Though the Tor Project Inc. pulled the plug on its Tor Cloud project -- which would have enabled anonymous cloud...
usage -- its founders suggest enterprises should set up their own cloud bridging projects. What is a cloud bridging project, and when would a cloud bridge be beneficial for enterprises to use?
Tor is a freely available software package and network for anonymously using the Internet. The Tor network consists of multiple types of components, one of which is called a "bridge." A Tor bridge is a relay that is not listed in public indexes of relays. Tor users can set up their own bridge and use it with the Tor protocols for maintaining privacy online. The Tor Cloud project existed for several years with the goal of providing an easy way to set up a Tor bridge in AWS.
Individuals or organizations that are concerned about the surveillance of their activities and want to prevent monitoring of their activities are the canonical use cases for Tor. Potential Tor users range from political dissidents in countries with oppressive regimes to organized crime to enterprises concerned about industrial espionage.
Although you might think at first that Tor is designed for cybercriminals and others that want to hide their illegal activities online, there are legitimate uses for Tor or Tor-like applications in the business world. Imagine the scenario of a multinational firm with offices in a country suspected of monitoring and stealing intellectual property from foreign-owned companies. Employees on site in that country may want to mask activities on the Web related to research and development, long-term strategy and business proposals.
While the Tor Cloud project has shut down, Tor users still have access to the Tor browser, which maintains lists of some bridges. While these bridges may be used in many cases, adversaries can block these known bridges since their addresses are distributed along with the Tor browser. On the other hand, another option is to create and maintain a bridge in the cloud, and configure Tor browsers to use it. However, this option requires more system administration and networking skills and will, of course, entail long-term maintenance.
Running a Tor bridge in the cloud can help mask user activities. A bridge server can be configured as a machine image and launched as needed. The cloud bridge could be assigned a long-lived IP address -- such as an address from the pool of AWS Elastic IP addresses -- or it could be assigned a new IP address each time it is launched. Frequently changing IP addresses and running the bridge in different regions may help increase the difficulty in finding and tracking the bridge.
Ask the Expert:
Perplexed about cloud security? Send Dan Sullivan your questions today. (All questions are anonymous.)
Learn more about the Tor Cloud project shutdown
Dig Deeper on Cloud Network Security Trends and Tactics
Related Q&A from Dan Sullivan
Docker's recent upgrade introduced support for hardware signing and in the future, automated security analysis on Docker images. Expert Dan Sullivan ... Continue Reading
Cisco's new project Contiv automates operational policies for containerized applications in the cloud. Expert Dan Sullivan explains the benefits of ... Continue Reading
Dropbox API abused by attackers posing as legitimate users in a huge spear phishing campaign. Expert Dan Sullivan explains how to mitigate the risks ... Continue Reading