Security And Peer-To-Peer Applications
by David Piscitello

Published October 2002

 

Abstract:

 

Napster and America Online Instant Messaging (AIM) represent paradigm shifts in Internet use and user behavior. Both satisfy an "instant gratification" society and, moreover, both have demonstrated that every computer in the Internet is neither strictly client nor server, but potentially both. Not remarkably, dozens of Napster alternatives—from Kazaa to Gnutella to Morpheus—and AIM wannabes from Yahoo!, MSN (.NET), Netscape and ICQ—have seized on this peer to peer (P2P) model for both consumer and enterprise applications and networking.

 

P2P applications are popular, and instant messaging, like wireless GSM text messaging and alphanumeric paging, appears to have a legitimate business application. While appealing in many "consumer" respects, however, P2P applications can be disruptive and dangerous to your business organization. The most worrisome security threats include:

 

bullet

Copyrights and intellectual property infringements.

bullet

Bandwidth misuse.

bullet

Violations of criminal law.

bullet

Spyware and adware.

bullet

Indiscriminate file sharing.

bullet

Information and identity disclosure.

 

The very design objectives that make P2P applications appealing to the masses—decentralization and anonymity—fly in the face of best security practices for enterprise networks. To deal with the most immediate concerns, security managers should concentrate on the following areas:

 

bullet

Policy

bullet

Software Control

bullet

Access Controls

bullet

Perimeter Defenses

 

Peer-to-peer applications and networks may represent a new and valuable paradigm for business applications. P2P applications used today by the general public clearly illustrate the power of this networking paradigm, but security appropriate for enterprise applications is not only woefully lacking, but difficult if not impossible to retrofit and equally difficult to remedy by applying conventional security measures. While the threats are real, only a careful risk analysis by your organization will help you determine how to deal with peer-to-peer applications in your network.

 

About the author:

David Piscitello, president of Core Competence, Inc. and an internationally recognized expert in security technology and founder of the Internet Security Conference.

 

bullet

Access paper
bullet

Approx. 147 kB

bullet

For help with .pdf file downloads, please check out the help topic.

bullet

Return to Business Communications Review Gold Sponsor Archives

bullet

Return to Security menu

This article is reproduced by special arrangement with our partner, Business Communications Review.

 

Please note: By downloading this information, you acknowledge that the sponsor(s) of this information may contact you, providing that they give you the option of opting out of further communications from them concerning this information.  Also, by your downloading this information, you agree that the information is for your personal use only and that this information may not be retransmitted to others or reposted on another web site.  Please encourage colleagues to download their own copy after registering at http://www.webtorials.com/reg/.