Here are a few things to look out for on user computers in an enterprise environment, namely P2P and other stuff to block. Either create scripts, download uninstallers, or block the protocol from the network.
Update: in 2016. More info is now available.
Table of Contents
Remote Admin Tools
More on RATs.
- Beast Trojan
- Bifrost
- Blackshades
- DarkComet
- Imminent Monitor
- PoisonIvy
- Sub Seven
A RAT is pretty self-explanatory on why you want to block it in your enterprise network. The last thing you want is the ability for malicious insiders or outsiders to be able to perform unauthorized surveillance on your employees.
Anonymizers
More on anonymizers.
- Coral CDN
- Hola
- kProxy
- Packet ix VPN
- Suresone
- Tor
- Ultrasurf
- uTunnel
Internet privacy concerns are certainly a hot topic, and they have great personal use, but they have no place in an enterprise network. These tools can be used by your more savvy employees to evade network protection and blocking efforts so they can do anything they want online.
Not only is this a disregard for the acceptable use of company assets, but employees are also misusing them, creating a larger attack surface than what was thought to be allowed.
P2P File Sharing
More on P2P.
- Bearshare
- Imesh
- Kazaa
- Kogon
- Limewire
- Napster
- Sopcast
These sharing programs need to be blocked so that not only is bandwidth preserved and controlled, but also employees often share more than they intend to. This is a nightmare if you have specific data you need to protect.
That’s it for this article on P2P and other stuff to block at your enterprise firewall. Besides ensuring network communication for this stuff doesn’t happen, I like to try to identify and remove these programs from users’ computers, even if I don’t physically touch them.
I always talk to the user, though. It’s important to get the risks out there, even though users rarely accept these terms calmly and sanely.
