Solved

How do I find a list of all email, dropbox and similar providers?

Posted on 2014-12-17
15
263 Views
Last Modified: 2014-12-23
Hi,

    I need to create a blacklist of locations.  Is there a listing of sites like dropbox and email web sites where I need to be concerned about gets and posts?  Can you point me in the right direction?  A flat file would be perfect.
0
Comment
Question by:awakenings
  • 5
  • 4
  • 3
  • +3
15 Comments
 
LVL 69

Assisted Solution

by:Merete
Merete earned 111 total points
ID: 40506652
Hi awakenings
I don't understand your question, create a blacklist? From ?
With regards to Dropbox I have an account there and sharing files is determined by the list of people you share with,  you can either share a folder or send a url.
no emails addresses exchanged only a link to your files if you so choose
Dropbox shared folders let you collaborate on a set of files. When someone joins a shared folder, the folder appears inside their Dropbox, and syncs to their computers automatically.
Could you elaborate a bit more about your concerns.
0
 

Author Comment

by:awakenings
ID: 40506885
Merete,

    Obviously I cannot go into details.  All I am looking for is a list of web sites that have email or dropbox-like functionality.  I need this for a project that I am working on.  I know there are probably tens of thousands of corporate email servers and I cannot block them all, but if I can block a good chunk of the "public" email and upload services such as dropbox, aol, gmail, google, yahoo, etc. it would be a good start.  I'd like to find a list on the web rather than compiling a list myself.

Awakenings
0
 
LVL 78

Assisted Solution

by:David Johnson, CD, MVP
David Johnson, CD, MVP earned 56 total points
ID: 40506906
If you are interested in keeping company confidential documents confidential use Active Directory Rights Management Services
0
 

Author Comment

by:awakenings
ID: 40506956
David,

    Thanks, but I am looking for that list still.

Awakenings
0
 
LVL 57

Accepted Solution

by:
giltjr earned 56 total points
ID: 40507187
There is no single list like what you are looking for.

Since you can't go into details I would assume that you are trying to create/provide a service that you feel does not exist.  If you think about it, if such a list existed, that would imply somebody was already providing that service.  Of course I could be way off base as to why you want this list.

You might be able to piece together one from various other lists.   Example you could look at these:

http://en.wikipedia.org/wiki/Comparison_of_file_hosting_services
http://en.wikipedia.org/wiki/Comparison_of_file_synchronization_software
http://en.wikipedia.org/wiki/Comparison_of_online_backup_services

And then look up all the IP addresses for all the companies listed and create your own.
0
 
LVL 61

Assisted Solution

by:btan
btan earned 222 total points
ID: 40507229
in fact if it falls into the malwaredomainlist regards email or file hosting site, I will consider them fro blacklisting
http://www.malwaredomainlist.com/update.php
likwise from urlblacklist for various disallowed categories includes webmail, filehosting, ecommerce, mail, proxy, onlinegames etc http://urlblacklist.com/?sec=download
0
 
LVL 69

Assisted Solution

by:Merete
Merete earned 111 total points
ID: 40508755
You can't go into details?
In my humble opinion there is no such thing as one black list.  
Also it may not have public access.
Every few secs of everyday a new threat is created that is why we have definition updates for our security.
It depends on the threat and threat level.
Google would have to have the largest source for blacklists
https://www.stopbadware.org/blacklisted-by-google
Symantec is also another place
Domains
ransomeware?
Fake email threats
hackers?
Peer2peer
Sharing sites.
Privacy
Scams
The all in one sites like Facebook / twitter.
For your information..
Understanding XSS – input sanitisation semantics and output encoding contexts
white paper PDF
The Ongoing Malware Threat: How Malware Infects Websites and Harms Businesses —
and What You Can Do to Stop It
White paper pdf
Blacklists & Dynamic Reputation -Understanding Why the Evolving Threat Eludes Blacklists

Rather than chance it with security  always stop security risks at the core, keep your av up to date, windows up to date and have installed the best defences.
restricted users access to the internet.
Whichever browser say for example  IE you set the security to max high
With my emails using windows live I have set my security to high and unless the email owner is in my safe list they immediately go to Junk mail and then I sift them with safe or delete.
Education is a start but never enough.
You get an email from your sister or brother, your best friend using the same email address and they want to borrow some cash for Christmas what do you do. Use rule of thumb don't give money over the net.
Check the sources.
0
Backup Your Microsoft Windows Server®

Backup all your Microsoft Windows Server – on-premises, in remote locations, in private and hybrid clouds. Your entire Windows Server will be backed up in one easy step with patented, block-level disk imaging. We achieve RTOs (recovery time objectives) as low as 15 seconds.

 
LVL 61

Assisted Solution

by:btan
btan earned 222 total points
ID: 40509001
blacklist is reactive and whitelist is prohibitive,and most network or host security technology will have some sort of service to get real time intelligence feeds and together with reputational metric can identify the undesired site. you may want to explore that rather than the manual importing where possible. Time is of essence to block threat and reduce windows of exposure. Likely the manual means can be automated unless the environment is constraint due to isolated segment and not internet reachable. You can check out some intelligence provider such as Norse, StopBadware.org and PhishLab
0
 

Author Comment

by:awakenings
ID: 40509050
giltjr and btan,

    These are a great start.  The project I am working on is a little off as I am not looking for malware sites.  giltjr, your was a little closer.  I did check the Wikipedia, which is great, but I am looking for something more substantial in terms of listing email sites.

Awakenings
0
 

Author Comment

by:awakenings
ID: 40509160
Merete / btan,

    I did not see your additions.  These are great, but I am still looking.

Awakenings
0
 
LVL 61

Assisted Solution

by:btan
btan earned 222 total points
ID: 40509169
the urlblacklist may be worth checking out http://urlblacklist.com/?sec=download
0
 
LVL 38

Assisted Solution

by:Rich Rumble
Rich Rumble earned 55 total points
ID: 40510423
You want to use a Proxy server, probably something like BlueCoat, Sophos, McAfee or WebSense. They can effectively block the users from going to GoogleDrive (aka GDrive), SkyDrive(aka OneDrive), Office365, GoogleDocs, ADrive, DropBox, YouSendIt, PasteBin, GitHub, etc... however you do have to force the users to use it, by blocking port 80/443 etc at the firewall, and or perhaps using WCCP to recognize http traffic and force it through the proxy.
But what if the user is clever. You block all possible sites in the sharing category... what if they save an attachment to their gmail, hotmail, hushmail, personal_domain.com, comcast, yahoo... They might not be able to share a file with a direct link, but they can send a 25Mb attachment with most of the free email providers... Or make a fake email address, and upload an attachment that is bigger, and then share the U/P with the person who wants the file, they can then login to that account and just DL the attachment.
The best way to begin this battle, is to inform the users that ONE: File sharing, like GDrive, GoogleDocs, Office365, OneDrive, etc... is against company policy. (You should draft such a policy btw). TWO: Anyone using one should stop doing so, and report the files to IT so that they can assist in the proper removal of those files. THREE: After all the files are removed, if someone uses those sites without permission or consent, they may have receive disciplinary action.
You have to grant amnesty first, because you know someone in the network is doing it. Then you have to help them remove the files, do not tell them to do it themselves, make it clear no one gets in trouble when coming forward, they may however get in trouble if they hide their actions or try to remove the files themselves.
FOUR: Implement the proxy solution. Proxy vendors have extensive lists, and do very well at blocking based on those, but you too have to make sure they don't try to FTP it to their local go-daddy server, everything should go through the proxy if you need absolute control over the data.
DRM and rights-managment don't work, otherwise we'd all use it. Security and convenience are at odds with one another most times, and DRM/RM software certainly takes the convenience out of the picture.
-rich
0
 
LVL 61

Assisted Solution

by:btan
btan earned 222 total points
ID: 40510460
endpoint may use auto-proxy config or pac to govern the traffic through single pot and if user can bypass that the policy should kick in, the first place is that user has no admin right. if that is not enforceable, blacklist or proxy or any other security will be bypass (you can have logging enabled but it is after effect detection). Here is another on netcraft on its Phishing Site Feed
0
 

Author Comment

by:awakenings
ID: 40512965
All,

   I'll just give you all points.  I'll open up another ticket with my original question, but remove the blacklist context.  I know controls like the back of my hand.  I know technology well.  I completely understand the gaps and I'm not looking for an academic explanation.  Thank you all for your input.  Some of this was helpful.  Thank you.
0
 
LVL 69

Expert Comment

by:Merete
ID: 40515824
Awe thanks awakening you did well splitting them lol doesn't matter with points for me but I do hope you got some good insights to write your list
Merry Christmas to you and yours :)
Merete
0

Featured Post

How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

Join & Write a Comment

Password hashing is better than message digests or encryption, and you should be using it instead of message digests or encryption.  Find out why and how in this article, which supplements the original article on PHP Client Registration, Login, Logo…
This article explains in simple steps how to renew expiring Exchange Server Internal Transport Certificate.
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…

758 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

23 Experts available now in Live!

Get 1:1 Help Now