If you've been watching the news this week, it was unavoidable. You inevitably saw the announcement from Facebook that they are rolling out email services to their user base, making them the largest email provider in the world. Facebook has long been a thorn in the side of security administrators who manage secure web gateways and proxies. Most companies didn't want their employees visiting social networking sites and spending all their times on them. Times have changed, and even the US military has changed its stance on Facebook, realizing it's an important tool in keeping the troops happy. So like companies that realize Facebook is an important marketing tool, the U.S. military has to find the right balance between allowing access and making sure employees don't get carried away playing games or using other Facebook applications all day.
Having email in Facebook, just adds one more distraction, and provides one additional page to block if your organization's policy already prohibits external access to e-mail. The good news for most security and IT administrators is that modern URL filters and web protection already offer mechanisms to allow basic Facebook access, but prevent access to specific pages and applications through the use of multiple categories. Allowing the category of "social networking", but blocking "games", "alcohol", "pornography", and even "webmail" will block things like Farmville, drinking games, Playboy's Facebook page, and eventually Facebook's email application, since these are generally categorized as both social networking and the appropriate other category they fall into.
Tuesday, November 16, 2010
Thursday, November 11, 2010
The Super Long URL
Blue Coat's Security Lab's latest post is about what for most people should be an obviously bad URL:
If you actually saw a URL that looked like the one above you should be immediately suspicious that it's part of an attempt at phishing.
But in actuality of course most people don't see the URL above, they see the HTML facade that's created for the email or webpage, and the above is just what's linked to the HTML display. But wait, you're thinking most browsers will show you where the HTML actually links to, and I'm smart enough to check that out (either in the bubble that shows up in the browser or the full link in the status bar at the bottom of the page).
But what's interesting about a URL like the one above is that it's so long that the entire URL won't display in most cases, so you only see the front part of the URL in your bubble or status bar. And that's the most likely explanation behind why the hacker created the URL. If you're not careful to check out the entire URL, you'll only see the front, and it may be enough to convince some people it's a legitimate link.
So be careful, and check the full URL of where you're going on the web, or at the very least make sure you're browsing through a Secure Web Gateway or proxy device that's configured to block phishing sites.
online.citibank.com.us.jps.portal.index.do.signin.logon.citibank.online.secure.sessionid.udp pincyyadcjfwjkgporvazebpnejlinbnunptl.qtpycihnqzaepbbwdrgjysgkvvegkvrztfytnffb.cg gshinmxvtsmxeesikaeciwhyqscvtfbcxjklti.sid.afterthehunttaxidermy.com/
If you actually saw a URL that looked like the one above you should be immediately suspicious that it's part of an attempt at phishing.
But in actuality of course most people don't see the URL above, they see the HTML facade that's created for the email or webpage, and the above is just what's linked to the HTML display. But wait, you're thinking most browsers will show you where the HTML actually links to, and I'm smart enough to check that out (either in the bubble that shows up in the browser or the full link in the status bar at the bottom of the page).
But what's interesting about a URL like the one above is that it's so long that the entire URL won't display in most cases, so you only see the front part of the URL in your bubble or status bar. And that's the most likely explanation behind why the hacker created the URL. If you're not careful to check out the entire URL, you'll only see the front, and it may be enough to convince some people it's a legitimate link.
So be careful, and check the full URL of where you're going on the web, or at the very least make sure you're browsing through a Secure Web Gateway or proxy device that's configured to block phishing sites.
Tuesday, November 2, 2010
Malware hiding in plain sight
It used to be that malware was hosted on the domains that were typically hidden from the average user, hosted in other countries. For example, for a long time malware was most prevalent on ".cm" and ".cn" domains (Cameroon and China respectively). A new report from McAfee shows that malware is now fully entrenched in the ".com" domain. In their latest study ".com" took over ".cm" to be the top domain hosting malware. 31.3% of all sites hosted on a ".com" domain are considered risky. The ".info" domain came in second with 30.7% sites rated risky. ".vn" (Vietnam) came in third at 29.4% and ".cm" fell to fourth to 22.2%.
This new study just confirms what we already know. Hackers and providers of malware are just getting bolder, and that there's more threats out there. It's more important than ever now to make sure your organization is protected when browsing the web using an up to date proxy or secure web gateway.
This new study just confirms what we already know. Hackers and providers of malware are just getting bolder, and that there's more threats out there. It's more important than ever now to make sure your organization is protected when browsing the web using an up to date proxy or secure web gateway.
Monday, November 1, 2010
Appliance, Cloud, or Software
The age old question of whether to buy an appliance or build out hardware yourself and buy software to run on your own general purpose operating system, has been getting serious competition from the cloud, or SaaS (Software as a Service). IT admins now have 3 choices when selecting how to implement web security for their organization. The question is how do you choose which is right for your organization. The key here is that the right answer isn't the same for everyone.
There's an obvious difference between the previous choices of appliance or build your own versus a cloud solution, and that's based in the accounting, which may not be a key criteria for an IT admin, but is certainly a consideration for your finance group. An appliance or build your own has capex ramifications, and of course a cloud solution is limited to opex costs. If your finance arm rules your expenditures you may not get a choice when it's time to upgrade your proxy or secure web gateway.
But for those of you that do have a choice, it may have to do with how much security expertise you have on hand, how much control you need over your maintenance windows, and how many of your users are remote and travel extensively. Each of these will affect which solution you choose, and may even cause you to consider a hybrid of two solutions. If you happen to have extensive expertise, build your own may be the way to go, especially if you need an extremely custom solution.
For those that need ease of use, and quick deployments, an appliance or cloud makes more sense. Those that need control of their maintenance windows should of course avoid a cloud where they will be bound by the service providers maintenance windows. And those with lots of remote users or users who travel extensively, may want the cloud solution to cover those users when they aren't behind the proxy in the data center. And when you have a mix of these requirements you may want to have more than one solution in place. For example, you may want an appliance in your data center and a cloud solution for your remote and traveling users. In the end, it may turn out for most organizations a hybrid solution makes the most sense.
There's an obvious difference between the previous choices of appliance or build your own versus a cloud solution, and that's based in the accounting, which may not be a key criteria for an IT admin, but is certainly a consideration for your finance group. An appliance or build your own has capex ramifications, and of course a cloud solution is limited to opex costs. If your finance arm rules your expenditures you may not get a choice when it's time to upgrade your proxy or secure web gateway.
But for those of you that do have a choice, it may have to do with how much security expertise you have on hand, how much control you need over your maintenance windows, and how many of your users are remote and travel extensively. Each of these will affect which solution you choose, and may even cause you to consider a hybrid of two solutions. If you happen to have extensive expertise, build your own may be the way to go, especially if you need an extremely custom solution.
For those that need ease of use, and quick deployments, an appliance or cloud makes more sense. Those that need control of their maintenance windows should of course avoid a cloud where they will be bound by the service providers maintenance windows. And those with lots of remote users or users who travel extensively, may want the cloud solution to cover those users when they aren't behind the proxy in the data center. And when you have a mix of these requirements you may want to have more than one solution in place. For example, you may want an appliance in your data center and a cloud solution for your remote and traveling users. In the end, it may turn out for most organizations a hybrid solution makes the most sense.
Subscribe to:
Posts (Atom)
Posts
