Aus cert event_2010
2 likes389 views
The document discusses the dual nature of social networking regarding cybersecurity, highlighting its potential for both opportunity and risk. Companies like Palo Alto Networks emphasize the need for robust security measures to manage threats associated with social platforms, like data leaks and malware. It also outlines challenges businesses face, such as compliance, brand damage, and excessive bandwidth consumption due to unmanaged social networking use.
Aus cert event_2010
- 1. Social Networking and Cyber-Security: Strength, Weakness, Opportunity, or Threat? Aus-Cert, May 2010
- 2. About Palo Alto Networks • World-class team with strong security and networking experience • Founded in 2005 by security visionary Nir Zuk • Top-tier investors • Builds next-generation firewalls that identify / control 950+ applications • Restores the firewall as the core of the enterprise network security infrastructure • Innovations: App-ID™, User-ID™, Content-ID™ • Global footprint: 1,100+ customers in 60+ countries, 24/7 support
- 3. Social Networking is No Longer a Fad • Hundreds of millions of people use social applications daily • Facebook has over 400 million users • LinkedIn has over 60 million users • Social bookmarking applications have roughly 10 million users each • Youtube is the 3rd most popular website on the Internet • Sales, marketing, public relations, human resources, product teams, and business development all see opportunity
- 4. Social Networking is A Hotbed of Risk • Brand Damage • Mis-treat your customers at your own peril • Compliance • Using unapproved applications, (FINRA) • Business Continuity • Malware or application vulnerability induced downtime • Operations Costs • Excessive bandwidth consumption, desktop cleanup • Data Loss/Leakage • Unauthorized employee file transfer, data sharing • Productivity • Uncontrolled, excessive use for non-work related purposes
- 5. Applications Are The Threat Vector • US$3.8M stolen from small school district in New York State • Zeus banking trojan stole credentials, enabled transfers • All but US$500K recovered • Increasingly, new and old threats using social networks • Social network-specific (e.g., Koobface, FBAction) • New life for old threats (e.g., Zeus/Zbot) • Huge user populations, high degree of trust, liberal use of SSL • But wait – we have those applications under control…
- 6. Existing Control Mechanisms? • Applications have changed • Any port, random ports, encryption - all in use • Users feel entitled to use any application • New employees = always on, always connected
- 7. Employees Will Find A Way… 80% RDP • Remote Access SSH 76% 62% telnet • 27 variants found 95% of 53% LogMeIn the time 42% TeamViewer CGIProxy 30% • External Proxies PHProxy 30% 27% • 22 variants found 76% of CoralCDN the time FreeGate 15% 14% Glype Proxy • Encrypted Tunnels Tor 15% 13% Hamachi • Non-VPN related – found 9% UltraSurf Frequency That the 30% of the time 3% Gbridge Application Was Detected 3% Gpass 00% 20% 40% 60% 80%
- 8. Applications Are Not What They Seem Most Frequently Detected "Dynamic" Applications 100% 80% 83% 78% 77% 73% 60% 60% 60% 55% 54% 51% 40% 42% 20% 0% Sharepoint iTunes MS RPC Skype BitTorrent MSN Voice Ooyla Mediafire eMule Teamviewer Applications That are Capable of Tunneling • 67% of the applications Networking (73) 36 18 17 2 use port 80, port 443, or Collaboration (46) 18 25 12 hop ports Media (24) 8 12 13 General-Internet (17) 6 7 4 • 190 of them are Business-Systems (15) 10 41 client/server 0 25 50 75 • 177 can tunnel other Client-server (78) Browser-based (66) applications, a feature no Network-protocol (19) Peer-to-peer (12) longer reserved for SSL or SSH
- 9. Enterprise 2.0 Use is Consistent; Intensity Up • Google Docs and Calendar resource consumption* is up 55% • Google Talk Gadget shot up by 56% while Google Talk dropped 76% • Bandwidth consumed by SharePoint and LinkedIn is up 14% and 48% respectively • Bandwidth consumed by Facebook, per organization, is a staggering 4.9 GB * Resource consumption = bandwidth and session usage
- 10. Social Networking: Strengths Top line revenue Reaching new markets/customer groups Increasing sales in existing markets/customer groups Bottom line profit Reduction in cost of sales (disintermediation) Reduction in cost of support Reduction in cost of marketing
- 11. Social Networking: Weaknesses Fraught with unmanaged risk Few policies Existing policies aren’t enforceable Savvy users Content controls/logging/auditing outdated Security models too restrictive Coarse allow/deny
- 12. Social Networking: Opportunities Business opportunity Evolve security policies Evolve controls Make risk management/security relevant
- 13. Threats - Social Networking Top 10 10 - Social networking worms 9 - Phishing bait 8 - Trojan vector 7 - Data leaks 6 - Shortened/obfuscated links 5 - Botnet command and control 4 - It’s a data source for attackers 3 - Cross-Site Request Forgery (CSRF) 2 - Impersonation 1 - Trust
- 14. Recommendations • Policy • Gather • Listen • Redefine • Model – re-think or refine • Blindly blocking is somewhat draconian; blindly allowing is a CLM • Safe enablement is your new mantra • Controls • Visibility and control of applications, users, and content is key • “Allow, but…” controls are critical