Balancing Social Networking with Network Security Objectives in a Government Environment >

abusivetrainerNetworking and Communications

Nov 20, 2013 (3 years and 4 months ago)


Balancing Social Networking with
Network Security Objectives in a Government Environment >
October 26, 2010
< >
Balancing Social Networking with Network Security Objectives in a Government Environment
Social Networking is Here to Stay
With the explosion of other options for social networking, interaction and
collaboration, email has lost its position as the primary Internet-based
communication tool. In fact, The Wall Street Journal reported that there
were more social networking accounts than Webmail accounts in 2009.

Today, users rely more on blogs, tweets, social networking posts and even
video clip communications to enrich information exchange, even in the
government sector.
To leverage the communication benefits of social
networking, 27 U.S. federal agencies made voluntary
service agreements with Facebook in 2009.
agencies have begun to more aggressively follow suit
when, in February 2010, the U.S. Deputy Secretary
of Defense issued a formal directive (DTM 09-026)
requiring agencies to provide user access to a variety
of sites that had previously been blocked due to
security concerns.
From small town government
offices to larger federal agencies, social networking
is being leveraged to interact with suppliers, vendors
and consultants in a fast, easy-to-use and broadly
accessible way. And social networking has become
the preferred method for personnel to maintain both
their professional and personal relationships.
The widespread adoption of social networking has hit
the private sector as well: A recent survey found that
65 percent of the largest 100 international companies
have active accounts on Twitter, 54 percent have a
Facebook fan page, 50 percent have a YouTube channel, and one-third have
corporate blogs.
One in five of major international businesses are actually
using all four of these technologies.
Email vs Social Networking Users
Social Networking
Source: Wall Street Journal

< >
Balancing Social Networking with Network Security Objectives in a Government Environment
Managing the risks
The benefits of social networking also come with significant risks, including:
Security: Threats such as malware, phishing and data loss are increasingly
targeting social networking because the wide range of communication
features makes it easier to spread untrustworthy messages or hazardous
malware. By exploiting the trust factor inherent in social networking,
malware can more easily bypass traditional security approaches by
manipulating users to download malicious content that appears to come
from a trusted source, such as a friend or familiar organization.
Bandwidth management: The rich media inherent in much of social
networking’s interactions, including pictures, music, and video, consume
vast amounts of bandwidth. If left uncontrolled, streaming video to hundreds
of systems at the same time can shut down critical applications.
Inappropriate Internet use: Policies
on professional conduct may dictate
that public comments posted by
government personnel meet certain
standards or stay within professional
bounds such as restrictions on
political statements.
Responses to these challenges
are equally broad. Luckily, the
best practices for securing social
networking are similar to those
used for web threats in general.
The task facing federal, state and local government IT teams, therefore,
is to understand their organizations’ priorities around effective and
appropriate social networking use, and the strengths and limitations of the
various security options. The ultimate goal is to find the balance between
achieving the productivity benefits of social networking while protecting the
organization from dangerous threats.
< >
Balancing Social Networking with Network Security Objectives in a Government Environment
The usual suspects
Practically every web threat against email or web browsing has found new
life in the world of social networking. Sites and services like Facebook and
Twitter provide new ways for cybercriminals to hide malware, set up fake
sites, compromise legitimate sites and spread an attack from one member
of a social network to another. They simply bypass most traditional defenses
along the way. Here are how these different types of attacks work:
Malware remains the number one threat to anyone using the Internet
through botnets, spyware, viruses, Trojans, worms and other attacks.
Malware can also be part of a targeted attack, particularly for
government agencies, with potentially catastrophic consequences. For
example, between January and March 2010, the computers of 13 South
Korean Army officers became infected with malware that resulted in the
theft of war operation plans.
And, in a recent survey, antivirus solution vendor Sophos reported
that 36% of users revealed that they had been sent malware via social
networking sites.
Blue Coat Security Labs reported that two-thirds of all malware attacks
in 2009 were spread when users were offered a video clip which, when
clicked, would report that the user needed to update their Flash player
or install new software to view the video.
This malware-spreading
mechanism depends on a user behavior that is almost automatic among
social networking users where video content sharing is so common.
In addition, many threats often capitalize on highly publicized events
and catastrophes such as natural disasters, massive power outages,
civil disturbances and more. These attacks may pose as charitable
organizations to solicit donations or offer fake video of dramatic events
to manipulate users into downloading malware. These types of attacks
only complicate the efforts of government and other organizations that
assist in these emergencies.
Phishing attacks – attempts to trick users into revealing confidential
information – are on the rise within social networking environments. Some
are designed to simply collect hundreds of thousands of email addresses
In 2009, blended threats evolved into
much more complex structures, adapting
to the current environment of technology,
users and vulnerabilities.
Post Comment
<script language =
”js” src = ””>
<script language =
”js” src = ””>
< >
Balancing Social Networking with Network Security Objectives in a Government Environment
that can then be used for spam, email virus attacks and so forth. Other
phishing attempts can be complex, targeted attacks intended to dupe smaller
numbers of select individuals into revealing more valuable details such as
financial or personal data. Government agencies are frequently targeted by
those with extreme political agendas.
Phishing attacks use social engineering techniques to deceive people into
divulging confidential information. Just like malware, these attacks have been
extremely successful within social networking sites because they exploit the
high level of trust users place in their network of “friends.” Unlike suspicious-
looking URLs sent anonymously via email, users are far more likely to trust
content, such as a video link, that comes from a trusted source. The success
of these attacks is perhaps why Facebook is the fourth most popular online
phishing target.
The sheer popularity of these sites makes them attractive targets for
cybercriminals. In fact, Blue Coat Security Labs found that social networking
sites account for 25% of the top 10 most active URL categories.
So, as their
popularity has grown, so have the attacks.
Data Loss
Industry analyst Forrester Research has reported that Web 2.0 applications
such as blogs, wikis and social networking sites provide an easy way for data
to escape from an organization.
An individual who wants to steal government
data is highly unlikely to use the department or agency’s email system
because it’s almost impossible to do quickly or anonymously. As a result, social
networking services have become a highly attractive way to steal information
because they provide several ways to post documents, video or plain text.
However, nearly 80 percent of data loss is unintentional, and accidental
information leakage through social networking sites may present a greater risk
than criminal activity.
This may be the result of the casual and open nature
in which users approach social networking, or the atmosphere of trust that
weakens a user’s judgment. Things that they would never discuss openly in a
public setting are often shared freely within social networking sites – including
confidential data.
< >
Balancing Social Networking with Network Security Objectives in a Government Environment
Bandwidth Abuse
Social networking encourages frequent communication.
It often involves visiting pages that contain dozens or even
hundreds of comments and links. Every time a user visits
a page to see what is new, their browser is also presented
with mostly old content as well. And the user dynamically
moves from one page to another as they follow different
trains of thought or simply visit the pages of key members
of their social network. The total gateway bandwidth hit can
be staggering for many organizations.
Combine this with the extensive sharing of multimedia
on social networks and it’s easy to see that bandwidth
consumption can quickly become a problem, and could
cause more mission-critical applications to fall below
their necessary performance levels. Critical tasks such as
retrieving database records or electronically submitting
important information frequently hits performance bottlenecks. Bandwidth
abuse is even more detrimental to organizations who rely on Software-as-
a-Service (SaaS) solutions, or who manage virtual desktops for remote or
mobile users.
Layered defenses optimize security and bandwidth
Just as cybercriminals have applied innovative
techniques to leverage social networking, IT
must find equally innovative ways to apply their
security knowledge, expertise and available
technologies to a new environment. A layered
defense helps protect against malware,
phishing, data loss and bandwidth abuse with a
comprehensive security approach that includes
real-time web filtering, antivirus software,
data loss prevention, mobile security and
user education components. Each of these is
described in detail below:
Jan 09
Jul 09 Dec 09
Source: Twitter
The number of “tweets” per day grew from just 2.5
million in January 2009 to over 30 million by the
end of the year, with no indication of slowing down.
< >
Balancing Social Networking with Network Security Objectives in a Government Environment
Web filtering
Web filtering provides a front line to neutralize links, scripts and other
techniques used to either trick a user or automatically cause the computer
to connect to a malware infection source. Next-generation web filtering
solutions can preserve and support legitimate social networking activities
while preventing the victim’s browser from accessing potentially dangerous
content and phishing scams. However, many solutions tend to block
legitimate pages or even entire domains because they lack more granular
response capabilities. So it’s important to have a solution that can filter URLs
using multiple categories, real-time ratings and a deep level of visibility.
Today’s web threats move quickly, with an average lifespan of less than two
hours in any one location. Even a web filtering solution that provides hourly
updates is statistically going to miss half of all active, fast-moving threats.
Therefore, an effective web filtering solution must be paired with cloud-
based services that increase awareness of web activity and provide access
to constantly evolving defense technologies – all without requiring frequent
downloads and updates to on-premise solutions.
Blue Coat WebFilter includes full access to the WebPulse cloud service with
over 70 million users and a 100% uptime record since 2004. As a result, it is
the largest, most reliable and most respected security cloud service in the
industry. Increased web awareness, provided by WebPulse, helps direct and
prioritize research efforts to concentrate where users are surfing. WebPulse
also includes many automated technologies and can provide real-time
category ratings for never-before-seen URLs from around the world in 50
languages. Rather than depending on a single technology, such as reputation
analysis, WebPulse accurately categorizes URLs by applying reputation,
heuristics, sandboxing, content analysis, deep link inspection and other
technologies to web requests.
Also, Blue Coat WebFilter is one of the few solutions that can differentiate
URLs that are sources of potential malware infection from those used
by systems already infected with spyware that attempts to send stolen
information back to its creator. First, this ability provides another layer
of defense using a single technology. Second, it can immediately alert IT
about potentially compromised systems so they can evaluate and clean
the system if necessary and ensure nothing else has been compromised
on the end point.
< >
Balancing Social Networking with Network Security Objectives in a Government Environment
There is little truth to the rumors that antivirus has become a commodity.
Indeed, the fast-moving, rapidly evolving nature of today’s malware has put
even greater demands on antivirus vendors. Yet while the best practice of
“multi-vendor” antivirus has not
changed, the reasons behind this
practice have.
In the 1990’s, multi-vendor
antivirus usage evolved because
it was never clear which vendor
would be the first to respond
to a new threat at a time when
response times were measured
in days. Having two vendors
increased the chance of at least
one vendor catching the threat.
But today’s vendors can typically
respond in just a few hours to a
totally new threat.
However, most “new” threats are simply variants of previously identified
malware. In a single day, hundreds or even thousands of variants of a single
virus may be released onto the web. So each antivirus vendor has developed
their own approach to identify and block a variant of known malware.
However, few can claim even a 40-50% detection rate. Therefore, using
one AV vendor on the end point, and another at the gateway, increases the
likelihood of blocking a recently introduced malware variant.
Since the first FTP/HTTP antivirus scanners were introduced in the mid-
´90s, performance was the primary obstacle to fully implementing a gateway
antivirus security layer. So Blue Coat introduced the ICAP protocol and the
ProxyAV™ platform, which works in conjunction with the Blue Coat ProxySG
appliance, to help leading AV vendors deliver web security solutions that
optimize performance as well.
< >
Balancing Social Networking with Network Security Objectives in a Government Environment
Data Loss Prevention (DLP)
DLP must protect against both intentional data theft and accidental data
loss. And while email has been the traditional area of focus for DLP
deployments, it is clear that email is no longer the dominant form of
electronic communication. Organizations must ensure their DLP strategies
include the ability to inspect all SSL traffic as well as that used by social
networking offerings.
Forrester has reported that “deep content analysis and data-centric control
is on many users’ wish lists, yet web filtering products that offer good DLP
functionality are few and far between.”
Other research has shown DLP
buyers and users to be frustrated with solutions that are either too complex
to be usable or too simplistic to be effective. An effective DLP strategy
must include data registration features for accurate content identification,
offer multi-function capabilities (for email, web and network DLP), include
proactive discovery DLP capabilities, and still be easy to use and maintain.
The Blue Coat Data Loss Prevention appliance was created to deliver on
those requirements. With a typical one-day deployment, agencies can quickly
begin to detect and block potential data leaks. Pre-defined policies can be
used as-is or customized to monitor and control information traveling across
the network, in email, or to the web, including posts to social networks.
Support for full data registration capabilities help ensure accurate, proactive
discovery and real-time leak detection while minimizing false positives.
Bandwidth Management
Managing bandwidth is a complicated
responsibility. While it’s easy to completely
block malicious or inappropriate sites,
managing connections to other URLs can
be more complex. Web filtering is the
most effective way to control malicious
or recreational web traffic, but require
granular capabilities that enable more than
just the ability to allow or deny access.
Controlling bandwidth requires visibility
into current traffic patterns. IT must
identify which applications are in use, their
< >
Balancing Social Networking with Network Security Objectives in a Government Environment
performance requirements, peak usage times and their importance to the
business. Mission-critical applications should be given priority to ensure
quality of service, and some applications or types of network traffic may be
restricted to a fixed percentage of available bandwidth.
The impact from video clips and streaming media may be constant or IT may
find spikes in activity at certain times of the day or around certain events.
Personnel conducting research, or just staying on top of the news as part
of their morning ritual, are now watching video clips as well as reading
articles. For instance, many U.S. offices found their networks saturated and
mission-critical applications failing on the day personnel tried to watch the
presidential inauguration of Barack Obama online. Sports events often pose
another performance threat to network bandwidth as online broadcasting
expands. The most effective way to manage peak demand is to grant various
levels of access based on a user’s role, time of day and the content type. For
example, Facebook access may be permissible during certain hours but not
the games offered through the site.
By limiting bandwidth consumption and setting application priorities, it’s
possible to provide access to social networking and multimedia content and
still ensure mission-critical applications operate at acceptable levels. For
example, personnel can view YouTube, but only with 8% bandwidth. And
if a mission-critical application periodically requires additional bandwidth,
lower priority applications and traffic can be further restricted. Thus,
personnel can access bandwidth-consuming applications without impacting
key agency functions.
Blue Coat PacketShaper provides these granular features with integrated
visibility and control capabilities in a single appliance. With PacketShaper’s
application performance monitoring capabilities, IT can identify all the
applications on the network and monitor response times and utilization at
the application level. Web traffic can be correlated with URL categories to
ensure mission-critical application bandwidth requirements are met before
social networking, for example. Social networking access would remain
available during these times, although with reduced performance due to its
lower priority.
< >
Balancing Social Networking with Network Security Objectives in a Government Environment
Mobile Security
Mobile and remote workers also require web filtering for front-line
protection against malware and phishing attacks. Mobile workers have
a far greater need for effective security because they typically operate in
unsecured environments such as airports, hotels or on their home networks.
Because these systems frequently operate outside of the agency network,
they face threats that go beyond social networking.
Blue Coat ProxyClient
provides a critical way to
protect mobile and remote
workers on any network.
ProxyClient is centrally
managed and enforces the
organization’s policies on
web access, and works with
the Blue Coat WebPulse™
cloud service to gather
the latest categorization intelligence. But ProxyClient also delivers WAN
optimization to help deliver a headquarters work experience to all employees
wherever they are. With ProxyClient, you can define which applications
to accelerate and which to block based on security and bandwidth
requirements. As a result, web filtering is the perfect complement to the
end-point antivirus solution, which has become standard on end points.
User Education
In addition to addressing technology gaps, you also have to educate users
about social networking security problems that stem from simple human
error. And while the end user will likely remain the number one security
risk for any organization, dramatic results can be achieved with just general
security training.
Education should begin with the basics, but can be placed in the context
of social networking to make them fresh and interesting. For example,
good login and password practices are a common problem within social
networking. Routinely changing login credentials and protecting the
confidentiality of passwords are basic security requirements – or should be.
< >
Balancing Social Networking with Network Security Objectives in a Government Environment
While this may sound like common sense, the recent “Climategate” fiasco
may have been caused by one scientist who actually included his password
in his email signature.
So even highly educated users need to be reminded
about basic security measures.
Cybercriminals also know that many users use the same login ID and
password on multiple sites, which enables attackers to easily gain access
to social networking accounts. In one instance, many Twitter accounts were
hacked when users were tricked into creating an account on a fake torrent
Other examples that are much less dramatic, but occur much more
frequently, take place when users try to share something to a select group
in an appropriate way, but do not realize that the way they shared it made it
available to a broader group.
Some applications may be popular enough to
reasonably provide in-depth application training for
users. A great example of an easily avoidable issue
recently occurred when over 100 million Facebook
pages were compromised simply because most
users did not understand some of the security
settings available.
It may be worthwhile to start
surveying users to identify their needs, applications
of choice and perhaps even their own list of
concerns. Then prepare a plan to ensure users are
aware of how to use those applications safely.
Also, users need to be reminded that there are no safe zones on the web –
including social networking sites. Assume that everything you reveal on a
social networking site will be visible on the Internet forever. Once it has been
searched, indexed and cached, it may later turn up online no matter what
steps you take to delete it.
Finally, most users are no different than IT – no one reads the manual. So
many users won’t really understand security guidelines until they violate
them once or twice. “Coaching screens” are informational pop-ups or
browser redirects that would appear at the instant a violation occurs to
inform the user they have violated a policy, someone else knows about
it, and explains how to prevent it from happening again. From a product
standpoint, IT should look for solutions that not only provide security, but can
also support education efforts.
< >
Balancing Social Networking with Network Security Objectives in a Government Environment
Social networking has achieved a level of popularity that requires reasonable
access at work, but it is also sufficiently mature to bring value to many
government organizations. But safe social networking requires an aggressive
and layered security strategy at the web gateway, as well as the definition of
new usage policies and priorities from management and IT. Better end-user
education will also be required to ensure workers use social networking
applications safely and appropriately. The combination of layered security
and education can help organizations dramatically reduce the risks from
malware, phishing, data loss and bandwidth abuse
Why is all this necessary?
As Jon Otsik of the
Enterprise Strategy
Group said, “Clearly,
cybercriminals are taking
advantage of social
networking’s fundamental
model of familiarity,
trust, sharing and open
communications to dupe users and steal valuable data.”
To close these
security gaps, IT and business leaders must ensure they have the right
security strategies in place to identify and protect against the rapid evolution
of social networking threats.
< >
Balancing Social Networking with Network Security Objectives in a Government Environment
The Wall Street Journal, October 12, 2009: “Why email no longer rules…”
Federal Computer Week, May 25, 2010: “Mitigation, not prohibition, is best response to
social media’s security risks”
“Directive-Type Memorandum (DTM) 09-026 - Responsible and Effective Use of Internet-
based Capabilities”
Burson-Marsteller, February 23, 2010: “The Global Social Media Check-up.”
Canadian Privacy Law blog, October 5, 2010: “Privacy Commissioner’s Annual Report on
the Privacy Act tabled”
Softpedia, August 21, 2010: “Malware Used to Steal South Korean Military Secrets”
Sophos, February 2010: “Security Threat Report: 2010”
Blue Coat Security Labs: “Web Security Report for 2009”
TechWorld, November 26, 2009: “Data-leak lessons learned from the ‘Climategate’ hack”
Mashable, May 12, 2010: “Facebook Attracts More Phishing Attacks Than Google and IRS”
Blue Coat Security Labs, 2009
Forrester Research, April 16, 2009: “The Forrester Wave™: Web Filtering, Q2 2009”
eWeek, April 29, 2010: “How to Integrate Data Loss Protection in Web 2.0 Security
Forrester Research, April 16, 2009
TechWorld, November 26, 2009
SC Magazine, February 4, 2010: “Twitter accounts compromised in torrent site scam”,twitter-accounts-compromised-in-
SC Magazine, July 30, 2010: “100 million Facebook accounts exposed”,100-million-facebook-accounts-
Enterprise Strategy Group, July 2010: “Cloud-based Community Security”
Blue Coat Systems, Inc. • 1.866.30.BCOAT • +1.408.220.2200 Direct
+1.408.220.2250 Fax •
Copyright © 2010 Blue Coat Systems, Inc. All rights reserved worldwide. No part of this document may be
reproduced by any means nor translated to any electronic medium without the written consent of Blue Coat
Systems, Inc. Specifications are subject to change without notice. Information contained in this document is
believed to be accurate and reliable, however, Blue Coat Systems, Inc. assumes no responsibility for its use. Blue
Coat, ProxySG, PacketShaper, CacheFlow, IntelligenceCenter and BlueTouch are registered trademarks of Blue
Coat Systems, Inc. in the U.S. and worldwide. All other trademarks mentioned in this document are the property
of their respective owners.