Presentation is loading. Please wait.

Presentation is loading. Please wait.

Microsoft MVP (Enterprise Security) Microsoft Certified Trainer (18 years) Founder: Cybercrime Security Forum! Winner: Microsoft Speaker Idol 2006 Author:

Published byErik Atkinson Modified over 8 years ago

Similar presentations

Presentation on theme: "Microsoft MVP (Enterprise Security) Microsoft Certified Trainer (18 years) Founder: Cybercrime Security Forum! Winner: Microsoft Speaker Idol 2006 Author:"— Presentation transcript:

1

2

3 Microsoft MVP (Enterprise Security) Microsoft Certified Trainer (18 years) Founder: Cybercrime Security Forum! Winner: Microsoft Speaker Idol 2006 Author: The Seventh Day Andy Malone (United Kingdom) Follow me on Twitter @AndyMalone www.Andymalone.org

4

5 What is TOR and how does it keep me anonymous? Who uses TOR & Why? Understand what the Darkweb is & Learn about it’s dangers Learn about Potential Flaws in the Technology Forensics & Law Enforcement TOR Technology & My Business

6 TOR: A Tale of Two Sides Freedom from Censorship, No Restrictions, Private Communication, Many US UK Agencies use similar private channels The Dark Web: Drugs, Guns, Malicious Software, Pedophiles. Slavery, Black Market

7

8

9 Tails TOR Browser TOR Atlas Stem (Development Environment) Orbot (Android) ARM (Shell) Pluggable Transports TOR Cloud https://www.torproject.org/

10

11

12 “There are no conspiracies. We don’t do things we don’t want to. No backdoors ever!” Jacob Appelbaum: TOR (2013) TOR: Key Principle

13

14 Home Users can protect themselves when online Activists can anonymously report abuses from danger zones Whistleblowers can use Tor to safely report on corruption Journalists use Tor to protect their research and sources online Military and law enforcement can protect communications, investigations, and intelligence (No IP Trace)

15

16

17

18 TOR Node Encrypted Alice Bob Jane Unencrypted Each OR maintains a TLS / AES connection to every other OR Users run an onion proxy (OP) to fetch directories, establish circuits across the network Each OR maintains a long & short term onion identity key (10 mins) Used to sign TLS certificates which sign the OR’s router descriptor, summary of keys, address, bandwidth,etc Port 9001 Port 9090 Port 443

19 TOR Node Encrypted Alice Dave Bob Jane Unencrypted Step 1: Alice’s TOR Client obtains a list of TOR Clients from a directory server Port 9001 Port 9030

20 TOR Node Encrypted Alice Dave Bob Jane Unencrypted Step 2: Alice’s TOR Client picks a random path to a destination server. Green links are encrypted, red links are in the clear Port 443 Port 80

21 TOR Node Encrypted Alice Dave Bob Jane Unencrypted Step 3: If at a later time Alice connects to a different resource then a different, random route is selected. Again Green links are encrypted, red links are in the clear Port 80 Port 443

22 Onion Routing: Peeling back the Layers https://www.torproject.org/svn/trunk/doc/design-paper/tor-design.html Alice builds a two-hop circuit and begins fetching a web page.

23 TOR Node TLS Encrypted Control cells: interpreted by the nodes that receive them Relay cells: which carry end-to-end stream data. Has an additional header on front of the payload containing streamID Integrity checksum Length of payload and relay command. Header circuit identifier or circutID Instruction Payload Command Payload Data Fixed-sized cells 512 bytes with a header and a payload

24 Onion Routing: Cell Commands

25

26 Exploring the TOR Project

27 A Journey Inside the Darknet

28

29 Controlled substance marketplaces Armories selling all kinds of weapons Child pornography Unauthorized leaks of sensitive information Money laundering Copyright infringement Credit Card Fraud

30 DynamicUnlinkedPrivate Site Contextual Varied access pages with differing ranges of client IP addresses Limited Access Limited technically (e.g. using Robots Exclusions, CAPTCHAs. Or no- cache Pragma HTTP headers, which prohibit browsing & caching Scripted Accessible through links produced by JavaScript Content dynamically downloaded via Flash or Ajax Non HTML/Text

31

32 Exploring the Darkweb

33

34

35

36

37

38

39

40 Timing Attack Entry Monitoring Intersection Attack Ddos Attack Predecessor Attack (Replay) Exit node Sniffing

41

42 TOR Node Encrypted Bob Unencrypted Criminal posts anonymous content out to Compromised Server Compromised Node Police Law Enforcement Monitor suspects client machine (Entry Point)

43 TOR Node Encrypted Target Unencrypted Criminal posts anonymous content onto Server Compromised Node Infected with malicious code Police Law Enforcement Monitors Target client machine (Exit Point) An exit node has complete access to the content being transmitted from the sender to the recipient If the message is encrypted by SSL, the exit node cannot read the information, just as any encrypted link over the regular internet

44 TOR Node Encrypted Bob Unencrypted Criminal posts anonymous content out to Compromised Server Compromised Node Police Network Analysis Nodes periodically fail of the network; any chain that remains functioning cannot have been routed through either the nodes that left or the nodes that recently joined the network, increasing the chances of a successful traffic analysis Offline Node

45

46

47 TOR Node Encrypted Unencrypted Security Agencies TOR is a key technology in the fight against organized crime on the internet Illegal Site Agency IP Address Hidden from Site owner

48 TOR

49

50

51

52

53 Looks like regular HTTPS Traffic on port 443…

54 The Truth is revealed

55 Obtain list of TOR Servers

56 Then create an AI Engine rule using a Log Observed rule block to detect network traffic with an origin or destination IP address on the list

57 Add output to IP Address tables * Additional links on slides

58 Blocking TOR – Application Aware Firewalls

59

60

61 Regular I.E 11 Browser

62 Privacy IE 11 Browser

63 Older TOR

64 Updated TOR

65 Other Privacy Solutions

66

67

68

69 Proxy Heaven

70

71

72

73

74

75

76 Encrypted Unencrypted Eavesdropper: Skype Video Traffic Bob: TOR traffic disguised via OpenWRT compatible modem Alice Bob Alice: TOR traffic disguised via OpenWRT compatible modem

77

78

79 What is TOR and how does it keep me anonymous? Who uses TOR & Why? Understand what the Darkweb is & Learn about it’s dangers Learn about Potential Flaws in the Technology Forensics & Law Enforcement TOR Technology & My Business

80 The Extras… Follow @AndyMalone & Get my OneDrive Link

81

82 www.microsoft.com/sirwww.microsoft.com/sdl www.microsoft.com/twc blogs.technet.com/security www.microsoft.com/ trustedcloud

83

84 www.microsoft.com/learning http://developer.microsoft.com http://microsoft.com/technet http://channel9.msdn.com/Events/TechEd

85

86

87

Download ppt "Microsoft MVP (Enterprise Security) Microsoft Certified Trainer (18 years) Founder: Cybercrime Security Forum! Winner: Microsoft Speaker Idol 2006 Author:"

Similar presentations

Internet Protocol Security (IP Sec)

Internet Protocol Security (IP Sec)
SPATor: Improving Tor Bridges with Single Packet Authorization Paper Presentation by Carlos Salazar.

SPATor: Improving Tor Bridges with Single Packet Authorization Paper Presentation by Carlos Salazar.
Transfer Content to a Website What is FTP? File Transfer Protocol FTP is a protocol – a set of rules Designed to allow files to be transferred across.

Transfer Content to a Website What is FTP? File Transfer Protocol FTP is a protocol – a set of rules Designed to allow files to be transferred across.
Chapter 17: WEB COMPONENTS

Chapter 17: WEB COMPONENTS
Tor: The Second-Generation Onion Router

Tor: The Second-Generation Onion Router
Firewalls By Tahaei Fall 2012. What is a firewall? a choke point of control and monitoring interconnects networks with differing trust imposes restrictions.

Firewalls By Tahaei Fall What is a firewall? a choke point of control and monitoring interconnects networks with differing trust imposes restrictions.
ITIS 1210 Introduction to Web-Based Information Systems Chapter 44 How Firewalls Work How Firewalls Work.

ITIS 1210 Introduction to Web-Based Information Systems Chapter 44 How Firewalls Work How Firewalls Work.
CSE 461 Section. “Transport Layer Security” protocol Standard protocol for encrypting Internet traffic Previously known as SSL (Secure Sockets Layer),

CSE 461 Section. “Transport Layer Security” protocol Standard protocol for encrypting Internet traffic Previously known as SSL (Secure Sockets Layer),
BASIC CRYPTOGRAPHY CONCEPT. Secure Socket Layer (SSL)  SSL was first used by Netscape.  To ensure security of data sent through HTTP, LDAP or POP3.

BASIC CRYPTOGRAPHY CONCEPT. Secure Socket Layer (SSL)  SSL was first used by Netscape.  To ensure security of data sent through HTTP, LDAP or POP3.
Building Your Own Firewall Chapter 10. Learning Objectives List and define the two categories of firewalls Explain why desktop firewalls are used Explain.

Building Your Own Firewall Chapter 10. Learning Objectives List and define the two categories of firewalls Explain why desktop firewalls are used Explain.
K. Salah 1 Chapter 31 Security in the Internet. K. Salah 2 Figure 31.5 Position of TLS Transport Layer Security (TLS) was designed to provide security.

K. Salah 1 Chapter 31 Security in the Internet. K. Salah 2 Figure 31.5 Position of TLS Transport Layer Security (TLS) was designed to provide security.
By: Bryan Carey Randy Cook Richard Jost TOR: ANONYMOUS BROWSING.

By: Bryan Carey Randy Cook Richard Jost TOR: ANONYMOUS BROWSING.
Network Security. Network security starts from authenticating any user. Once authenticated, firewall enforces access policies such as what services are.

Network Security. Network security starts from authenticating any user. Once authenticated, firewall enforces access policies such as what services are.
1 Chapter 13: Representing Identity What is identity Different contexts, environments Pseudonymity and anonymity.

1 Chapter 13: Representing Identity What is identity Different contexts, environments Pseudonymity and anonymity.
Web server security Dr Jim Briggs WEBP security1.

Web server security Dr Jim Briggs WEBP security1.
Chapter 2 Networking Overview. Figure 2.1 Generic protocol layers move data between systems.

Chapter 2 Networking Overview. Figure 2.1 Generic protocol layers move data between systems.
Anonymity on the Web: A Brief Overview By: Nipun Arora uni-na2271.

Anonymity on the Web: A Brief Overview By: Nipun Arora uni-na2271.
Anonymizing Network Technologies Some slides modified from Dingledine, Mathewson, Syverson, Xinwen Fu, and Yinglin Sun Presenter: Chris Zachor 03/23/2011.

Anonymizing Network Technologies Some slides modified from Dingledine, Mathewson, Syverson, Xinwen Fu, and Yinglin Sun Presenter: Chris Zachor 03/23/2011.
4/19/2017 © 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks.

4/19/2017 © 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks.
Internet Relay Chat Chandrea Dungy Derek Garrett #29.

Internet Relay Chat Chandrea Dungy Derek Garrett #29.

Similar presentations

Ads by Google