Is Opera Unite a security risk, and is there an easy way to block it?

Question

Given that Opera Unite allows users to share files (music, photos, etc.) through firewalls and without a web server, it seems to be a security risk for the enterprise.

An article on this at ZDNet: http://news.zdnet.co.uk/internet/0,1000000097,39664228,00.htm states "At this point, [you should] be a bit cautious in the files you're sharing — only share amongst people you trust."

What's the best way for a sysadmin to block Opera Unite sharing? Since the hosting computer must be running Opera Unite, attempts to block downloading and running that application could be attempted on the specific computer, but are there more foolproof methods to block the use of this tool, to prevent unauthorized and accidental file sharing?

Do you know if it piggybacks on port 80 or opens up a new port to do the sharing? — Catherine MacInnes, Jun 16 '09 at 15:58

score 5 · Answer 1 · answered Jun 16 '09 at 16:52

5

Don't let your users install unapproved software in the first place

answered Jun 16 '09 at 16:52

Kevin Kuphal

9,064
1
34
41

+1 for minimum privilege. Users should not be able to install it by default and your firewall config should be DENY ALL by default... – sucuri Jun 17 '09 at 14:50
I think the person asking the question has considered this already, considering he has asked for a more fool-proof method of blocking this activity besides preventing the application from running. – IceMage Jun 17 '09 at 16:32

score 4 · Accepted Answer · answered Jun 16 '09 at 16:51

That is definately a security risk inside any company.

I'd use wireshark or some other application to detect what ports Unite uses to share files, and then, if i have a firewall, block the outbound port, if i have a protocol filter, block the outbound protocol, and then with group policy, block the outbound application, and port in windows firewall.

http://www.infoq.com/news/2009/06/Opera-Unite States Opera Unite opens port 8840, so you can block that port in both directions, and you shouldn't have to worry about it.

ToyotaBedzRock · Answer 3 · 2010-03-03T17:59:55.477

For instructions to disable Opera Unite, or restricting it to your local network just follow the link.

Blocking 8840 only will not disable Unite in any way!

There is also a no install version of Opera called Opera@USB which does not require installation so using minimum privilege user accounts will not work. However Opera@USB obeys the settings in the same system fixed file that can be used to control the installed version.

Read the Unite section of the handbook and the section directly below, which explains how to enforce settings in Opera.

Opera System administrator's handbook

score 2 · Answer 4 · answered Jun 16 '09 at 16:34

2

Looks like the architecture should allow you to block the Opera Unite Proxy servers to stop it from working.

http://dev.opera.com/articles/view/opera-unite-developer-primer/

answered Jun 16 '09 at 16:34

MathewC

6,877
9
38
53

score 2 · Answer 5 · answered Jun 17 '09 at 14:57

Opera Unite is not in and of itself a security risk. The web server portion is working with static html so no scripting or language vulnerabilities. The file serving is more an issue, especially if they allow you to share something like the root of your hard drive or a folder location with sensitive information. A firewall should be blocking this service anyway (you should be whitelisting rather than blacklisting so by default it is blocked)

I think that is why Opera is choosing to use 8840. Networks are not going to have that port open by default whereas if they ran it on 80 it would be an issue.

+1 for white listing instead of blacklisting. – sucuri Jun 17 '09 at 18:32 — sucuri, Jun 17 '09 at 18:32

score 1 · Answer 6 · answered Jun 17 '09 at 14:49

1

Opera Unite by itself is not a security risk, but just like any P2P (or any program), it may be used by an attacker (if they find bugs, or is incorrectly configured, etc).

Now, your questions brings an interesting point. You are doing security wrong (sorry to say that). The basic premises of security/firewall administration are:

Least access (only allow what is strictly permitted and block everything else).
Minimum privilege (a user should only have access to what is necessary to do his work).

If you were following these rules Opera Unite would already be blocked in your network and your users would not be able to install it.

answered Jun 17 '09 at 14:49

sucuri

2,817
1
22
22

Inside of a business this is a security risk. It may not expose the computer to a malicious attack, but it can be used to expose sensitive information, which is just as bad. – IceMage Jun 17 '09 at 16:33
That's why I said "used incorrectly". – sucuri Jun 17 '09 at 18:31

Is Opera Unite a security risk, and is there an easy way to block it?

6 Answers6