The Glamorous Life of a Systems Engineer - Bitcoins and Ransomware and Drugs, Oh My

The Glamorous Life of a Systems Engineer – Bitcoins and Ransomware and Drugs, Oh My

C.Q. Ritty

Hello World!

I often visit customers who ask me to review their network security settings. When I check their firewalls, I typically see hundreds (sometimes thousands) of very specific rules blocking unwanted applications, destinations, and users. For example, a local bank will never allow anybody in North Korea to connect to their servers. And a nearby manufacturing plant only permits employees to access social media sites during their lunch hour. However, almost all of my customers seem to overlook blocking the Dark Net (aka Dark Web). Users in hospitals, financial services, local governmental agencies, and even elementary schools can all freely access the nefarious Dark Net.

The Dark Net: The Dark Net is the mysterious, sketchy underbelly of the Internet. It’s not one website; it’s an entire underworld – a hidden part of the web that you can’t Google. Instead, you have to specifically download a software tool called “The Onion Router (TOR)” in order to access the Dark Net.

What will you find there? Oh, nothing much – just the usual: black markets for illicit goods, forums for conspiracy theorists, and probably someone trying to sell you their Grandma’s recipe (including ingredients) for hash brownies. Think of it as an eBay for fake passports, stolen credit cards, ransomware exploits, and even rhino horn powder. It’s a playground for hackers, scammers, and all-around bad actors. The Dark Net is where cryptocurrency is the preferred so-called “legal tender” for shady deals. In short, it’s a cybersecurity nightmare.

Why Should You Block the Dark Net? Unless there are some specific Dark Net resources that your organization needs, all access should automatically be blocked. You don’t want to open your enterprise’s doors to ransomware, data breaches, bitcoin mining, and other exploits. Furthermore, there is the whole legal and compliance minefield to consider. – Imagine explaining to the Board of Directors why your network traffic logs show connections to sites that sell unmentionable substances. – Blocking the Dark Net isn’t just a good idea; it’s common sense. Think of it like locking the door to your server room.

How to Block the Dark Net: There are several different levels of security that can be used to block Dark Net access. The simplest and most basic steps involve using your firewall to block the specific TCP ports used by TOR devices: 9001, 9030, 9050, 9051, and 9150. That’s a great start! You can research some additional steps like blocking all known Dark Net Exit Nodes if you want to further strengthen your security.

Extra Credit: The Invisible Internet Project (I2P) is a newer Dark Net access source. This uses a separate Firefox browser, and it can be blocked by closing ports 8887, 7654, 7656, 7657, and 4444.

Summing Up: As a systems engineer, your job is to protect the network. So, in addition to blocking the usual external threats, you also should protect the network from internal hacks, curiosity seekers, and any local miscreants. Please, join the rest of us, and put out a “Do Not Enter” sign at the entrance to the Dark Net.

Stay tuned for more nerdy columns about my experiences as an SE.