Copyrights and intellectual property infringements.
Bandwidth misuse.
Violations of criminal law.
Spyware and adware.
Indiscriminate file sharing.
Information and identity disclosure.
Security And
Peer-To-Peer Applications
by David Piscitello
Published October 2002
Abstract:
Napster and America Online Instant Messaging (AIM) represent paradigm shifts in Internet use and user behavior. Both satisfy an "instant gratification" society and, moreover, both have demonstrated that every computer in the Internet is neither strictly client nor server, but potentially both. Not remarkably, dozens of Napster alternatives—from Kazaa to Gnutella to Morpheus—and AIM wannabes from Yahoo!, MSN (.NET), Netscape and ICQ—have seized on this peer to peer (P2P) model for both consumer and enterprise applications and networking.
P2P applications are popular, and instant messaging, like wireless GSM text messaging and alphanumeric paging, appears to have a legitimate business application. While appealing in many "consumer" respects, however, P2P applications can be disruptive and dangerous to your business organization. The most worrisome security threats include:
|
|
Copyrights and intellectual property infringements. |
|
|
Bandwidth misuse. |
|
|
Violations of criminal law. |
|
|
Spyware and adware. |
|
|
Indiscriminate file sharing. |
|
|
Information and identity disclosure. |
The very design objectives that make P2P applications appealing to the masses—decentralization and anonymity—fly in the face of best security practices for enterprise networks. To deal with the most immediate concerns, security managers should concentrate on the following areas:
|
|
Policy |
|
|
Software Control |
|
|
Access Controls |
|
|
Perimeter Defenses |
Peer-to-peer applications and networks may represent a new and valuable paradigm for business applications. P2P applications used today by the general public clearly illustrate the power of this networking paradigm, but security appropriate for enterprise applications is not only woefully lacking, but difficult if not impossible to retrofit and equally difficult to remedy by applying conventional security measures. While the threats are real, only a careful risk analysis by your organization will help you determine how to deal with peer-to-peer applications in your network.
About the author:
David Piscitello, president of Core Competence, Inc. and an internationally recognized expert in security technology and founder of the Internet Security Conference.
|
|
|
||||
|
|
Return to Business Communications Review Gold Sponsor Archives |
||||
|
|
|
|
This article is reproduced by special arrangement with our partner, Business Communications Review. |
Please note: By downloading this information, you acknowledge that the sponsor(s) of this information may contact you, providing that they give you the option of opting out of further communications from them concerning this information. Also, by your downloading this information, you agree that the information is for your personal use only and that this information may not be retransmitted to others or reposted on another web site. Please encourage colleagues to download their own copy after registering at http://www.webtorials.com/reg/.
