The University of Liverpool recently found over 3,000 individual instances of Dropbox running on their network. These unmanaged file sharing points throughout their network were causing an ever growing list of increasingly serious complaints from their users:
- It was difficult to establish who owned which documents (an important issue when writing your dissertation).
- It was difficult to establish cleanly defined groups that needed to collaborate (the Econ 203 Fall Semester class)
- It was impossible to safeguard data as students, administrators and professors left the organization (potentially taking large amounts of personally identifiable information with them).
With the above in mind, we present to you the following methods that you can use to detect and block Dropbox on your own network, in order to keep your files, permissions, and collaboration secure.
Get a Free Data Risk Assessment
Null route DNS for Dropbox requests.
Depending on your DNS setup, you can set a custom record for Dropbox.com within your network that will prevent Dropbox client apps and the website from being accessible.
Use your Firewall to block IP ranges.
Dropbox operates their services from a comparatively limited number of IP addresses. If your corporate firewall has the ability to deny outbound requests to an IP address range you can add these to its ruleset.
The American Registry for Internet Numbers (ARIN) is the organization tasked with handling the allocation of IP addresses and Dropbox’s list is located at:
http://whois.arin.net/rest/org/DROPB/nets
It should be noted that the above two strategies both block Dropbox, but may or may not identify Dropbox users on your network. Most firewall applications keep a log of blocked requests which you could use to trace back to the IP address of individual workstations.
Alternatively, you could use search through your fileshares and workstations to find folders that match a certain pattern. While it’s possible to add this to your virus scanning software, we’ve found it easier to use a PowerShell script.
https://gist.github.com/mbuckbee/982a400135d5a943e97f
Scanning home folders
If you have Varonis DatAdvantage and your end users store their home folders on your file server, you can find Dropbox users in seconds. See our KB article to find out how.
Use the Force wisely
Dropbox is certainly a great individual solution — we’re not arguing otherwise. But in an enterprise environment, it does increase the risk of sensitive data leaking out of a file system.
If you understand the risks and are able to justify Dropbox in certain scenarios, more power to you. But otherwise, we strongly recommend you take the measures above to block addresses and detect users.
What should I do now?
Below are three ways you can continue your journey to reduce data risk at your company:
Schedule a demo with us to see Varonis in action. We'll personalize the session to your org's data security needs and answer any questions.
See a sample of our Data Risk Assessment and learn the risks that could be lingering in your environment. Varonis' DRA is completely free and offers a clear path to automated remediation.
Follow us on LinkedIn, YouTube, and X (Twitter) for bite-sized insights on all things data security, including DSPM, threat detection, AI security, and more.
