Undetected Threats: Cloud Storage

Cloud storage solutions allow users to access their files from virtually anywhere as long as an internet connection is available.

The files are stored by the solution providers.  Usually the files stored in the cloud can be accessed via a web browser or by installing a client application.

Some of the most well known cloud storage solutions are Dropbox, Windows Live SkyDrive and Google Apps.

One of the easiest and most effective solutions of this kind is Dropbox.

After installing the Dropbox client application on a machine, a folder will be monitored by the application and the content will be automatically synchronized with the online storage. Thus, any file change performed in that folder (e.g. adding a file, changing a file) will be mirrored across all of the computers where the client is installed.

Similar to a USB flash drive, this solution can allow:

• data leaks and theft
• introduction of malicious and other unauthorized software to the network

How can I Detect and/or Filter Dropbox Network Traffic?

The Dropbox client communicates with the Dropbox servers via HTTPS.
In order to detect usage of Dropbox in your network, monitor network traffic to *.getdropbox.com and *.dropbox.com domains.
In order to block Dropbox, make the DNS lookup not work correctly for *.getdropbox.com and *.dropbox.com domains or block network traffic to and from *.getdropbox.com and *.dropbox.com domains.

How can I Detect the Dropbox Application using GFI LANguard 9?

From the GFI LANguard Scanning Profiles Editor select the current profile and add the application named “Dropbox” as a not authorized application. In order to also detect the Windows Live SkyDrive client application, add the applications “Windows Live Upload Tool” and “SkyDrive Explorer” as not authorized.
After changing the scanning profile, perform a security scan using that profile. High security vulnerability warnings will be generated.