Security And Peer-To-Peer Applications
by David Piscitello
Posted: 03/06/2003
Abstract:
Napster and America Online Instant Messaging (AIM) represent paradigm shifts in
Internet use and user behavior. Both satisfy an "instant
gratification" society and, moreover, both have demonstrated that every
computer in the Internet is neither strictly client nor server, but potentially
both. Not remarkably, dozens of Napster alternatives—from Kazaa to Gnutella to
Morpheus—and AIM wannabes from Yahoo!, MSN (.NET), Netscape and ICQ—have
seized on this peer to peer (P2P) model for both consumer and enterprise
applications and networking.
P2P applications are popular, and instant messaging, like wireless GSM text
messaging and alphanumeric paging, appears to have a legitimate business
application. While appealing in many "consumer" respects, however, P2P
applications can be disruptive and dangerous to your business organization. The
most worrisome security threats include:
|
Copyrights and intellectual property infringements. |
|
Bandwidth misuse. |
|
Violations of criminal law. |
|
Spyware and adware. |
|
Indiscriminate file sharing. |
|
Information and identity disclosure. |
The very design objectives that make P2P applications appealing to the masses—decentralization and anonymity—fly in the face of best security practices for enterprise networks. To deal with the most immediate concerns, security managers should concentrate on the following areas:
|
Policy |
|
Software Control |
|
Access Controls |
|
Perimeter Defenses |
Peer-to-peer applications and networks may represent a new and valuable
paradigm for business applications. P2P applications used today by the general
public clearly illustrate the power of this networking paradigm, but security
appropriate for enterprise applications is not only woefully lacking, but
difficult if not impossible to retrofit and equally difficult to remedy by
applying conventional security measures. While the threats are real, only a
careful risk analysis by your organization will help you determine how to deal
with peer-to-peer applications in your network.
About the author:
David Piscitello, president of Core Competence, Inc. and an internationally
recognized expert in security technology and founder of the Internet Security
Conference.
http://www.webtorials.com/main/resource/papers/BCR/paper42.htm