Identify users and applications that are accessing suspicious IP addresses.
While not necessarily shady, most Dark Web traffic is illicit. There are some legitimate privacy uses of Tor but it’s also an interchange for drugs, weapons, child pornography and worse. Most organizations don’t want their network connecting to the Dark Web.
Network Traffic Analysis (NTA) or Flow Monitoring can identify traffic to known Dark Web entry and/or exit nodes. It can also identify traffic to specified suspicious IP lists. The scale, frequency and source of that traffic can let you identify what users or applications are accessing suspicious sites and when.
Set up your own list of suspicious IP addresses. Get alerted when users or applications on your network attempt to access them or the Dark Web and respond immediately. You can either monitor this usage or terminate access automatically.
Any content you can find on the internet using a search engine is part of the Surface Web — think Wikipedia entries, company websites and e-commerce sites. Anything that isn't part of this indexed content, such as password-protected pages, content behind paywalls and company intranets, comprises the Deep Web, which makes up approximately 90 percent of the internet. The term is often used interchangeably with Dark Web, but this is inaccurate; sites in the Dark are those that aren't visible via search engine and can't be found using a regular browser.
The Dark Web does a brisk trade in things both legal and illicit. It's also largely recession-proof; despite multiple law enforcement busts over the last few years, the illegal drug trade in the Dark Web sees more than $100 million moved per year, according to WIRED. Weapons, ammunition and pornography are all popular market verticals, but that's just the beginning. It's also a haven for hacktivists who prefer to remain anonymous because of social pressure or government restrictions. Put simply? If you want it, you can find it in the dark.
of the traffic on the dark web or through the Tor network may be illicit.
The Dark Web isn’t the only potentially dangerous part of the internet – there’s a bewildering variety of suspicious IP addresses that no organization wants their users accessing. Multiple sites maintain frequently-updated lists of suspicious IP addresses that are known for illicit or malicious content. Integrate these lists into your traffic analysis to identify risks to your organization. Remember: no one wants to deal with the catastrophic legal issues raised by their network being used to traffic in child pornography.