Detecting Dropbox on Your Network

save
Share and earn Cybytes
Facebook Twitter LinkedIn Email
papers

The University of Liverpool recently found over 3,000 individual instances of Dropbox running on their network. These unmanaged file sharing points throughout their network were causing an ever growing list of increasingly serious complaints from their users:

  • It was difficult to establish who owned which documents (an important issue when writing your dissertation).
  • It was difficult to establish cleanly defined groups that needed to collaborate (the Econ 203 Fall Semester class)
  • It was impossible to safeguard data as students, administrators and professors left the organization (potentially taking large amounts of personally identifiable information with them).

With the above in mind, we present to you the following methods that you can use to detect and block Dropbox on your own network, in order to keep your files, permissions, and collaboration secure.

Null Route DNS for Dropbox Requests

Depending on your DNS setup, you can set a custom record for Dropbox.com within your network that will prevent Dropbox client apps and the website from being accessible.

Use Your Firewall to Block IP ranges.

Dropbox operates their services from a comparatively limited number of IP addresses. If your corporate firewall has the ability to deny outbound requests to an IP address range you can add these to its ruleset.

The American Registry for Internet Numbers (ARIN) is the organization tasked with handling the allocation of IP addresses and Dropbox’s list is located at:

http://whois.arin.net/rest/org/DROPB/nets

It should be noted that the above two strategies both block Dropbox, but may or may not identify Dropbox users on your network. Most firewall applications keep a log of blocked requests which you could use to trace back to the IP address of individual workstations.

Alternatively, you could use search through your fileshares and workstations to find folders that match a certain pattern. While it’s possible to add this to your virus scanning software, we’ve found it easier to use a PowerShell script.

https://gist.github.com/mbuckbee/982a400135d5a943e97f

Scanning Home Folders

If you have Varonis DatAdvantage and your end users store their home folders on your file server, you can find Dropbox users in seconds. See our KB article to find out how.

Use the Force Wisely

Dropbox is certainly a great individual solution — we’re not arguing otherwise. But in an enterprise environment, it does increase the risk of sensitive data leaking out of a file system.

If you understand the risks and are able to justify Dropbox in certain scenarios, more power to you. But otherwise, we strongly recommend you take the measures above to block addresses and detect users.

Share this post and earn Cybytes
Facebook Twitter LinkedIn Email
Follow
2689 Followers
About Varonis
Varonis is a pioneer in data security and analytics, fighting a different battle than conventional cybersecurity companies. Varonis focuses on protecting enterprise data on premises and in the cloud: sensitive files and emails; confidential customer, patient and employee data; financial records; strategic and product plans; and other intellectual property. The Varonis Data Security Platform detects insider threats and cyberattacks by analyzing data, account activity and user behavior; prevents and limits disaster by locking down sensitive and stale data; and efficiently sustains a secure state with automation. With a focus on data security, Varonis serves a variety of use cases including governance, compliance, classification, and threat analytics. Varonis started operations in 2005 and, as of December 31, 2017, had approximately 6,250 customers worldwide — comprised of industry leaders in many sectors including technology, consumer, retail, financial services, healthcare, manufacturing, energy, media, and education.
Promoted Content
The Road to HIPAA Compliance Wednesday, March 14 - 2pm EDT
Join us to hear first-hand how Rick Thompson, Network Administrator at Hugh Chatham Memorial Hospital, leverages Varonis to help meet HIPAA compliance. We'll also show you how to create an airtight HIPAA compliance program – from determining the scope of your PHI data all the way to setting alerts on non-compliant activity. You’ll learn: - How real customers use Varonis to help meet HIPAA compliance - How to identify and protect PHI - The anatomy of HIPAA (including the final omnibus rule) - A step-by-step plan for HIPAA compliance and ransomware defense

Our Revolution

We believe Cyber Security training should be free, for everyone, FOREVER. Everyone, everywhere, deserves the OPPORTUNITY to learn, begin and grow a career in this fascinating field. Therefore, Cybrary is a free community where people, companies and training come together to give everyone the ability to collaborate in an open source way that is revolutionizing the cyber security educational experience.

Cybrary On The Go

Get the Cybrary app for Android for online and offline viewing of our lessons.

Get it on Google Play
 

Support Cybrary

Donate Here to Get This Month's Donor Badge

 
Skip to toolbar

We recommend always using caution when following any link

Are you sure you want to continue?

Continue
Cancel