When executives at a large global enterprise told an IT manager to do some snooping to make sure employees weren't abusing Internet access by chatting with friends on instant messaging (IM) clients and Facebook, he uncovered something much worse -- a gaping WAN security hole. Instead of using the company's password-protected file transfer protocol (FTP) server to share sensitive, business-related files with one another, employees were...
using public peer-to-peer (P2P) file sharing services.
"We didn't know what type of files they were sending over the Internet -- it could've been drawings of our machinery," said Tom Nielsen, IT-technical manager at Schur, a printing and packaging company based in Horsens, Denmark. "It was file sharing they needed to do. It was just [done] the wrong way."
Although his legacy network management systems reported and monitored usage and capacity, Nielsen had little insight into what type of traffic -- particularly Web traffic -- was traversing the WAN. His limited visibility became a problem when Schur's management grew concerned that the company's 800 WAN users were spending more time browsing Facebook than working.
"We knew how much traffic we had, but we weren't aware of [what that traffic was]," Nielsen said. "I had to answer management about how much [employee] time was used on Facebook or social networking sites, [but] I couldn't really tell them."
By backhauling Internet traffic over his Multiprotocol Label Switching (MPLS) network from 14 offices in Europe and the United States through his data center, Nielsen believed he had simplified WAN security -- it all passed through the firewall and antivirus software in headquarters via one pipeline.
When he realized how little information he had about that traffic, Nielsen and his team decided their WAN security strategy needed an upgrade -- a move that uncovered the startling WAN security issue, leading the team to block P2P traffic.
Using policy to block P2P traffic
Nielsen deployed FaceTime's Unified Security Gateway (USG) -- a gateway tailored for Web 2.0 applications that was recommended by his systems integrator, RanTek.
He discovered that employees were abiding by IT policies for acceptable Internet use, but the gateway also revealed that a significant number of users were bypassing IT's secure FTP server. They were transferring larger files -- more than 50 megabytes each -- through the Internet via peer-to-peer sites, which were more familiar and easier for them to use than FTP.
It became clear the team needed to completely block peer-to-peer traffic, Nielsen said.
"There was a lot of file sharing -- not illegal file sharing -- but some of our employees were using [P2P sites] to exchange files with each other or external [partners]," Nielsen said. "We could see that they were using that a lot, and we have stopped it totally."
The team used USG to stop P2P traffic by blocking popular file sharing sites and clamping down on files transferred any way except through FTP. Users who attempt to access those sites also receive an automated message from IT telling them why the site is blocked and instructing them to use FTP or contact the help desk for support.
"If it's written in our IT policy that they're not allowed to make file transfers other than with FTP, then we can block file transfers and stuff like torrent files," Nielsen said. "We're not allowing any kind of torrent. It could be legal, but we're not taking any chances."
As if he needed another reason to block P2P traffic, Nielsen said the gateway also identified a rogue server that an employee in a regional office had been using to download movies illegally through file sharing sites.
The device had not been part of his network domain and had gone unnoticed until USG alerted him to the IP address of a server making a file transfer through RapidShare, a file sharing site, Nielsen said. The gateway enabled him to identify the user by matching his Internet search queries with the file names that the rogue server had been downloading from RapidShare.
"I don't think we would've found it right away without FaceTime -- and with FaceTime, I found it within the first month I had it running," he said. "I'm seeing things that I wouldn't have seen without it."
Let us know what you think about the story; email: Jessica Scarpati, News Writer