Port 80 Report Highlights Network Risks

If IT security professionals think they are protecting their organizations from Web application-related threats by securing Port 80 on their network--the firewall port through which Web traffic passes--they need to think again, according to a new report from a network security provider. The latest "Applications Usage and Risk Report" from Palo Alto Networks discloses that 35% of the Web applications and 51% of the Web traffic in enterprises does not traverse Port 80.

"There are some risky applications in there," warns Matt Keil, senior threat analyst at Palo Alto Networks, including ones that enable remote access to a computer or that enable file sharing. "The focus on Port 80 is absolutely a requirement, but too much of a focus on it is short-sighted." The risk to enterprise networks increases as companies use more Web-based applications and as companies use more social networking apps that are delivered over the Web, such as Facebook, Keil said.

The report is based on an analysis of the actual aggregate network activity of 1,636 Palo Alto Networks customers globally. The monitoring tracks all the applications used on each network--whether in a traditional client/server environment or, increasingly, via the Web--the amount of bandwidth consumed, and other factors. Each of eight reports the company has published over the last four years analyzes the previous six months of network activity; the latest report covered the six months ending in November 2011.

The report shows that only 25% of applications and 32% of all traffic used Port 80 exclusively, while another 41% of applications and 17% of traffic used Port 80 sometimes but also other ports, a practice called "port hopping."

Palo Alto Networks is a provider of what is called a next-generation firewall, technology that delivers application, user and content-based security for corporate networks. The company was identified as a leader in a December 2011 Gartner Magic Quadrant report identifying key players in the next-gen firewall market, along with competitor CheckPoint Software Technologies. Other players identified as challengers in the space include Cisco Systems, McAfee and Juniper Networks.

The risk to networks of Web-based apps is driven in large part by business use of social networking sites such as Facebook and Twitter. A conclusion we also made in "Rebooting the Antisocial Network".

Initially, most enterprise use of social networking was "voyeuristic," says Keil, in that employees merely viewed content on those sites. The latest report reveals more active use of social networking for posting content, downloading Facebook apps and games, and installing Facebook plug-ins. This happened as companies developed business uses for Facebook, he says, citing examples of heavy equipment maker Caterpillar using Facebook to communicate with dealers or the Ford Motor Co. loaning several of its new Focus compact cars to drivers and inviting them to post their experience with the cars on Facebook. Twitter use soared to 22% in the latest survey from 3% in last year's survey.

While the use of social media by its clients is likely a mix of business and employee personal use, the company is still taking on increased risk, Keil said.

"Social networking has trained the user community to be far too trusting," he says. "Cybercriminals have figured that out."

Also increasing risk is the wider adoption of file sharing on corporate networks, through such services as Box.net or Dropbox, to share files with employees working from home, for example, he said.

Palo Alto Networks was sharing the results of one analysis with a customer and noted that a number of employees were circumventing corporate security policy to run a utility called "remote desktop protocol" on a non-secured port to remotely manage servers or PCs. Keil said some of the offending employees were in the room when the presentation was being made.

"It was somewhat uncomfortable for those folks," he says.

Learn more about Rebooting The Antisocial Network by subscribing to Network Computing Pro Reports (free, registration required).