The University of Liverpool recently found over 3,000 individual instances of Dropbox running on their network. These unmanaged file sharing points throughout their network were causing an ever growing list of increasingly serious complaints from their users:
- It was difficult to establish who owned which documents (an important issue when writing your dissertation).
- It was difficult to establish cleanly defined groups that needed to collaborate (the Econ 203 Fall Semester class)
- It was impossible to safeguard data as students, administrators and professors left the organization (potentially taking large amounts of personally identifiable information with them).
With the above in mind, we present to you the following methods that you can use to detect and block Dropbox on your own network, in order to keep your files, permissions, and collaboration secure.
Get a Free Data Risk Assessment
Null route DNS for Dropbox requests.
Depending on your DNS setup, you can set a custom record for Dropbox.com within your network that will prevent Dropbox client apps and the website from being accessible.
Use your Firewall to block IP ranges.
Dropbox operates their services from a comparatively limited number of IP addresses. If your corporate firewall has the ability to deny outbound requests to an IP address range you can add these to its ruleset.
The American Registry for Internet Numbers (ARIN) is the organization tasked with handling the allocation of IP addresses and Dropbox’s list is located at:
http://whois.arin.net/rest/org/DROPB/nets
It should be noted that the above two strategies both block Dropbox, but may or may not identify Dropbox users on your network. Most firewall applications keep a log of blocked requests which you could use to trace back to the IP address of individual workstations.
Alternatively, you could use search through your fileshares and workstations to find folders that match a certain pattern. While it’s possible to add this to your virus scanning software, we’ve found it easier to use a PowerShell script.
https://gist.github.com/mbuckbee/982a400135d5a943e97f
Scanning home folders
If you have Varonis DatAdvantage and your end users store their home folders on your file server, you can find Dropbox users in seconds. See our KB article to find out how.
Use the Force wisely
Dropbox is certainly a great individual solution — we’re not arguing otherwise. But in an enterprise environment, it does increase the risk of sensitive data leaking out of a file system.
If you understand the risks and are able to justify Dropbox in certain scenarios, more power to you. But otherwise, we strongly recommend you take the measures above to block addresses and detect users.
What you should do now
Below are three ways we can help you begin your journey to reducing data risk at your company:
- Schedule a demo session with us, where we can show you around, answer your questions, and help you see if Varonis is right for you.
- Download our free report and learn the risks associated with SaaS data exposure.
- Share this blog post with someone you know who'd enjoy reading it. Share it with them via email, LinkedIn, Reddit, or Facebook.
Michael Buckbee
Michael has worked as a sysadmin and software developer for Silicon Valley startups, the US Navy, and everything in between.
