Hi Everyone,
please help me to understand this,
when I checked the Event monitor by threat (High Risk App Usage), I found out that the application: TOR is using by some computers in company, actually the tor is not installed on any computers, please let me know why Fortianalyser show that? how we can investigate?
Thanks
Solved! Go to Solution.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Tor is a protocol. Like BitTorrent, or IRC, etc. Tor is used to anonymize user traffic.
It is considered high risk for a few reasons:
1. it can be used to bypass firewall filters (traffic to blocked sites can be accessed through Tor)
2. It is used to access the "dark web"
3. It can put undue stress on your network and if users are somehow running relays or exit nodes on your network can put you on blacklists
Just like other protocols, you can access these "apps" through web browsers. So just like IRC, or WhatsApp, etc. I don't always need a dedicated app to access these things. A web browser works just the same. And FGT App Control will flag the access to these apps regardless of how they are accessed.
You can investigate by figuring out which devices are accessing the Tor network by looking at FAZ logs. You can also put an app control policy in place to block it if you feel it is required to do so.
Tor is a protocol. Like BitTorrent, or IRC, etc. Tor is used to anonymize user traffic.
It is considered high risk for a few reasons:
1. it can be used to bypass firewall filters (traffic to blocked sites can be accessed through Tor)
2. It is used to access the "dark web"
3. It can put undue stress on your network and if users are somehow running relays or exit nodes on your network can put you on blacklists
Just like other protocols, you can access these "apps" through web browsers. So just like IRC, or WhatsApp, etc. I don't always need a dedicated app to access these things. A web browser works just the same. And FGT App Control will flag the access to these apps regardless of how they are accessed.
You can investigate by figuring out which devices are accessing the Tor network by looking at FAZ logs. You can also put an app control policy in place to block it if you feel it is required to do so.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1702 | |
1092 | |
752 | |
446 | |
228 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.