Upload
palo-alto-networks
View
341
Download
0
Embed Size (px)
DESCRIPTION
A fun presentation given at Aus Cert in Australia, May 2010. Discusses social networking and its risks, rewards, strengths and weaknesses. www.paloalotnetworks.com/aur
Citation preview
Social Networking and Cyber-Security:
Strength, Weakness, Opportunity, or Threat?
Aus-Cert, May 2010
About Palo Alto Networks
• World-class team with strong security and networking experience
• Founded in 2005 by security visionary Nir Zuk
• Top-tier investors
• Builds next-generation firewalls that identify / control 950+ applications
• Restores the firewall as the core of the enterprise network security infrastructure
• Innovations: App-ID™, User-ID™, Content-ID™
• Global footprint: 1,100+ customers in 60+ countries, 24/7 support
Social Networking is No Longer a Fad
• Hundreds of millions of people use social applications daily
• Facebook has over 400 million users
• LinkedIn has over 60 million users
• Social bookmarking applications have roughly 10 million users each
• Youtube is the 3rd most popular website on the Internet
• Sales, marketing, public relations, human resources, product teams, and business development all see opportunity
Social Networking is A Hotbed of Risk
• Brand Damage
• Mis-treat your customers at your own peril
• Compliance
• Using unapproved applications, (FINRA)
• Business Continuity
• Malware or application vulnerability induced downtime
• Operations Costs
• Excessive bandwidth consumption, desktop cleanup
• Data Loss/Leakage
• Unauthorized employee file transfer, data sharing
• Productivity
• Uncontrolled, excessive use for non-work related purposes
Applications Are The Threat Vector
• US$3.8M stolen from small school district in New York State
• Zeus banking trojan stole credentials, enabled transfers
• All but US$500K recovered
• Increasingly, new and old threats using social networks
• Social network-specific (e.g., Koobface, FBAction)
• New life for old threats (e.g., Zeus/Zbot)
• Huge user populations, high degree of trust, liberal use of SSL
• But wait – we have those applications under control…
Existing Control Mechanisms?
• Applications have changed
• Any port, random ports, encryption - all in use
• Users feel entitled to use any application
• New employees = always on, always connected
3%
3%
9%
13%
15%
14%
15%
27%
30%
30%
42%
53%
62%
76%
80%
00% 20% 40% 60% 80%
RDP
SSH
telnet
LogMeIn
TeamViewer
CGIProxy
PHProxy
CoralCDN
FreeGate
Glype Proxy
Tor
Hamachi
UltraSurf
Gbridge
Gpass
• Remote Access• 27 variants found 95% of
the time
• External Proxies• 22 variants found 76% of
the time
• Encrypted Tunnels• Non-VPN related – found
30% of the time
Employees Will Find A Way…
Frequency That the Application Was Detected
Applications Are Not What They Seem
• 67% of the applications use port 80, port 443, or hop ports
• 190 of them are client/server
• 177 can tunnel other applications, a feature no longer reserved for SSL or SSH
83%78% 77% 73%
60% 60%55% 54% 51%
42%
0%
20%
40%
60%
80%
100%
Sharepoint iTunes MS RPC Skype BitTorrent MSN Voice Ooyla Mediafire eMule Teamviewer
Most Frequently Detected "Dynamic" Applications
10 4 1
6 7 4
8 12 13
18 25 12
36 18 17 2
0 25 50 75
Networking (73)
Collaboration (46)
Media (24)
General-Internet (17)
Business-Systems (15)
Applications That are Capable of Tunneling
Client-server (78) Browser-based (66)
Network-protocol (19) Peer-to-peer (12)
Enterprise 2.0 Use is Consistent; Intensity Up
• Google Docs and Calendar resource consumption* is up 55%
• Google Talk Gadget shot up by 56% while Google Talk dropped 76%
• Bandwidth consumed by SharePoint and LinkedIn is up 14% and 48% respectively
• Bandwidth consumed by Facebook, per organization, is a staggering 4.9 GB
* Resource consumption = bandwidth and session usage
Social Networking: Strengths
Top line revenueReaching new markets/customer groups
Increasing sales in existing markets/customer groups
Bottom line profitReduction in cost of sales (disintermediation)
Reduction in cost of support
Reduction in cost of marketing
Social Networking: Weaknesses
Fraught with unmanaged riskFew policies
Existing policies aren’t enforceableSavvy users
Content controls/logging/auditing outdated
Security models too restrictiveCoarse allow/deny
Social Networking: Opportunities
Business opportunityEvolve security policies
Evolve controlsMake risk management/security relevant
Threats - Social Networking Top 10
10 - Social networking worms
9 - Phishing bait
8 - Trojan vector
7 - Data leaks
6 - Shortened/obfuscated links
5 - Botnet command and control
4 - It’s a data source for attackers
3 - Cross-Site Request Forgery (CSRF)
2 - Impersonation
1 - Trust
Recommendations
• Policy• Gather
• Listen
• Redefine
• Model – re-think or refine• Blindly blocking is somewhat draconian; blindly allowing is a CLM
• Safe enablement is your new mantra
• Controls• Visibility and control of applications, users, and content is key
• “Allow, but…” controls are critical
www.paloaltonetworks.com/aur