Wednesday, October 24, 2007

Web 2.0 Security Threats


As the emerging trend toward the use of Web 2.0 technologies reaches the enterprise, CIO’s and other IT personnel may find them a nuisance. Business driven applications, such as Wikis, Podcasts, or internal Blogs is on the rise, According to a Nermetes Research report, 18% of executives said that their company is using blogs, while 32% are using wikis, and 23% are using RSS. One of the major issues with these evolving 2.0 technologies is their lack of security. Web 2.0 applications expose companies to both inbound and outbound security threats that transcend legacy security measures associated with Web 1.0

The interactive nature of these applications creates new pipelines for information leakage, and makes them inherently difficult to secure. Couple with the hyper-speed of Web development, and the pressure to get new tools in the hands of users as quickly as possible, and you’ve got a security nightmare waiting to happen. So what can companies do to ensure that Web traffic coming in or going out of the network isn’t malicious in nature? Many have begun adopting Web security appliances which scan the actual content of web traffic coming in and out of the network for malware, spyware, viruses, worms and Trojans.


A Web security gateway is an appliance that plugs into the network, scans all HTTP and SMTP traffic both entering and exiting the network to ensure that each piece of content isn’t infected with malware. The traffic is scanned against a database of threat protection signatures and is allowed if no malware is uncovered. Some would argue that desktop software is more efficient or effective at protection from Web-borne malware, but an IT person will clearly tell you that managing and servicing 50-5,000 desktops with software is challenging keeping all up to date and now requires both AV and Anti-spyware clients. A single Web security appliance can apply both signature and reputation filters delivering complete protection from Web-borne malware. If the appliance is a network-friendly appliance, it will fit seamlessly into any network typography, and perform at gigabit rates – with no network performance degradation.


Web security appliances not only contain signature-based scanning of all HTTP and SMTP content, many include URL filtering and reputation filtering as well. This 3-pronged approach to securing the network is becoming increasingly popular as it covers all bases.

URL Filtering

URL filtering is especially good for setting and enforcing policies for employees. The most traditional approach used to block malware from entering a corporate network is URL filtering. Based on policies set forth by network and security administrators in the organizations, users are either permitted or denied access to certain categories of sites. As the Internet is made up of hundreds of millions of sites, URL filtering approaches rely on web crawlers to categorize sites to add them to its database. However, hackers are getting more sophisticated at fighting Web crawlers, by serving up good content so they are placed on the list of permitted sites and then when a users visits that Webpage they are served malware.

Content Filtering

Content filtering scans traffic coming in and out of the network and inspects every webpage coming in and out of the network for malicious code. This approach utilizes camouflaged machines which are placed around the world to collect malware samples. These samples are continually analyzed & are added to the database of threats that a company is protected from.

Reputation Filtering

Reputation Filtering is the newest approach to fighting Web-borne malware. Based on site reputations, content may not be scanned or filtered. For example, CNN is a popular news site and must have a good reputation so it isn’t scanned or inspected. However, well known sites are compromised all the time. The best method of Reputation filtering is to utilize it as a black list instead of a white list. Black listed sites are always blocked while white listed sites are always permitted to pass. Thus blocking access to sites known to distribute malware is more effective.

The more popular Web 2.0 becomes in the business world, the more attractive it will be to those with malicious intent. Seemingly legitimate Web pages can introduce malware or spyware into a network.

The following link is to a recent blog post by a self-proclaimed life hacker who clearly outlines the top 5 Web 2.0 services that hackers will love.
http://www.gnucitizen.org/blog/the-top-5-most-popular-web20-services-hackers-cannot-live-without .


YouTube and Monster.com, two popular sites for social networking and job searches are visited frequently by employees looking for a new job or wanting to watch the latest funny videos. In addition to visiting these sites while at work, users are linking from internal Wikis and podcasts to their MySpace.com pages opening up the network to potential hackers.


Managing the influx of security issues that come along with Web 2.0 is a collective work in progress; however, with web content security appliances on the rise, the need for desktop software that requires constant updates and troubleshooting on a multitude of machines is quickly falling by the wayside.


No comments: