Home | Articles | About | Contact | Forum |
Sunday, December 04, 2016



Lunarpages.com Web Hosting

Mailing List

E-mail:
By Joining the mailing list you will be notified of site updates.


Show Your Support For
This Site By Donating:











Audience: System Admins
Last Updated: 05/05/2012 10:02:13 AM
**All times are EST**





HOWTO - Block Dropbox

By Erik Rodriguez

Tags: block dropbox, dropbox TCP ports, dropbox IP network, dropbox security problem

This article demonstrates how to effectively block the use of Dropbox on your network.



Introduction

Dropbox is a great application. It makes things easier for a lot of people and works great. However, it poses are great security problem to corporate networks. Dropbox exposes company devices to possible viruses, data theft, or other unwanted possibilities. The following sections outline an effective method for blocking the dropbox application on your network.

Dropbox Operation

Dropbox was designed using TCP port 443 (HTTPS) as its choice port for communication. This is choosen by design becuase HTTPS is used so frequently, it would be impractical to completely block the protocol. So, I was forced to block Dropbox as the destination network within the corporate firewall. This means traffic from within your network requesting the Dropbox network via the Internet.

Blocking Dropbox

I chose to block the entire drobox network IP allocation listed in ARIN. I wasn't sure which IP/IPs they were using for the application to phone home, or if they had any type of load balancing in place. By blocking all IPv4 ranges (at the current time of this article - 199.47.216.0/22 108.160.160.0/20 205.189.0.0/24) anyone on the corporate network would be unable to sync files within the dropbox application and also be unable to reach the Dropbox website. You could allow users to reach the dropbox website by specifying a separate policy for port 80 on the website IP only. That would allow users to pull up the website and nothing more as Dropbox requires HTTPS to operate and will not work with HTTP alone.

Dropbox blocked log
Click to Enlarge
Dropbox Trying to Phone Home

Results

The following shows the log of the blocking policy which restricts my corporate network from reaching 208.43.202.0/24 (an old dropbox IP allocation). As you can see, the /24 covers all IPs in the subnet and effectively blocks access 208.43.202.51 which is used to sync files. The Dropbox application will continue to request the destination network as long as the application is running.



Contact Us

If you found this information useful, click the +1 button



Your E-mail:


Subject:


Type verification image:
verification image, type it in the box

Message:


NOTE: this form DOES NOT e-mail this article, it sends feedback to the author.

TCP vs. UDP
Juniper SRX anti-spam filtering config
Windows Server 2008 Clustering Configuration
Windows 2008 R2 Network Load Balancing (NLB)
Extreme Networks: Downloading new software image
Juniper SRX save config to USB drive
Juniper SRX logout sessions
Extreme Networks Syslog Configuration
Command line drive mapping
Neoscale vs. Decru
Data Security vs. Data Protection
Juniper SRX Cluster Configuration
HOWTO - Create VLAN on Extreme Switch
Using a Non-local Colocation Facility
Linux Server Administration
IT Chop Shops
Flow Viewers: SFLOW, NetFLOW, and JFLOW
Exchange 2007 Back Pressure
IPtables open port for specific IP
Politics in IT Departments
HOWTO - Block Dropbox
Cisco IOS Cheat Sheet
Subnet Cheat Sheet
Design a DMZ Network
How DNS works
Firewall Configuration
Juniper SSG Firewalls
Server Management
Configuring VLANs
Runlevels in Linux
Server Clustering
SONET Networks
The Red Hat Network
Server Colocation
Complicated Linux Servers
Dark Fiber
Data Center Network Design
Firewall Types
Colocation Bandwidth






Copyright © 2002-2016 Skullbox.Net All Rights Reserved.
A division of Orlando Tech Works, LLC
By using this site you agree to its Terms and Conditions.
Contact Erik Rodriguez