Port 80 Security Measures Bypassed By Most Network Application Traffic

Contrary to conventional wisdom, a significant number of applications running on enterprise networks do not pass through port 80, so securing just that port does not protect the network, according to a recent report.

Application traffic analysed by Palo Alto Networks in its semi-annual Application Usage and Risk Report found that 35 percent of the applications on enterprise networks never use port 80 when communicating with the outside world, Matt Kiel, senior research analyst at Palo Alto Networks, told eWEEK.

Applications that use only port 80 and no other port, represented just 25 percent of the application traffic within the enterprise, according to the report.

Traditionally secure

Historically, most network traffic passed through port 80 so it made sense for IT administrators to concentrate their efforts to securing that port, Kiel said. However, many popular applications, such as audio streaming, games, instant messengers, Webmail and others use port 443 or switch between available ports. The amount of non-Web-based traffic and applications used within the enterprise is much more significant and widespread than most people realise, according to Kiel.

This was an “eye-opening finding” that there was that much traffic potentially being missed, Kiel said.

The latest report makes it clear that security teams that focus too much time and effort examining traffic passing through port 80 are missing a significant chunk of bandwidth and may not notice threats elsewhere in the network, according to Kiel. The applications not using port 80 accounted for about 51 percent of network bandwidth, according to the report.

The use of browser-based file-sharing applications such as Box.net and Dropbox are increasingly more popular. The report found that 92 percent of organisations have employees using these services. The report identified 65 file-sharing services and found that an average organisation used 13 different sites.

Social networking site activity also grew in the enterprises, the report found. Even a year ago, a bulk of social network behaviour was “passive”, with users just looking at their newsfeeds on Facebook or viewing posts on Twitter, according to Kiel. This version of the report found a dramatic shift to “active” behaviour, such as playing games on Facebook, uploading content, and increasingly using plugins to access content online.

This is also accompanied by more organisations using social networking techniques to engage with their customers. Twitter usage alone increased 700 percent, from a mere three percent of bandwidth consumed in October 2010 to 21 percent in December 2011, according to the report. Kiel clarified that this was just activity on Twitter alone, and not using third-party tools such as TweetDeck or other applications that interact with Twitter.

The “active” engagement occurred right about the time various demonstrations, such as the Occupy protests, were grabbing people’s attentions. Kiel said he was interested in seeing if social networking usage on Twitter and other sites continued in six months, when the next report would be generated.

The Application Usage report is generated from raw data collected by Palo Alto Networks from potential customers who deployed evaluation units of the company’s Next Generation Firewalls and represents a real-world sampling of what kind of applications are running on enterprise networks. This edition of the report is based on data aggregated from more than 1,600 enterprises between April 2011 and November 2011.