MegaUpload: What You Need to Know

There is a lesson to be learned here.  While online storage sites like MediaFire, Dropbox, YouSendIt and Box immediately jumped to defend legitimate file storage sites, like themselves, in the New York Times article, “Antipiracy Case Sends Shivers Through Some Legitimate Storage Sites” by Nicole Perlroth and Quentin Hardy; as reported by Perloth and Hardy, these public, cloud online storage sites “are inherently ideal for anyone looking to illegitimately upload and share copyrighted video and audio files.”

For the most part, the way the sites mentioned in the New York Times article work is that their users share files using a link to a file exposed publicly, and stored in a public, multi-tenant cloud.  These sites are often architected in such a way that one copy of a file, for instance a photo, is stored once and shared by multiple users to save storage space for the site.

So what is the lesson to be learned?  Data shows that employees at enterprise organization are using consumer online storage sites at work and are putting their organization at risk for copyright infringement and exposure of intellectual property.  According to a recent study by Palo Alto Networks, MegaUpload usage was found on the networks of 57 percent of the 1,636 enterprise organizations in the study.  76 percent had Dropbox and 57 percent had Box on their network.

An enterprise organization’s business users – employees, partners, and customers — trying to get their jobs done and be productive often turn to consumer online storage sites to share sensitive corporate data.  If an organization wants to protect themselves against copyright infringement and exposure of intellectual property they need to offer their users another way to share files.

Accellion works differently from these sites and is a secure, managed alternative architected for enterprise organizations, while still offering users an easy, simple way to share files.  Using Accellion, enterprise users are granted their own secure, online storage while they access, collaborate and share files anytime, anywhere and the majority of Accellion customers using a private cloud deployment behind their firewall to ensure maximum protection and control of intellectual property,  Accellion encrypts information in transit and at rest and is the safe, secure option and business users.

Whether Accellion customers use a public, private or hybrid cloud deployment they can manage, report and track files so they know who downloads what file, from what device and when they download it.  Accellion also integrates with Data Loss Prevention technology (DLP).  This inherently discourages employees from sharing illegitimate files, watching copyrighted entertainment via the corporate network, or sharing other files that are not in line with corporate policies.  Accellion helps protect an organization from inadvertent IP leaks, and helps our customers maintain compliance with HIPAA, PCI, SOX and other global government data regulations.

The recent MegaUpload news is yet another wake up call for global enterprises to take control over file sharing within their organization, and this means deploying a secure enterprise solution that enables easy file sharing for business users without exposing intellectual property or enabling copyright infringement.  In addition, organizations need to continue to monitor updates to government regulations and the impact they have for their organization’s data. This will continue to be something we watch and discuss on this forum.  Subscribe to our blog for the most up-to-date information.

By Yorgen Edholm - President and Chief Executive Officer at Accellion

(see source)

Defeating Defacement: File Integrity Protection via Application Whitelisting

It is a PR disaster. A group of ‘hacktivists’ have somehow managed to attack your company website and changed your content (which is actively being displayed to the entire world). Your phone won’t stop ringing, and your mailbox just melted down. So many questions running through your mind: ‘What just happened?’, ‘Who did this?’, ‘How did they do this?’, and most importantly ‘How can I prevent this from happening again???’. It certainly doesn’t help that this has the highest level of visibility within your organization. It’s going to be a very long day.

Sadly this scenario is now playing itself out more than ever. This is especially true with a loosely managed group of hactivists that call themselves ‘Anonymous’. The list of companies affected by Anonymous is large enough to raise national media attention—which is not exactly where your company wants to have its name mentioned.

The Problem:
Despite significant improvements to website server security, major companies continue to be the victimized by this type of vandalism. The motivation behind such attacks range from citizen protestors (“hacktivists”), to good old fashion revenge. Regardless of the motivation, you now have a very embarrassing problem on your hand.

Despite best practices of ‘locking down’ your website data files to prevent changes to them, it does no good if someone is able to gain root level access to the server; the attacker can simply open up the privileges for the data files with a single command. You need to be able to lock down these files at a lower level than standard operating system controls provides.

A Solution:
What can be done to prevent these defacements? The fundamental problem boils down to the fact that unauthorized changes are being made to the website files. The affected files could be simple html, cgi, or php, etc., but even a simple change to a .htaccess file can ruin your day. Regardless of how someone gains access to these files (there are many, many techniques that can be used to gain access such as sql injection, javascript vulnerabilities, etc), wouldn’t it be nice to know that they would not be able to modify or delete these files in any way? If you can tell your management team that the website is secure from defacement, then everyone would rest a lot easier at night.

As readers of our blog know, CoreTrace Bouncer is an application whitelisting product. The main benefit of this technology is that only programs that are explicitly defined on the whitelist are allowed to execute. Any programs not on the whitelist are considered to be ‘unauthorized’ so Bouncer prevents these unauthorized programs from executing. Bouncer takes the firewall paradigm of ‘default deny’ for network ports and applies it to program execution within the operating system.

Not only does Bouncer enforce the whitelist but Bouncer must also protect the integrity of the whitelisted applications as well. How effective would a whitelisting product be if someone could simply delete an authorized application such as notepad.exe, and replace it with a tainted program that has been renamed to notepad.exe? Bouncer blocks (from the kernel) all modifications to program files that are on the whitelist by default. Bouncer Administrators are able to define vectors of authorized change which enables transparent changes to these files so that upgrades and patches can easily be applied without difficulty.

CoreTrace has extended this kernel level ‘file integrity protection’ capability to any file which you wish to protect. While the html files will never execute, you can rest much more easily knowing that any file you wish to add to the list has this low level extra measure of protection available. This can also be applied to any file that you wish such as c:\boot.ini or the hosts file.

by Greg Valentine