[tor-talk] Pissed off about Blacklists, and what to do?

Fabio Pietrosanti (naif) lists at infosecurity.ch
Sun Mar 9 17:10:49 UTC 2014

Il 3/9/14, 2:28 PM, Paul Syverson ha scritto:
> I understand that many organizations are dysfunctional and don't use
> common sense, but that isn't something to recommend.  Solving such
> dysfunction is hard, highly contextual, and I'm not pretending it is
> something for which I have expertise. But there are still very simple
> things security folks can to do if dysfunction has not gone off the
> deep end. Selective, short-lived blocking based on incidents is
> different from permanent blocks, as Andrew commented, speaking as
> former head of IT of a global company.  Similarly having a perimeter
> rule-set that includes requiring authentication, or solving a CAPTCHA,
> or whatever is specifically appropriate based on IP address rather
> than just permanent blocks as I commented.

While i understand and agree from the technical point of view, this
approach does not scale up because of a matter of effort.

Having additional authentication or solving a Captcha is something that
usually require application's modification.

Modifying an application in a large enterprise means that someone need to:
- convince the product manager of the application that this a valuable
- allocate a budget for this additional "functional requirements"
- prioritize so it would not end-up in the "never to be implemented

So the "Security Department" cannot do anything directly into this
process other than "blocking at perimeter" using a functionality that
they already have in their Firewall/IPS, usually clicking on a couple of

Unless we are not clearly able to demonstrate the business value to
avoid IP-based blocking, switching to an application-level enforcement,
the IT Security Product Vendor built-in features will win.

Probably the Tor Project could work on creating a set of CIO and CISO
focused papers, explaining the business value of improving the
accessibility of their enterprise applications and services to users
using Tor.

But that does require an important Advocacy and Lobby activity to be
done within the Information Security and IT Security world, reasonably
focusing on senior and middle management.

The manager will always ask "Show me the numbers, swho me the best
industry practices".

That's probably what we need in order to feed the cat.


More information about the tor-talk mailing list