[ISN] Staff actively seek enterprise security loopholes

From: InfoSec News (alerts@private)
Date: Mon Apr 28 2008 - 23:52:47 PDT


http://www.techworld.com/security/news/index.cfm?newsID=12102

By Katherine Walsh
CSO
28 April 2008

Enterprise users are "actively and intentionally" evading IT security 
controls and ignoring acceptable use policies, according to Palo Alto 
Networks' first annual "Application Usage and Risk Report."

The recent survey results from Palo Alto, a firewall vendor, are based 
on traffic from 350,000 users in 20 organisations that span the 
financial services, manufacturing, healthcare, state/local government 
and healthcare industries.

The report highlights applications (not generally supported by 
enterprise IT) that employees are actively using, as well as the major 
risks associated with their use.

Among the findings:

- External proxies that IT does not support, such as CGIProxy and 
  KProxy, were present in 80 percent of the customer networks.

- Web-based file transfer and storage applications such as YouSendIt and 
  MediaMax were detected in 30 percent of sites.

- Over 50 percent of applications using port 80 (the default port number 
  for a web server) were not business related.

- Google applications were found in 60 percent of the sites using port 
  80.

- Web video and streaming audio consumed significant bandwidth on 100 
  percent and 95 percent of the sites sampled, respectively.

- Peer-to-peer file sharing applications were found on 90 percent of the 
  sites.

Associated risks include:

- Data loss through unmonitored and/or unauthorised file transfers.

- Compliance violations, both with internal policies and external 
  regulations.

- Business exposure from malware propagation or application 
  vulnerability exploits.

- Operational cost increases due to higher bandwidth consumption and 
  added IT expense.

- Lost productivity from excessive use of personal applications.


_______________________________________________      
Subscribe to the InfoSec News RSS Feed
http://www.infosecnews.org/isn.rss



This archive was generated by hypermail 2.1.3 : Tue Apr 29 2008 - 00:03:28 PDT