A fun presentation given at Aus Cert in Australia, May 2010. Discusses social networking and its risks, rewards, strengths and weaknesses. www.paloalotnetworks.com/aur

1. Social Networking and Cyber-Security:
Strength, Weakness, Opportunity, or Threat?
Aus-Cert, May 2010

2. About Palo Alto Networks
• World-class team with strong security and networking experience
• Founded in 2005 by security visionary Nir Zuk
• Top-tier investors
• Builds next-generation firewalls that identify / control 950+ applications
• Restores the firewall as the core of the enterprise network security
infrastructure
• Innovations: App-ID™, User-ID™, Content-ID™
• Global footprint: 1,100+ customers in 60+ countries, 24/7 support

3. Social Networking is No Longer a Fad
• Hundreds of millions of people use social applications daily
• Facebook has over 400 million users
• LinkedIn has over 60 million users
• Social bookmarking applications have roughly 10 million users each
• Youtube is the 3rd most popular website on the Internet
• Sales, marketing, public relations, human resources, product teams,
and business development all see opportunity

4. Social Networking is A Hotbed of Risk
• Brand Damage
• Mis-treat your customers at your own peril
• Compliance
• Using unapproved applications, (FINRA)
• Business Continuity
• Malware or application vulnerability induced downtime
• Operations Costs
• Excessive bandwidth consumption, desktop cleanup
• Data Loss/Leakage
• Unauthorized employee file transfer, data sharing
• Productivity
• Uncontrolled, excessive use for non-work related purposes

5. Applications Are The Threat Vector
• US$3.8M stolen from small
school district in New York State
• Zeus banking trojan stole
credentials, enabled transfers
• All but US$500K recovered
• Increasingly, new and old threats
using social networks
• Social network-specific (e.g.,
Koobface, FBAction)
• New life for old threats (e.g.,
Zeus/Zbot)
• Huge user populations, high
degree of trust, liberal use of SSL
• But wait – we have those
applications under control…

6. Existing Control Mechanisms?
• Applications have changed
• Any port, random ports,
encryption - all in use
• Users feel entitled to use any
application
• New employees = always on,
always connected

7. Employees Will Find A Way…
80%
RDP
• Remote Access SSH 76%
62%
telnet
• 27 variants found 95% of 53%
LogMeIn
the time 42%
TeamViewer
CGIProxy 30%
• External Proxies PHProxy
30%
27%
• 22 variants found 76% of CoralCDN
the time FreeGate
15%
14%
Glype Proxy
• Encrypted Tunnels Tor
15%
13%
Hamachi
• Non-VPN related – found 9%
UltraSurf Frequency That the
30% of the time 3%
Gbridge Application Was Detected
3%
Gpass
00% 20% 40% 60% 80%

8. Applications Are Not What They Seem
Most Frequently Detected "Dynamic" Applications
100%
80% 83%
78% 77% 73%
60% 60%
60%
55% 54% 51%
40% 42%
20%
0%
Sharepoint iTunes MS RPC Skype BitTorrent MSN Voice Ooyla Mediafire eMule Teamviewer
Applications That are Capable of Tunneling
• 67% of the applications
Networking (73) 36 18 17 2 use port 80, port 443, or
Collaboration (46) 18 25 12 hop ports
Media (24) 8 12 13
General-Internet (17) 6 7 4
• 190 of them are
Business-Systems (15) 10 41
client/server
0 25 50 75 • 177 can tunnel other
Client-server (78) Browser-based (66) applications, a feature no
Network-protocol (19) Peer-to-peer (12) longer reserved for SSL or
SSH

9. Enterprise 2.0 Use is Consistent; Intensity Up
• Google Docs and Calendar
resource consumption* is up
55%
• Google Talk Gadget shot up by
56% while Google Talk dropped
76%
• Bandwidth consumed by
SharePoint and LinkedIn is up
14% and 48% respectively
• Bandwidth consumed by
Facebook, per organization, is
a staggering 4.9 GB
* Resource consumption = bandwidth and session usage

10. Social Networking: Strengths
Top line revenue
Reaching new markets/customer groups
Increasing sales in existing markets/customer
groups
Bottom line profit
Reduction in cost of sales (disintermediation)
Reduction in cost of support
Reduction in cost of marketing

11. Social Networking: Weaknesses
Fraught with unmanaged risk
Few policies
Existing policies aren’t enforceable
Savvy users
Content controls/logging/auditing outdated
Security models too restrictive
Coarse allow/deny

12. Social Networking: Opportunities
Business opportunity
Evolve security policies
Evolve controls
Make risk management/security relevant

13. Threats - Social Networking Top 10
10 - Social networking worms
9 - Phishing bait
8 - Trojan vector
7 - Data leaks
6 - Shortened/obfuscated links
5 - Botnet command and control
4 - It’s a data source for attackers
3 - Cross-Site Request Forgery (CSRF)
2 - Impersonation
1 - Trust

14. Recommendations
• Policy
• Gather
• Listen
• Redefine
• Model – re-think or refine
• Blindly blocking is somewhat draconian; blindly allowing is a CLM
• Safe enablement is your new mantra
• Controls
• Visibility and control of applications, users, and content is key
• “Allow, but…” controls are critical

15. www.paloaltonetworks.com/aur