage of the site Megaupload, taken down in the last few days by governments with indictments related to copyright infringement (the report also details that the most commonly downloaded traffic from Megaupload on corporate networks were pirated applications including PhotoShop and popular games) it isn’t surprising that TOR utilization is present on corporate networks. But if your organization has a policy blocking access to certain sites (porn, social networking, warez, sports) as I imagine most of these enterprise networks do, you’d probably want to be pretty certain that people weren’t using something like TOR to bypass those policies. If an employee is downloading and watching porn on his computer at the office, it’s a sure bet he’ll be fired. But it is also a sure bet that you, as network administrator, are going to get some uncomfortable questions about how that access was possible when you’d been asked to ensure that it wasn’t. You can find out more about TOR at: http://en.wikipedia.org/wi