|
Will the Olympics Be Any Fun for Network and Security Admins? |
|
Friday, 08 August 2008 |
 ANALYSIS – Today marks the official start of the 2008 Olympics in Beijing, and will no doubt be watched by millions and millions of people both in the traditional manner (TV) as well as the online manner as outlined in this Wired article. Geographic time gaps, too many events simultaneously and scheduling issues will no doubt push many an employee towards an occasional “non-work related” viewing of their favorite Olympic event.
This Olympics comes at an unprecedented time in the electronic age – never before have there been so many ways to view media events online – websites, streaming via P2P, normal definition and high definition – and therein lies the challenge for security teams.
A daunting challenge if there ever was one, given the nature of today’s firewalls and their plethora of helpers. Many of the media applications listed in the article, particularly those based on P2P, can easily bypass firewalls and penetrate corporate networks, bringing with them a myriad of business and security risks including productivity loss, bandwidth consumption, appropriate application usage policy violations and threat propagation.
Palo Alto Networks customers can keep a closer rein on the employee viewing time while protecting the network from the hackers that will no doubt prey on the unsuspecting fan, by implementing a security policy to block many of the 35 streaming media applications, of which 12 use P2P as their underlying technology.
To view all of the applications identified by Palo Alto Networks as well as their underlying technology and behavioral characteristics, check out the Applipedia.
|
|
|
Thursday, 07 August 2008 |
ALERT – If you don't, your employees probably do. There is a lot of stock discussion that goes on in the financial message boards and there are many examples of well-intentioned employees responding to comments on these boards with "clarifications" to claims made.
In this weeks content release, we have added the ability to identify and control the posting of comments to the top financial message boards. These boards are a hotbed for day traders and others seeking the stock tip that will make them rich. They are also a common place for sensitive information to get leaked from within companies. These new AppIDs give administrators the ability to enable employees to browse the message boards without the risk of them succumbing to the temptation to respond to the comments on the board.
One potential solution to this problem is blocking the POST method within the HTTP flow. This is a very rudimentary way of gaining control. Many web sites use POST for normal transfer of information. It is no longer restricted to the “posting” of information to websites. Many dynamic applications will no longer function properly when taking this approach. With signatures targeted at the specific posting activity on the message boards, administrators can apply the control and avoid the backlash of complaints due to broken websites. If they choose not to block this posting activity, they will have a record of the users that are engaging in this activity, should they have a leak they need to investigate.
|
|
|
Maybe it's the name change? |
|
Wednesday, 02 July 2008 |
ANALYSIS – While it may not fall into the original, and somewhat ill fated definition of software as a service (SaaS), these two articles highlight the reasons why the new generation of web-based productivity and business applications may actually succeed. Harken back a few years when software vendors were sprinting towards delivery of their applications as a service and the coffins for MS Office and other applications were being built. Guess they did not realize it is a marathon, not a sprint as only a handful actually survived.
Fast forward to the present and one can find a web-based alternative for nearly any commonly used application. Maybe the success and increased usage is related to not calling it SaaS and corporate mentality has changed to where a website is ok? Maybe IT gave up fighting it? Or maybe the vendors figured out how to sneak it by the firewall and go after the user, ala Google Desktop, and Google Apps. Whatever reason, this time the trend will stick- the timing is right, the mentality is changing and now all the needs to happen is to make sure the use is secure - particularly in corporate environments.
Check out some alternative online applications below:
Four PowerPoint alternatives
A fun MS Excel alternative |
|
|
We will take over the digital world – resistance is futile |
|
Monday, 30 June 2008 |
ALERT – In their quest to control all things digital, Google has announced a media server adding to their long list of applications and services. First it was Google Desktop to help organize the PC, then it was Google docs, an alternative to that other, big, controlling software company. Now that they have their fingers firmly planted in the business applications they are moving to the living room.
But will it stay there? Not likely. Corporate networks are rife with this type of application. Big pipes mean faster downloads. And because it is part of Google Desktop, a fixture on a vast number of PCs, Google Media Server will no doubt begin chewing bandwidth and employee productivity on corporate networks immediately.
Click here to view the TechCrunch article.
|
|
|
Online file transfer – the next P2P? |
|
Wednesday, 11 June 2008 |
ANALYSIS – In recent months, new online file transfer and storage applications have popped up with increasing frequency and the latest, Docstoc makes concerted efforts to simplify the upload process by installing an applet on your desktop. Docstoc differentiates itself by claiming that they want to be the Youtube of professional documents – a place where you can find template NDAs, privacy statements and so on. Moving large files around can be painful and file sizes show no signs of getting smaller – video, graphics images, etc are all conspiring to continue this trend. Email limitations and users who cannot or do not want to use FTP are two cases where these new applications can be helpful. Simplifying the task of the file transfer process is a positive thing. But then again, the reason P2P technology was developed was for the same purpose – to move files around.
The Docstock messaging, combined with the file transfer capability raises many security issues. First is privacy. Imagine uploading an NDA or licensing contract and forgetting to delete the company name. The next is compliance. Most companies really do not want these types of files to be sent to the general public. The next of course is security. Word, Excel, PDF all are known threat delivery mechanisms. And not to be left out, there is clearly a data loss risk element - or perhaps it should be called the OOPS factor - I didn't mean to send that file.
At a higher level, the question becomes, will these applications become the next P2P in that users will inadvertently share the wrong information? Granted the audience that receives the URL for the file is smaller than that of a P2P network, but ones the URL and associated file are "in the wild" we all know there is no way to pull it back. Like P2P applications, users should exercise caution when with file sharing applications, particularly those that install applets or toolbars on the desktop. And because they use Port 80 typically, enterprises will need to add yet another type of application to their "watch and control" list.
Click here to view the TechCrunch article.
|
|
|
When Social Networking Becomes an Application |
|
Tuesday, 03 June 2008 |
ANALYSIS – Most people would agree that Facebook is a far cry from the early days of Web 1.0 but only a few are willing to admit that it is not only a web site with associated URL but it is rapidly becoming an application platform. This TechCrunch article discusses the progression towards that end. Sure, users can type in www.facebook.com and visit the site. But the widgets, plugins and what not that users can access and use means that the dynamic nature of the content and the interactive use of Facebook has transcended traditional web sites to the point where it is more application than web site. This transition means that enterprises, networking and security vendors will need to re-think how they treat Facebook and whether or not they allow it, block it or control it.
Click here to view the TechCrunch article.
|
|
|
P2P Networks: A Treasure Trove of Data |
|
Tuesday, 15 April 2008 |
ANALYSIS – Music and video are not the only things you can find on P2P networks. Sure, everyone has heard about the massive loss of employee data caused by P2P usage but what about the less publicized loss of personal documents, billing information, and corporate IP? In this InformationWeek article, the author tests P2P networks for himself, searching the popular P2P networks for file types other than music and videos.
The author was able to find personal information, court proceedings, billing data, social security numbers and intellectual property with seemingly relative ease. And it is the ease with which this information is found that should scare users into using extreme caution when installing P2P. As with any software, there is a possibility of configuration errors which may lead to accidental data loss. Don't think it can happen to you – better double check just to be sure, because once the data is out there, it is never coming back.
From a security perspective, P2P applications are notorious in their ability to bypass firewalls by hopping ports and tunneling other applications. And this is all the more reason why a corporate wide P2P usage policy banning or severely limiting its usage be put in place and enforced through best practices that combines technology, training and appropriate personal action notices.
Click here to view the InformationWeek article.
|
|
|
What is this application and what should I do with it? |
|
Friday, 11 April 2008 |
The rapid evolution of the application landscape has security administrators scrambling to determine which applications are traversing the network and how they should treat them. More and more applications, both business and end-user oriented, are using evasive tactics to bypass detection. Whether it is a virus update using port 80 (but not HTTP) or a more nefarious application that uses SSL or hops from port to port, the task of controlling applications and protecting the network has become a daunting one.
To enable a more prudent decision making process on how to treat an application, Palo Alto Networks Application Research Center presents additional background for more than 575 applications in a dynamic, browser-based format, providing fingertip access to a wealth of information. Applipedia's application browser can be used as a research tool that enables administrators to filter applications based on category, subcategory, underlying technology, and characteristic including their file transfer capabilities, known vulnerabilities, ability to evade detection, propensity to consume bandwidth, and malware transmission/propagation.
To learn more about a specific application, an administrator can use the search field, which will bring up all instances of where the application name is used in the database. Drilling down into the application details provides an administrator with a description of the application, the commonly used ports and a summary of the individual application characteristics.
With a wealth of information on more than 575 applications found on enterprise networks, the Application Research Center helps administrators make more informed decisions on how to treat the applications by providing them with key facts about the applications. See for yourself. Search for your favorite application and learn about its security characteristics.
Applipedia |
|
|
File Sharing Sites On the Rise |
|
Monday, 24 March 2008 |
ALERT – FileDropper is yet another online file sharing site that allows users to upload files, in this case, up to 5 GB to a site and receive a URL which they can send to anyone. Joining the many other file sharing sites like Megaupload, RapidShare and MediaMax, these applications are filling the need for users who want to share big files and have no way to do so. Want to share a video with a friend, this is a great way to do it. Want to post a customer database without sending it through email? This is a great way to do it.
These applications are quietly becoming very popular and like many file transfer applications, they have clear legitimate business uses. But where does the line get drawn in terms of use? Is it ok to use these applications while at work and most likely, outside of the realm of IT control? The business risks associated with these applications rival those of P2P. Users upload a file, get a URL location of the file, and are free to send it to anyone they wish. In some cases to access the files require no password. This class of applications should be closely monitored and controlled within corporate environments. Palo Alto Networks will continue to monitor the development of applications like FileDropper and an App-ID for this application will be available soon. |
|
|
Taking a Page From the Google Playbook? |
|
Friday, 14 March 2008 |
ANALYSIS – This SearchSecurity.com article on Tor (The Onion Router) tries to build a case for using TOR within a corporate environment and in fact have come out with a feature to disguise the use of TOR itself. For those who are unaware, TOR, developed by Roger Dingledine and Nick Mathewson with sponsorship from the US military, is an encrypted anonymizer. Load it on your PC and you pass right through the corporate firewall in an encrypted (proprietary) tunnel. Few if any legitimate use cases for TOR within a corporate environment come to mind, unless of course it is solely to bypass existing security – perhaps to transfer corporate data? While Google applications like Google Docs, and Google Calendar are designed and marketed as “outside the realm of IT” at least they have legitimate business productivity uses. But Tor?
Click here to view the SearchSecurity article.
|
|
|
Be Afraid. Be Very, Very Afraid. |
|
Friday, 29 February 2008 |
ANALYSIS – A great article in CIO magazine that highlights nine consumer technologies that CIOs should be scared of (VoIP clients, web-based productivity tools, digital cameras, remote online storage, smart-phones, and social networking, IM, consumer email, Portable storage). With six out of nine technologies being applications, the article highlights the fact that CIOs are aware that these applications are (or may be) on their networks and that their presence places the company network at risk, be it a compliance, data loss, business continuity or operational perspective.
Interestingly, all of the application technologies listed are capable of bypassing most traditional detection mechanisms because they either hop ports, use encryption or tunnel HTTP. This fact, coupled with the fact that more and more young people who are accustomed to using these applications whenever they wish are entering the work force and should give CIO reasons to be scared.
Click here to view the CIO magazine article.
|
|
|
Once You Check In, You Can't Check Out |
|
Friday, 15 February 2008 |
ANALYSIS – Just in case you did not have a good reason to stay away from social networking sites, this article from the NY Times should provide one for you. Or at least it will make you think twice about joining and what gets posted. The article outlines the (difficult) process that users must go through to break free from the Facebook clutches.
The ramifications of the relative permanence of the data posted may not worry the social users (although it should), but corporations should definitely take notice. Particularly as they try to incorporate the use of Facebook into their recruiting efforts. Ideally, Facebook corporate users will develop and enforce appropriate use policies and guidelines to protect themselves as well as the users. In their defense, if Facebook is going to succeed they need to have user information for their marketing partners to target, so making it a difficult process is not surprising. But users should be more aware of this dirty little secret.
Click here to view the NY Times article.
|
|
|
Could it be Just a Matter of Time? |
|
Monday, 11 February 2008 |
ANALYSIS – While not quite as blunt as earlier articles (InfoWorld), the message that Google is relaying to IT departments in this WSJ Online article is this—resistance is futile—our applications will be on your network whether you like it or not. The latest salvo comes in the form of a new version of Google Apps that allows sharing of docs with others based on the company email addresses. And when critical mass is achieved, then IT will be forced to succumb.
The security risks with this approach are many. Is there an opt-in/opt-out feature? Is the configuration process so blindingly simple, that end-users will not “accidentally” share the company’s earnings statement? If an employee who is part of the group quits, what guarantee is there that they will be removed from the sharing list? And of course the Google practice of indexing everything needs to be addressed. And the list goes on.
Interestingly, the tactics Google is taking to increase penetration smell somewhat like the same strong arm tactics that their rival has taken to achieve their success, which raises the question, is it just a matter of time?
Click here to view the Wall Street Journal blog article. |
|
|
