Here are a few things to look out for on user computers on an enterprise environment, namely P2P and other stuff to block. Either create scripts, download uninstallers, or block the protocol from the network.
Update: in 2016. More info now available.
Remote Admin Tools
More on RATs.
- Beast Trojan
- Imminent Monitor
- Sub Seven
A RAT is pretty self explanatory on why you want to block it in your enterprise network. The last thing you want is the ability for malicious insiders or outsiders to be able to perform unauthorized surveillance on your employees.
More on anonymizers.
- Coral CDN
- Packet ix VPN
Internet privacy concerns are certainly a hot topic and they have a great personal use but they have no place in an enterprise network. These tools can be used by your more savvy employees to evade network protection and blocking efforts so they can do anything they want online.
Not only is this a disregard for acceptable use of company assets, employees are misusing them, creating a larger attack surface that what was thought to be allowed.
P2P File Sharing
More on P2P.
These sharing programs need to be blocked so not only bandwidth is preserved and controlled, but also employees often share more than they intend to. This is a nightmare if you have specific data you need to protect.
That’s it for this article on P2P and other stuff to block at your enterprise firewall. Besides making sure network communication for this stuff doesn’t happen, I like to try to identify and remove these programs from users computers, even if I don’t physically touch them. I always talk to the user though. It’s important to get the risks out there, even though users rarely accept these terms in a calm and sane manner.