Marine One Blueprints found on P2P network

What’s next — the missile launch codes? While the record industry has targeted the universities and student populations in their battle against piracy, P2P use has enjoyed continued success in the business world with the most recent example being the discovery of the blue prints for Marine One, President Obama’s helicopter being found “in-the-wild”.

This MSNBC article, talks about how Marine One helicopter blueprints along with the maintenance schedule were discovered on a P2P network at an Iranian IP address. Apparently the files were exposed by a defense contractor using P2P on their work PC. The blueprint discovery will no doubt garner some very visible press but it is no less serious than the discovery of many thousands of medical records on P2P networks.

In the case of the health care records discovery, one treasure trove of data included data on 20,000 patients, including names, Social Security numbers, insurance carriers and codes for diagnoses. The codes identified by name four patients infected with AIDS, the mental illnesses that 201 others were diagnosed as having and cancer findings for 326 patients. Data also included links to four major hospitals and 355 insurance carriers that provided health coverage to 4,029 employers and 266 doctors.

The unapproved use of P2P in enterprise and services organizations is common. Palo Alto Networks’ own analysis of the traffic flowing across sixty different customer’s networks shows that 92% of them have at least one instance of P2P filesharing. In some cases, there were as many as 12 different variants of P2P filesharing found. In all cases, when asked if P2P was allowed, the answer was no.

One of the big reasons that P2P continues to enjoy high usage is because it is capable of evading detection by today’s security infrastructure. P2P can bypass security using a number of evasion techniques such as hopping ports, tunneling HTTP and using encryption. The issue is not whether the IT department wants to block P2P – it is more the fact that their tools are incapable of doing so.

Can Palo Alto Networks help these organizations regain control over the use of P2P? Without a doubt the answer is yes, along with all their other application traffic. Here’s how.

  • Say no to P2P: Palo Alto Networks is the only firewall on the market that is capable of identifying and blocking 42 different P2P networks which translates to well over 100 P2P clients. By identifying the P2P network, as opposed to the clients, broader coverage is achieved in the effort to control P2P usage. If User-ID is enabled, the offending users can be notified that they are in violation of policy and appropriate actions taken.

  • Isolate servers that contain sensitive data: Use network segmentation to isolate servers that contain data, applying policies to control both who (users) and what (applications and content) has access to those servers. No firewall can deliver the level of policy-based application visibility and control that we can deliver.
  • Watch for sensitive data: Leveraging our in-depth traffic analysis, we can detect file types and data patterns including CC# and SSN traversing the network. If detected, alert can be sent to an administrator of traffic can be blocked altogether. So in the medical records cases, we could look for SSN or patient ID number. In the case of Marine One, we could look for custom data patterns such as “Confidential” or “Marine One” and alert or block the traffic.

These are just a few of the things we can do to help businesses regain control over all the applications traversing their networks – including P2P. This is not the first exposure of this type (P2P exposing confidential files) and because of the evasive nature of P2P and its popularity, it certainly won’t be the last. It’s time to fix the firewall.

Got something to say?

Get updates: Unit 42

Sign up to receive the latest news, cyber threat intelligence and research from Unit42


SUBSCRIBE TO RSS