Prevent Anonymity Network Traffic in Outbound Connections
Ensure outbound connections to anonymous networks are blocked for security.
Plain language
This control means you need to stop computers in your organisation from connecting to networks that hide where internet traffic is coming from, like Tor. It's important because if someone in your organisation can browse anonymously, they might do something harmful or illegal without being traced, causing security risks or legal issues for your business.
Framework
ASD Information Security Manual (ISM)
Control effect
Preventative
Classifications
NC, OS, P, S, TS
ISM last updated
Oct 2020
Control Stack last updated
19 Mar 2026
E8 maturity levels
N/A
Guideline
Guidelines for networkingSection
Network design and configurationOfficial control statement
Outbound network connections to anonymity networks are blocked.
Why it matters
If anonymity networks are reachable outbound, staff or malware can exfiltrate data and evade monitoring, increasing insider-threat and legal/compliance risk.
Operational notes
Block outbound Tor/I2P and known anonymity VPN endpoints at the firewall/proxy, and review logs and threat intel regularly to catch new exit nodes.
Implementation tips
- The IT team should set up your internet firewall to block access to known anonymity networks like Tor. This can be done by updating the firewall settings with a list of these networks' server addresses, which are often provided by cyber security agencies like the Australian Cyber Security Centre.
- System administrators should ensure that access to anonymity networks is routinely monitored. Use existing network monitoring tools to flag unusual traffic that might indicate attempted connections and set up alerts to notify the team if such activity is detected.
- Managers should educate staff on the potential legal and security risks of using anonymous browsing. Hold regular information sessions or training workshops to explain why connecting to these networks is harmful and how it can affect the entire organisation.
- System owners should periodically review and update the network's filtering rules. Work with IT specialists to check that the list of blocked anonymity networks is current and includes any new ones that have been identified.
- Contract with a cyber security provider to conduct regular audits of your network's security settings. They should verify that connections to anonymity networks are blocked and help identify any configuration weaknesses that could be exploited.
Audit / evidence tips
-
Askthe latest firewall configuration report from the IT team
Goodresult is a detailed list showing all identified anonymity networks are blocked
-
Goodis no logged traffic moving to or from those networks
-
Askevidence of user education materials or attendance records from recent awareness sessions. Review agendas or training content to confirm that digital security and risks of anonymity networks were covered
Goodresult shows regular training sessions with relevant content covered
-
Goodshows regular updates and documented procedures
Cross-framework mappings
How ISM-1628 relates to controls across ISO/IEC 27001, Essential Eight, and ASD ISM.
ISO 27001
| Control | Notes | Details |
|---|---|---|
| layers Partially meets (2) expand_less | ||
| Annex A 8.20 | ISM-1628 requires organisations to block outbound network connections to anonymity networks (e.g | |
| Annex A 8.21 | ISM-1628 requires organisations to block outbound connections to anonymity networks to reduce exfiltration and command-and-control concea... | |
These mappings show relationships between controls across frameworks. They do not imply full equivalence or certification.