December 31, 2010, 9:54 AM — Is the firewall obsolete? Probably not, but current implementations were never designed to cope with the threats posed by Webmail, various social networking tools, and even popular corporate collaboration applications like SharePoint and WebEx.
"If all we had to do was block the application, this would be easy. But in many cases, business needs them," says Nir Zuk, CTO of Palo Alto Networks, a network security firm and firewall provider. WebEx, for example, is a great way of leaking data, he says, because it allows presentations along with file and desktop sharing. When files are shared they are not scanned for viruses or leakage.
[ Find out how to block the viruses, worms, and other malware that threaten your business, with hands-on advice from InfoWorld's expert contributors in InfoWorld's "Malware Deep Dive" PDF guide. ]
Even more difficult is the challenge posed by the use of Webmail and social networking tools at work. It's not clear how widely tools like Twitter and Facebook are used in business, but there is a measure of how much traffic on corporate networks is generated by Webmail. And it's more than you think.
Palo Alto Networks monitors traffic on the networks of more than 700 corporate customers, with an aggregate user base of between 1 and 2 million.
In the first six months of this year, Hotmail was used by employees at 90% of the security firm's customers, Yahoo Mail by 88%, and Facebook mail (messaging, actually) by 79%. Facebook's usage per user is less than that of its two rivals, but that's changing: Facebook usage as measured by bandwidth consumption has increased by roughly 15 times since the spring of 2009, according to the survey.
Why is that a problem? "Organizations have built a Maginot Line on port 25 with defenses against malware, spam, and phishing," Zuk says, but none of that affects Webmail.
That's because corporate mail, such as Microsoft Exchange, is routed through the heavily defended port 25, whereas Webmail goes in and out via lightly defended ports 80 or 443, says King. WebEx also uses those ports, as does SharePoint.