CHECK POINT 2013 SECURITY REPORT
03
_ APPLICATIONS IN THE ENTERPRISE WORKSPACE
027
Recommendations for Securing Web
Application Usage in your Network
How do you Enable an EffectiveWeb 2.0 Protection?
The first step to secure web applications usage in an
organization is to use a security solution that provides
control and enforcement for all aspects of web usage. Full
visibility of all applications running in the environment
is needed, along with the ability to control their usage.
This level of control has to be maintained over client
applications (such as Skype) and also over the more
traditional URL-based aspect of the web – websites. As
many sites (such as Facebook) enable running numerous
applications based on their URL, it is essential to have
granularity beyond the URL level – for example Facebook
chat or gaming applications. Once this is achieved
organizations should be able to easily block applications
that can endanger their corporate security.
Enable Social Media for Business
There are cases where organizations choose to block
Facebook entirely, but Facebook is an essential
business tool for many businesses. Companies often
publish information about upcoming webinars, events,
information about latest releases and products, links to
interesting articles and videos.
How can we enable use of Social Media in the
organization while not compromising its security?
By controlling features and widgets within apps and
platforms. By being able to allow Facebook while
blocking the less business relevant parts of it, it is
possible to make Social Media usable while minimizing
its security risks.
in August 2012. Hackers used Twitter and Facebook social
engineering technique to distribute malicious content.
Using a compromised twitter account, the hacker sent direct
messages to all the followers of the owner of the hacked
account. The message reads: “exactly what were you doing
inside this film [Facebook-URL]… wow disturbing”.
The URL points to a Facebook app which requires
“Twitter Login”. The login screen is actually a web server
owned by the hacker that is used to harvest the recipient’s
twitter credentials.
Using the twitter credentials, the hacker can now
repeat the same process using the new hacked account
to easily get even more passwords. The hacker can
use these stolen credentials with other services such
as Gmail, Facebook etc. but worse than that, it can
be used to login to bank accounts or even to business
related services such as SalesForce and others.
After the malicious message was redistributed (but this
time to all the followers of the poor hacked user), the
only effective thing that could be done in this situation
was to post a polite apolog y.