|
|
|
Why Enterprises Shouldn't Limit Web Traffic
By: Don Reisinger
2009-06-18
Article Rating:  / 14
There are 26 user comments on this Network Security & Hardware story.
Why Enterprises Shouldn't Limit Web Traffic (
Page 1 of 2 ) NEWS ANALYSIS: The business world is deathly afraid of allowing workers to access any site on the Web. A new attack called Nine-Ball, which targets legitimate sites and then redirects users to malicious sites, is just the last security issue that keeps IT administrators up at night. But in the long run, blocking employee access to Websites might be a mistake.It's become commonplace in
the business world to limit employee Web traffic. At many firms,
regardless of their industry or size, IT managers are being asked to block
access to some sites and in some cases, limit the amount of time users spend on
the Web. By doing so, they can limit the impact malware could have on the
network as employees spend time surfing the Web. They also believe that
the more employees visit their favorite sites and check their email, the less
productive they are. And that translates to poorer business performance.
To some, that argument might make perfect sense. And it's only bolstered
by the recent report that over 40,000 Websites have been
compromised in a mass attack.
According to researchers at Websense, an attack called Nine-Ball has targeted
legitimate sites and redirected users accessing those pages to a malicious
site. The attack is the result of a Trojan that used FTP credentials to
input automated bots on the sites. When a Web surfer visits a site that
has been infected, they are brought to a page that contains the exploit
code. The person is then pelted with drive-by attacks that attempt to
exploit Microsoft, Adobe Reader, and QuickTime vulnerabilities. So far,
Websense said the Trojan has a very low detection rate.
For some companies, that's all they need to know. There are real threats
on the Web and if an employee even makes one mistake, they can be subject to
malware that could put the entire network in danger. The end result could
be lost, or worse, stolen data.
But perhaps that solution is nothing more than a quick fix to a much broader
issue. The reality is this: more malware than ever is affecting company
networks, even though the enterprise
is doing everything it can to limit the amount of access employees have to the
Web. Doesn't it stand to reason, then, that if blocking their access was
such a smart move, it would actually work to limit company-wide
outbreaks?
Companies don't need to limit the amount of access employees have to the Web --
they need to learn how to more effectively deal with the threats.
Education
Nowhere is that more evident than in employee education. Simply
blocking an employee's access to certain sites won't help the company stay
safe. Malware is a real issue today because most people don't know what
they have to do to keep themselves safe. Does a company's employee know
not to open attachments from someone using an unknown e-mail address? Do
they know not to visit untrustworthy pornographic sites? Do they know not
to click on every link they see without making sure they're being redirected to
the desired page? Do they know what phishing is and why it's such a major
concern? Do they have apps installed on their computer that are designed
to warn them about possibly malicious sites? And do they know how to
react to those warnings?
These are some basic questions that most companies would probably answer
"no" to. Most companies don't do enough educating of their
employees. And in general, they simply look towards the easy solution --
blocking Web traffic -- instead of looking for the smart solution: educating
employees on the perils of the Web. If employees don't know any better,
how can they be expected to stay safe when faced with an attack like
Nine-Ball? That Trojan uses trusted sites to gain access to a person's
computer. Only education can stop it.
| | Reader Comments: Why Enterprises Shouldn't Limit Web Traffic | | >>> Post your comment now!
| | BOFHThey are putting limits on you by asking you to do your job?! That's horrible, what kind of employer would do that?! How rude. Posted At: 06-23-09
By: Aaron | | | | | | BOFHI love and support the idea of a free internet, but not at my office. All of our users would sit and surf Facebook and Youtube all day if given the... Posted At: 06-23-09
By: Aaron | | | | | | Ugh!There is a pile alright... this comment. Taking a walk around the block vs. sufing mailcious sites is dramatically differnet. If the product of... Posted At: 06-22-09
By: Anonymous | | | | | | Training is not enoughTo suggest that because legitimate sites can be compromised therefore there should be no filtering is a complete non sequitur. We filter to avoid... Posted At: 06-22-09
By: Another Security Guy | | | | | | A user comment on this articleTo any and all of you that take a smoke break, take a walk around the office to get your legs moving, or gossip for a few minutes at work. I hope you... Posted At: 06-21-09
By: Anonymous | | | | | | A user comment on this articleSurely basic Web tools like Email, Search Engines should be available to a worker, but why do these workers need unlimited access and time to peruse... Posted At: 06-20-09
By: Anonymous | | | | | | A user comment on this articleIt is cute how you think that the people who support limiting web-access are all smoking, gossiping nerds with a cake addiction.
Let me tell you... Posted At: 06-20-09
By: Anonymous | | | | | | >>> Post your comment now! | | | | | |
|
 |
|
|
�������x}ks۸q�f89�)mGJɖĶ|,%Lm.EB��CR5O['7n7�%?8�["�����~$I�Ӟsǘ[�cSݣ&$5~M4i#WP�5rJԲ|W�R�#Yntj�5���5Gl$J~x#AT�{��j"�xL9�
ƜM}ٜi�7'x2 X��� 8���rڀ'�j���m�(CL��Ž?�K��E!{O|2#�ַ8>v@?�V�9AÙML}!�
Kd/B(?cR;5G{F5{�>Ӏ�o`V黖8$#o�AU�VekV:6^�;�4r9Fȹ�3�z$aPr&Nww#2�5IR�ZB[
�4Ԙ�HGeCc7`Ww,ǃɩT*K,Ԣf̴;gj�5[g�c}ױ}ǣ��!&�$ftj�v?ƭ?���M�+�.n5�yaO,ӇqtRp�ce[7G0ml_j|�4f9s8$sz5
�wj%ؘE
=�y74Ja�z�H��O�L�E��7rؗCYA閩m�Ⱥus�ZSbT+Vrww3mù-Ӟߛ�7;7zsR)�9�(�h�nkZT0�ݓ^w: �O7y@ΰ�{A~Aw"�DT-�ʅJX<%ȇ¤�Tb= u3P��%PKT/z��$ڑ�f1S$�XIcF/X
�r��s1\]^u�2蜼?vN|��b(T
PAbPKe+5gxk_/:OO�vON{W=�>;sو���lnAZ|YkU[_nG�߮C"I,E[!fT}N�}�%I���F95Fm'!|�e�
mx�Z.fS�4!�E�&-?`;Nh>[ <[
K�PA}x�3껍Z��=H�}m�`�9�5$&CMߟ��-�s#09ww��ښA�<�Q]ӑ4|a�
h�p.pp�yY?90��D>�o��ޜ�jL�L<�ģ\Ԇ!~9.b�&;A/�t[t=JIQ�mA�t�"BђF��
�4� � gscX"C"'� [AX;� a��ʥ�\.3=�ry !3g��}vn ˥=*%�nqR%a 3��ʬ$&vϺ[L�ȉ#�m"0�9X����
-'Z
X��%ּ
f�jROG4MǦn�f#@�ji��K0Pl;�ik`0Ԑ(ʲMg9@��Ϲh���m'ȓcR@�6Êi֜�Ǻ����2n&٦͙iÂqjS�9_A�\!4�Lh�,G7u�準I(�BZr�I2훿
/&]�Lqα�r�B&�k:H(X3�b-y�r�pm
M'WVֹ�{r*U_I�T$�3�Q2�j-�ӧ�N�Eۋ�)I�:3X-��8E4W-�eSZqlzAn^ӛA| ^֥�(�*4F�@0V�_Xv�o�j)(`|M(" !�t��sqʹ,C�/0Je�ǝ:~6Ҧ�� ;B-
=̔:Y[����^�|��@'��K |o2tJ.��k1sM^^��V�꺰']9�g!�A��0|p$'Z>�plZ`/R7&Ŀ4wڳ�2b�J�,ǢRVBE��l
�ؑq,�Y�X�Tر,.�1}6Ț a(JuѧU(sӞ��#g&$#gGZ�
88qx3??4XQ��&<�[?\sz]1UF�>3�$�hDj�4e2fL4_�0-x8�J�D9hTTJ&R4Z�0@Sykv;�0$5`m\��>(gpF,`^���| ��&�DBR� �-�B�:$f��߀RI��,C$>�OM{c>4�ZU�n�v#�3�Ho
0�-�dqTb}vW�7{%|h��#R�@
j`��
Kx{�ZCAm3۩Dw�]܁c2P=H(T�g7gME]ac6U�{zn&�)ZmMӓ˓U;4
OcIۛ'or-rF�Lk�30�j(�Y��|;` rfVɵtNd_��&F}G��ϣG^Prb,Y`�#1�s*?�.=�)3P홗4`ϘSG_k`pl1�\APB71l�kܕۿܵ
zORD�71�PUL��x�g4sfDcK�6j]�+'A&�l�EzE�k->Q!2!n`��'U@�MOT*E0=k"��a�^&�k꾬=M~qD�yC[*�!Sю�"eάɒ7(���C�iA/%{��c>�_I|SeȃV�)k�i�+TTV ?�3pa-XTjʑ��+Ȋ@G�݉��?^�n!ȕ: &�I0@|)@T�DUPU,UBYI�z$pE]T1n?cV�VW`j-^2�۹i�n.D�9[��47�ʨK^�͖�M%�4e3/쌸-9DX<�y��b�ha�L%Q;k]l@�h secn-`I3I)�`�{IO4c
�J3dF.zA�]$X+Jړ$t`�� ۳<0�%q*LLi;�I@r;qO;a>&rn���:��*B�e!%�O.'�-U*JX]q,g(
�,O$�� Yz>�ɷw��f/lCXx|{
`?K�H�HD�>Dif\{e"�>QX�|hhqN��^_~?؇^߫5eQb���E6 w܆cy_%
?�S-l8F::~�ݕDwɟ{?\wۃ}@:mw>������?k�ٿn0yNA�`�}4.�PЇߤE!)��X|xwxіw�~61%|˾NIUw $(��X�Mp_��k#O%e^;lᳳ `�y Br+ǽw.u/ėtOzg+~�u/:R1ARdG��u}wqȒu8*DYu�p|ly0amG�'E��P_?8�I]�4��H0 BXzW�'��^t&�֒}UYq�!q6a�lϽ5/Q�֭
Bb/�3۟Bd|PZ#� (ʑ�=`=����`
Ɉvy��N�αg@d�B@np�kz!0B�F_�XJI�!)W$f'e�*K���z?"iZ��_����w j�Eާ�P!ARB�9kũ-pOӖO\�fax!u-0q�%՝R"0oBٺCO[�,l],��gSs$SJ)�Ҥd�AgJȄayBSf�k�*C@$ğ_2JIv(+6Ht(dA�j��Ӛ]e�.鞿۹m|d<<�RpLCR��à{:�� e!>�倏w�qJh��鳁VKM^c'�`|x�r�'|'xj��}yU�|/uϏ�Ķ{3��= ][�=vc�%vd��:Gw*b9,_�}hrrӅ[e�Цw�y�$sm�CgڂLرDM�~�h=;0�t�7�X>3�q=�vbϓ{~�\[�("Ξk�e氎縅*
nW�g4!&HG.z�:�tH=ar�Js ނ�j�3G�:j��2'|^ϫ����< h��`�#Fm`"fFs�8EE[\f�mff7c6!{� Rb'��]UN��i
��zc{ƹ�39���@�*y�x�\�[w5&P)<��A~F<�v�4�)[7yΛF}hn;�d�⫆ܖ�~�@F'�FY�X��W+�*��^÷zgV�(�|[vz��_cLRF<տ�
�*��֒K0s(p!$~�8�M{fr+���7�~#fɸ�!E'͖�x�LM>_�'�2>6,eMJmH'�x�Y c%%�RjJ]�K wtt ]\O�"�$jR��o9w��+"T_�{e�̾9ZLD]9D#Tq��3y6yܑ1�`J%v -q��XѦcj7_����
1�TFP踌ֺuL�L� =A}{!/^OY�g���eIeY�#RTQ"g�ih�0DrSHiٟO&GΒc��p/Ec�i`y�)V9 ��y^��J_ z�
� �&�[L,MYQ�2 .Bld5>9e�xu�:�S^�>8V�c"QlD�
��ގ¹�eF駖3V霪UY,`�0@lc;n��{jY*LdMɒ+v!oWH+JCyc�"Q[�UC$Bp�;R^<��Γy2<6wcHn�to¹/daNg;Y,4�39��x =>5�>`e͢^04|=*�k!.MbrpU%tVTo2O]O�FqܼAo"~6$]Z�u,��F]%B''��Ј{ݨ�Rr'J�5�~2Pb��f0�]`SjAЊÜJs?(F
C'%͕��u�R_3�O
<|5� a��1��"���I�!2u=�-'%uUD;:��!;^�l\3-)V 8�R�J"�` 2k{,�hƖ�gȸ{4�Wܰe�yt_,VI),BE:;3tS���(���`io0�}�'�<<{}� |Q�$l/�sχ況!1ݻݻݻݻRpUT5X⣔\/)پ�* �&��vf/mF��n㈚J^۹fHWT\P��{�/n@?2S�*��G�@B�>h[�e/ńu::J
���,VYmGw�)!���"� � I��|Exv�n/��~0�LJ 9K��tY�݄
7�KĎ
c�l3�P$�C����I���hΗv-FpE_�8.ۣD{8�$2���*� �@B� %�p�ᛑ0�{4mܶ{�.�?w�;ϹC8�ܲ��[2GLQ3cQ�f-*n,LpggK'�w�(L!z7�{�[0a��QsSFU�&<�u��+{߮�l'+x4dφg�Vj9�Dpˮ�"XC� ϖ�Ma��q�븚e}{þ%�⛽N�6ŗoA9r_|k�vKF"u�ޘ=y�B�tC�bb)$Bcc*嵙
�A�5�[�o��6௺eula}f.^�eHk/y�*qdyΜ[uV)Kj;1�wmL]O�zl/L�E_&pj6�_fؐ,l%"Q0M{:C��aqX3'́ů
$�Xy�|&�]01��;>&*5��3FR�|}۫R_V#*�-�/*`,k��pOw�}\��S&Lm!~��0�Ǥh�6]�^�i=>:WNɌũ߱yxHި�(�j@�L75
~Z+
R-dZ8 ?�KL)`@q/I�Tnp=jh�DZۤHd�m\XϑZTʅJvwȟ_
C*UV*�<�u\�FD9�~z��'}ZrYģV�=H6RPP.(zzY�v'L/( �pr�|XoZza.7�Iu8I D�'0l�{wn/�b$�W7 a
�Mg�vl"6\%�pp|�N om'�&
)<}]С�ܛ^�J_�_q4<~�ڀ��k�El~E:��xd|-~�V`of�E#d2z�ޘ�:�#�Y�JWH7��}�H['鍀��I��䏖+62s��j�l�o /�u\w:��Z3rѹu�U�=<��yH�gw9Cߑ7E0LmAG��Gn��̃:$�.+JAW�^v'��k:L�\vS]աu/
tC[�
|9@G)��9Ĕ#XFot?\]R$E�1p4�*gj5T�KL
2�@�:
x�E���{ߟ}i'[� l��x
�D�x&�7ۈ�;���f�[s��Ӗ���D��ȧ^1rOKT-C@a=Q#�3(�9;zT
P"1XJۀ.JU��E �d����w���
s�n
Q@J ͍$j0\�,pn�`�:>0"(S[��]ă0T]w7h3(hMqW�Ag#L�m>�&T5Kqj�ldaQ(�b:+M4?��}�g)s)aR;<�Q�@�<�Pl�4'��7&(H릧o�u;5u_F�`��p���3�W�VjR�&uMCu]���
đzKwy
}vf5{�8~RO�r%-r�`x�FNRsdhhz?[�v@|
LBz،Pf�r5[giUC�'WAwA;gk<̈́m[8Z?sk>]~>^t.���M·_3mmP0mw�%E9ũi�'\�«XeqxgixɎ>+b�h,.6!.}����Uüz�Uzq���LA~ݾj6Z[NAw��/|veQ�Ȑ:o|jaA5�ZZ�+�!zU9j67a�nq���4ħ�Yd@z�\34[E�YF�(Q�Q~�WOZ@�2ʑ�ۀv'�O6�~N3�.>Bﻹn;3ʡ{Q�fC?(�7���s�?�9?ς�=9<�?0�}g9y�}"^d�(�3�(?rߋ��A{�eȟ�ȗ^|�̠Kx2+�����
2o+#��埲a|2 )�P~U�{AuF@�ugK\8=r �gs�z)W@^d_�~*%iFy�3YE�zvA�X^fR51
�odnleֽ<鵓
aq�+�7YKxKL3cn5:�v�ņ^_�t��v l+Jy.)ܲ�}:QOkXE)9K8�GX%Üf1'\�S9���|.y��|e8�Nt�1W }^fҖ>��6?
fV�d{r��Mts�n
�v;v3y]b�ć¸x�&@_�?&7S'.�pyk;ُϋGkw�յq@5Af_b
9)'<+?u>��z�P�xZLxNޢD�);F�y5bi3�׃>Zqz`�~Uw=
�!�Y>Y"h�,hMdB�'pZ`(�"B7�4�\9Kqb
a箨%gh�7xF
{0��ǽL�Ԍn�@ 9w>*%U-�Pя{%!W5��= 8�)rA��[��VzT��,.g
�/(�@#غM{%}C3<8fȳRLq�
u+ҷ�J�!'\B�x�ۥm!�eL+,e��nQKp$v��@0�~Y8P*`)�K�؞:�F^G$�r�g�Mߟccť��6�%bn�1vK�u¿.ydp&z#ӄ�w�YAD˸�f�z4}�z<80mJN)´Ib|33�7rɌHτ[6пCSaK�Q,V�n��k`V{p-�#2O,�ՂXJr�
9;9�_(Z$ǖ��D��I_�\3u{̪{4yxa�w���.
]C?yaU|_����"�n+QnUv����w��;`=ݸ1lx��f\3a3 ӮS_G@��0A��m
�oi>M45~�ɱdL(�1�k�EF(�t#BC��qn��caYl@ꃧrS�l�Y`_CBbЗ #+�;Vk�*q8w�tss?pl�FCv';hoX�9�VX#e�
u/��EݩcE^F�D뮔G����^&(z� ̸6�Iϐ�R8�K)�#2s�e^kd9HR�=�I�*4uMf�βْ�-��szn%0)%� �KBl�m�H�{X�|@ăx!$K0W�?}6[lz�,X̨D�
Ǩ%��#]^Πb��_7sԶeEQ&PL��®#U%�$taP/���\w|7(6؋|!O'
ϻy�_wJ�0~�%T)?C�?ˠvSl]@�_vܹi�UhH�m;��:�֕h2֭0�kc'p�'!-X���o;:SAW��C�⁜0ћv,jL_u$z�dz$_Oxª~Saxr=F���d���u-I�S`i"Cr8�vI �)6%O��-����`⎈me�@�e֘9H\�*,Ef �����?Fo�y�ΦƖ���OWt:�y@t�z-�E�Ofu�ݍ2Zlk��]+l�1Ca]R>E+�
]'[ۧ3�й?-{�ט/���e;���]�,�{��QFb�VB�q얢u���nD<@x?Ɲf`@Z^˳��sLN
�$*.f@�h<�4W�6QĶq��yn5}qX0#Er�gǣB^d'KWc�M-^chX$֬-"�K�께�#yA����s�3��v=ǘ mr7u,r�?���],M��c|R�c9zbf�r癰�W`2M��.<�ȳ�(`F,��Lv"V�KJMΡmbQ
aڇl*~�H�& �,{�+�НD~xFs-^|ϋ�|��E>�WNENE<<�*IDy�)�V@��O{
|>"�:xqea�= Vt*N�og P.�i{TO34[;��?{��?;w a�%
ѨT\��_w���zW1X�Y~K['�]>^hI:v'
AHc.[v]"^ֳo
.A|>ǐy6�=x�L�
귦k�ZQw�NVtƢ�I26pzRWJV0�1{6JܖmJƨP:M\"GZk/%!zRM�j39Q��2kG�sk&|Ʒ�R2ұeRZ`l/Z6�$]+��
|
Network Security & Hardware 
