Si vis pacem, para bellum Home | Articles | About | Contact | Forum | Wednesday, February 22, 2012



Lunarpages.com Web Hosting

Mailing List

E-mail:
By Joining the mailing list you will be notified of site updates.


Show Your Support For
This Site By Donating:








Audience: System Admins
Last Updated: 4/12/2011 6:22:45 PM
**All times are EST**





HOWTO - Block Dropbox

By Erik Rodriguez

Tags: block dropbox, dropbox TCP ports, dropbox IP network, dropbox security problem

This article demonstrates how to effectively block the use of Dropbox on your network.


Introduction

Dropbox is a great application. It makes things easier for a lot of people and works great. However, it poses are great security problem to corporate networks. Dropbox exposes company devices to possible viruses, data theft, or other unwanted possibilities. The following sections outline an effective method for blocking the dropbox application on your network.

Dropbox Operation

Dropbox was designed using TCP port 443 (HTTPS) as its choice port for communication. This is choosen by design becuase HTTPS is used so frequently, it would be impractical to completely block the protocol. So, I was forced to block Dropbox as the destination network within the corporate firewall. This means traffic from within your network requesting the Dropbox network via the Internet.

Blocking Dropbox

I chose to block the entire /24 which was allocated to Dropbox. I wasn't sure which IP/IPs they were using for the application to phone home, or if they had any type of load balancing in place. By blocking the entire /24 (208.43.202.0), anyone on the corporate network would be unable to sync files within the dropbox application and also be unable to reach the Dropbox website. You could allow users to hit the dropbox website by specifying a separate policy for HTTP to 208.43.202.50. That would allow users to pull up the website and nothing more as Dropbox requires HTTPS to operate and will not work with HTTP alone.

Dropbox blocked log
Click to Enlarge
Dropbox Trying to Phone Home

Results

The following shows the log of the block policy which restricts the corporate network from reaching 208.43.202.0/24. As you can see, the /24 covers all IPs in the subnet and effectively blocks access 208.43.202.51 which is used to sync files. The Dropbox application will continue to request the destination network as long as the application is running.



Contact Us

If you found this information useful, click the +1 button



Your E-mail:


Subject:


Type verification image:
verification image, type it in the box

Message:


NOTE: this form DOES NOT e-mail this article, it sends feedback to the author.

Password Hacking
Using a Non-local Colocation Facility
Linux Server Administration
IT Chop Shops
Flow Viewers: SFLOW, NetFLOW, and JFLOW
Exchange 2007 Back Pressure
IPtables open port for specific IP
Politics in IT Departments
HOWTO - Block Dropbox
Cisco IOS Cheat Sheet
Subnet Cheat Sheet
TCP vs. UDP
Design a DMZ Network
How DNS works
Firewall Configuration
Juniper SSG Firewalls
Server Management
Configuring VLANs
Runlevels in Linux
Server Clustering
SONET Networks
The Red Hat Network
Server Colocation
Complicated Linux Servers
Dark Fiber
Data Center Network Design
Firewall Types
Colocation Bandwidth






Copyright © 2002-2012 Skullbox.Net All Rights Reserved.
A division of Orlando Tech Works, LLC
By using this site you agree to its Terms and Conditions.
Contact Erik Rodriguez