05:44 AM
Connect Directly

Tech Insight: De-Fanging P2P

Peer-to-peer has gotten a bad rap, but there are ways to secure its legitimate use in your organization

The dangers of peer-to-peer (P2P) file-sharing have been expounded upon countless times since Napster first made headlines. If the issues of copyright violation and threats of lawsuits weren’t enough of a deterrent or reason to be more cautious about what was being downloaded and shared, P2P users then started getting duped into downloading what they thought was the latest Top 40 song -- only to have malware infect their computers. Sounds bad, right? Add a sprinkling of vulnerabilities in P2P software and the situation becomes downright scary for the average user.

While many corporate networks have taken a firm stance on P2P technologies and enacted policies and technical controls to block them entirely, there are still a large number of networks where P2P users are allowed to roam free. Shocking, but true. As a security professional at a university with a large focus on research, there has always been a large push from researchers and faculty to have “academic freedom” when it comes to the network.

Philosophy aside, P2P isn’t inherently bad and has legitimate uses. Vance Ikezoye, CEO of Audible Magic, which makes the CopySense P2P network monitoring appliance, agrees. He says the issue is that there’s a large amount of copyrighted content being transmitted over the same P2P networks as legitimate traffic. As with most anything, there will be those who choose to abuse technology for their own ends, but that shouldn’t stop P2P from being used for legit things like moving Linux distributions, updates to software (such as the World of Warcraft Downloader), and the virtual machine from ShmooCon’s "Hack or Halo" contest.

Opponents of P2P have a variety of reasons for banning it, but it’s mainly about three issues: the negative impact to bandwidth, legal liability of allowing users to share copyrighted content, and the potential exposure of sensitive information. Those issues certainly have merit, but the risks associated with each one can be mitigated in order to allow legitimate use to continue.

Decreased network performance is the more noticeable issue of the three, because it has a negative impact on normal business traffic (and everyone notices when the network slows down). As a member of several higher-education mailing lists, I’ve seen a common trend of universities successfully handling the bandwidth issue by limiting the traffic, with packet shaping solutions like the Packeteer PacketShaper or Allot NetEnforcer. While packet shaping to limit the bandwidth P2P protocols use doesn’t directly deal with the legal issues or data exposure, it can help organizations manage that traffic at a more easily monitored load.

The legal liabilities associated with allowing users on your network to share copyrighted material (whether you know they’re doing it or not) is not clear, as the lawsuits from the RIAA thus far have primarily focused on the user responsible for the sharing. But there’s always the chance that the network owner could become a target of a lawsuit for allowing the behavior. Last month, the College Opportunity and Affordability Act (COAA), which requires higher-education institutions to filter P2P network traffic and provide a legal alternative to P2P-sharing of copyrighted content, passed though the House of Representatives.

One alternative to filtering P2P traffic entirely is to monitor and block just the traffic identified as being copyrighted, which is what the folks at Audible Magic say their CopySense network appliance is designed to do. Audible Magic’s Ikezoye says the CopySense appliance doesn’t block all copyrighted content, but because copyright holders must register their content with Audible Magic first, it does cover the majority of popular copyrighted content that's being shared today.

The most damaging threat of P2P is the data leakage that could result from P2P users misconfiguring their clients to share out their entire hard drives. It doesn’t even have to be an error on the user’s part. Chris Gormley, COO of Tiversa, says his company has seen numerous examples of malware on P2P networks disguised as interesting content that tricks users into running it. Then unbeknownst to the victim, the malware changes his or her sharing preferences.

Tiversa handles sensitive data leakage by monitoring P2P networks and looking for content on behalf of their customers, notifying them if they spot their sensitive data. Then the client can address the leak more quickly.

Data leakage prevention (DLP) technology would seem to be a good fit to prevent P2P leakage, but Gormley says that most of the time, the surprise leaks organizations suffer come from the weakest link in the information custody chain: "Corporations have to think outside the perimeter because P2P is very liquid. Fifty to 60 percent of the exposures they uncover are through third parties like accountants, medical transcription companies, consultants, and attorneys." It’s the impact of what Tiversa calls the "extended enterprise" that can’t be controlled by today’s DLP solutions.

In a perfect world where a security professional’s coffee cup is never empty and users never click on naughty URLs, P2P isn’t an issue. It’s blocked, so users never know what P2P was to begin with, and they don’t know what they’re missing. But for the rest of us who can’t block it due to legitimate usage or organizational philosophy, we must take steps to mitigate the associated risks. That means going beyond simple corporate policies telling users what they should and shouldn’t do. Thankfully, there are technical solutions to help enforce those policies.

Have a comment on this story? Please click "Discuss" below. If you'd like to contact Dark Reading's editors directly, send us a message.

  • Tiversa Inc.
  • Allot Communications (Nasdaq: ALLT)
  • Packeteer Inc. (Nasdaq: PKTR)

    Comment  | 
    Print  | 
    More Insights
  • Register for Dark Reading Newsletters
    Partner Perspectives
    What's This?
    In a digital world inundated with advanced security threats, Intel Security seeks to transform how we live and work to keep our information secure. Through hardware and software development, Intel Security delivers robust solutions that integrate security into every layer of every digital device. In combining the security expertise of McAfee with the innovation, performance, and trust of Intel, this vision becomes a reality.

    As we rely on technology to enhance our everyday and business life, we must too consider the security of the intellectual property and confidential data that is housed on these devices. As we increase the number of devices we use, we increase the number of gateways and opportunity for security threats. Intel Security takes the “security connected” approach to ensure that every device is secure, and that all security solutions are seamlessly integrated.
    Featured Writers
    White Papers
    Current Issue
    Dark Reading's October Tech Digest
    Fast data analysis can stymie attacks and strengthen enterprise security. Does your team have the data smarts?
    Flash Poll
    Twitter Feed
    Dark Reading - Bug Report
    Bug Report
    Enterprise Vulnerabilities
    From DHS/US-CERT's National Vulnerability Database
    Published: 2014-10-25
    The Ethernet Connectivity Fault Management (CFM) handling feature in Cisco IOS 12.2(33)SRE9a and earlier and IOS XE 3.13S and earlier allows remote attackers to cause a denial of service (device reload) via malformed CFM packets, aka Bug ID CSCuq93406.

    Published: 2014-10-25
    The EMC NetWorker Module for MEDITECH (aka NMMEDI) 3.0 build 87 through 90, when EMC RecoverPoint and Plink are used, stores cleartext RecoverPoint Appliance credentials in nsrmedisv.raw log files, which allows local users to obtain sensitive information by reading these files.

    Published: 2014-10-25
    EMC Avamar 6.0.x, 6.1.x, and 7.0.x in Avamar Data Store (ADS) GEN4(S) and Avamar Virtual Edition (AVE), when Password Hardening before is enabled, uses UNIX DES crypt for password hashing, which makes it easier for context-dependent attackers to obtain cleartext passwords via a brute-force a...

    Published: 2014-10-25
    EMC Avamar Data Store (ADS) and Avamar Virtual Edition (AVE) 6.x and 7.0.x through 7.0.2-43 do not require authentication for Java API calls, which allows remote attackers to discover grid MCUser and GSAN passwords via a crafted call.

    Published: 2014-10-25
    CRLF injection vulnerability in IBM Tivoli Integrated Portal (TIP) 2.2.x allows remote authenticated users to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors.

    Best of the Web
    Dark Reading Radio
    Archived Dark Reading Radio
    Follow Dark Reading editors into the field as they talk with noted experts from the security world.