Security issues in peer to peer networking

And most of the individuals who download these files through paid services, file sharing applications, or peer-to-peer networks by now are aware of how prominent the issue of illegal downloading has become.

Security issues in peer to peer networking

Enjoy this article as well as all of our content, including E-Guides, news, tips and more. Step 2 of 2: You forgot to provide an Email Address. This email address is already registered. You have exceeded the maximum character limit.

Please provide a Corporate E-mail Address. Please check the box if you want to proceed.

Security issues in peer to peer networking

I agree to my information being processed by TechTarget and its Partners to contact me via phone, email, or other means regarding information relevant to my professional interests. I may unsubscribe at any time. But, as P2P provides a key to unlock data across corporate intranets and extranets, there are serious security issues that have yet to be addressed.

P2P systems can be broadly classified into three main types - file sharing, processor sharing and instant messaging - although an individual product may provide more than one of these features.

Each possibility presents a cocktail of unique security risks that traditional border firewalls, anti-virus software and intrusion detection systems are not designed to combat.

File-sharing P2P systems, such as the Napster-like Gnutella, are designed explicitly to circumvent firewalls. This moves corporate Internet security away from protecting a single point of entry to the network and returns us to a situation where the onus is on individual users configuring access controls correctly to files and directories on their own workstation.

The ease with which these systems allow files to be shared makes it very easy for sensitive information to leak either intentionally or unintentionally out of an organisation.

Inexperienced users often choose to share their complete hard drive, exposing all directories, including their cookie files and encrypted passwords which could be used by a hacker. An example of the security risks introduced by P2P systems has been shown through the exploits of the Gnutella worm.

Although harmless in itself, the worm has implications that are disturbing because they reveal a new class of virus propagation mechanism. To infect a client, the worm hides behind a normal Gnutella node, or client, and every time this rogue node receives a request for a file it responds by indicating it has a copy of the file, whether the file exists or not.

Security issues in peer to peer networking

When the requesting system attempts to download the file, it only receives a copy of the worm, which uses the new node to infect more clients. In some cases, the user may not be aware that their workstation is also being used as part of a P2P file-sharing network.

The freely available Sharesniffer program searches the Internet for Windows hosts that have shared drives or directories that can be accessed anonymously.

IT Today Archives

These details are then not only returned to the user of Sharesniffer but are also posted to a specific public newsgroup for everyone else to see. Any hosts found in this way can be used as file repositories by anyone on the Internet.

Processor-sharing P2P systems are designed to use spare processor cycles on each peer to provide a distributed computing environment.

Computationally intensive problems can be divided into small, independent parts and the effort spread over a large number of separate computers across the world. Many of the programs are valid research projects, such as the Intel Philanthropic Peer-to-Peer Programme, which is seeking a cure for cancer.

In processor sharing, each peer works on its assigned project when it is not engaged in everyday tasks under the control of the user - typically when the screen saver is activated. To participate in these projects, a user must download and execute an agent - a binary code program downloaded from the Internet - thus creating the conditions most companies try to avoid by running anti-virus software.

Because P2P systems bypass the anti-virus shield in this way, there have been cases where benign agents have been supplanted with less philanthropic software. The main security risks associated with these systems are that all messages travel unencrypted across the Internet and can easily be monitored by third parties.

As with unencrypted e-mail, the majority of end-users are unaware their communications can be viewed by people with whom they have not explicitly initiated a conversation. Due to the ease of use, it is possible that proprietary or confidential information could leak from an organisation in exactly the same way as occurs with file-sharing systems.

The catchphrase for the IT age is "careless chat costs livelihoods". Sam Jain, chief executive of Web portal eFront, suffered a particularly embarrassing exposure when logs of his instant messaging sessions over the ICQ service were stolen from his workstation and posted on the Internet.

The logs, which read like transcripts of telephone conversations, included sharp comments regarding business partners, employees and affiliated Web sites. Although in this instance the leak was not due to a security bug in the ICQ software, it demonstrates the kind of revelations that could be exposed by the eavesdropping opportunities provided by the use of instant messaging systems.

Without action, as P2P systems become more ubiquitous, the problems are only going to increase in frequency and severity. E-business software developers are rolling out more ambitious Web services strategies. Imagine the havoc that could be caused by a. What practical steps can IT managers take to help reduce the risks associated with P2P systems?

The first and most important step is to discover what P2P software users are running on the network. A good indication of this can often be found by examining firewall logs.

Technical Reports | Department of Computer Science, Columbia University

P2P clients generally contain a list of default peers to which they initially establish connections. Provided that the firewall logging policy records unexpected outbound connections from the corporate network, attempts by P2P clients to establish their initial connections will be detected.√Abstract Peer-to-peer networking allows communication between two systems, in which each system is considered equal.

Peer-to-peer networking is . PeerNetBC has a wealth of resources to share with individual people, peer support groups and peer-led initiatives. One of the main ways we help people to connect is through our workshops.

Peer to peer (p2p) P2p networking type is most commonly used computer networks. This type of network is very cost effective but supports lesser number of computers in network.

Ten to fifteen computers can be connected to each other using p2p networking model without problem, more number of computers often create problems. Considerations for Azure Stack networking. 10/22/; 3 minutes to read Contributors. In this article. Applies to: Azure Stack integrated systems and Azure Stack Development Kit.

Transport security mechanisms in Windows Communication Foundation (WCF) depend on the binding and transport being used. For example, when using the WSHttpBinding class, the transport is HTTP, and the primary mechanism for securing the transport is Secure Sockets Layer .

MOOCs (“Massive Open Online Courses”) are becoming more popular than cheese. They’re offered by universities, taught by faculty and freely available to anyone who’s interested in cyber security – man, woman, child or career-changer.

networking - VPN: Cisco / Watchguard: IKE lost contact with remote peer - Server Fault