Attacks/Breaches
3/14/2008
05:44 AM
Connect Directly
RSS
E-Mail
50%
50%

Tech Insight: De-Fanging P2P

Peer-to-peer has gotten a bad rap, but there are ways to secure its legitimate use in your organization

The dangers of peer-to-peer (P2P) file-sharing have been expounded upon countless times since Napster first made headlines. If the issues of copyright violation and threats of lawsuits weren’t enough of a deterrent or reason to be more cautious about what was being downloaded and shared, P2P users then started getting duped into downloading what they thought was the latest Top 40 song -- only to have malware infect their computers. Sounds bad, right? Add a sprinkling of vulnerabilities in P2P software and the situation becomes downright scary for the average user.

While many corporate networks have taken a firm stance on P2P technologies and enacted policies and technical controls to block them entirely, there are still a large number of networks where P2P users are allowed to roam free. Shocking, but true. As a security professional at a university with a large focus on research, there has always been a large push from researchers and faculty to have “academic freedom” when it comes to the network.

Philosophy aside, P2P isn’t inherently bad and has legitimate uses. Vance Ikezoye, CEO of Audible Magic, which makes the CopySense P2P network monitoring appliance, agrees. He says the issue is that there’s a large amount of copyrighted content being transmitted over the same P2P networks as legitimate traffic. As with most anything, there will be those who choose to abuse technology for their own ends, but that shouldn’t stop P2P from being used for legit things like moving Linux distributions, updates to software (such as the World of Warcraft Downloader), and the virtual machine from ShmooCon’s "Hack or Halo" contest.

Opponents of P2P have a variety of reasons for banning it, but it’s mainly about three issues: the negative impact to bandwidth, legal liability of allowing users to share copyrighted content, and the potential exposure of sensitive information. Those issues certainly have merit, but the risks associated with each one can be mitigated in order to allow legitimate use to continue.

Decreased network performance is the more noticeable issue of the three, because it has a negative impact on normal business traffic (and everyone notices when the network slows down). As a member of several higher-education mailing lists, I’ve seen a common trend of universities successfully handling the bandwidth issue by limiting the traffic, with packet shaping solutions like the Packeteer PacketShaper or Allot NetEnforcer. While packet shaping to limit the bandwidth P2P protocols use doesn’t directly deal with the legal issues or data exposure, it can help organizations manage that traffic at a more easily monitored load.

The legal liabilities associated with allowing users on your network to share copyrighted material (whether you know they’re doing it or not) is not clear, as the lawsuits from the RIAA thus far have primarily focused on the user responsible for the sharing. But there’s always the chance that the network owner could become a target of a lawsuit for allowing the behavior. Last month, the College Opportunity and Affordability Act (COAA), which requires higher-education institutions to filter P2P network traffic and provide a legal alternative to P2P-sharing of copyrighted content, passed though the House of Representatives.

One alternative to filtering P2P traffic entirely is to monitor and block just the traffic identified as being copyrighted, which is what the folks at Audible Magic say their CopySense network appliance is designed to do. Audible Magic’s Ikezoye says the CopySense appliance doesn’t block all copyrighted content, but because copyright holders must register their content with Audible Magic first, it does cover the majority of popular copyrighted content that's being shared today.

The most damaging threat of P2P is the data leakage that could result from P2P users misconfiguring their clients to share out their entire hard drives. It doesn’t even have to be an error on the user’s part. Chris Gormley, COO of Tiversa, says his company has seen numerous examples of malware on P2P networks disguised as interesting content that tricks users into running it. Then unbeknownst to the victim, the malware changes his or her sharing preferences.

Tiversa handles sensitive data leakage by monitoring P2P networks and looking for content on behalf of their customers, notifying them if they spot their sensitive data. Then the client can address the leak more quickly.

Data leakage prevention (DLP) technology would seem to be a good fit to prevent P2P leakage, but Gormley says that most of the time, the surprise leaks organizations suffer come from the weakest link in the information custody chain: "Corporations have to think outside the perimeter because P2P is very liquid. Fifty to 60 percent of the exposures they uncover are through third parties like accountants, medical transcription companies, consultants, and attorneys." It’s the impact of what Tiversa calls the "extended enterprise" that can’t be controlled by today’s DLP solutions.

In a perfect world where a security professional’s coffee cup is never empty and users never click on naughty URLs, P2P isn’t an issue. It’s blocked, so users never know what P2P was to begin with, and they don’t know what they’re missing. But for the rest of us who can’t block it due to legitimate usage or organizational philosophy, we must take steps to mitigate the associated risks. That means going beyond simple corporate policies telling users what they should and shouldn’t do. Thankfully, there are technical solutions to help enforce those policies.

Have a comment on this story? Please click "Discuss" below. If you'd like to contact Dark Reading's editors directly, send us a message.

  • Tiversa Inc.
  • Allot Communications (Nasdaq: ALLT)
  • Packeteer Inc. (Nasdaq: PKTR)

    Comment  | 
    Print  | 
    More Insights
  • Register for Dark Reading Newsletters
    White Papers
    Flash Poll
    Current Issue
    Cartoon
    Video
    Slideshows
    Twitter Feed
    Dark Reading - Bug Report
    Bug Report
    Enterprise Vulnerabilities
    From DHS/US-CERT's National Vulnerability Database
    CVE-2012-6651
    Published: 2014-07-31
    Multiple directory traversal vulnerabilities in the Vitamin plugin before 1.1.0 for WordPress allow remote attackers to access arbitrary files via a .. (dot dot) in the path parameter to (1) add_headers.php or (2) minify.php.

    CVE-2014-2970
    Published: 2014-07-31
    ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2014-5139. Reason: This candidate is a duplicate of CVE-2014-5139, and has also been used to refer to an unrelated topic that is currently outside the scope of CVE. This unrelated topic is a LibreSSL code change adding functionality ...

    CVE-2014-3488
    Published: 2014-07-31
    The SslHandler in Netty before 3.9.2 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a crafted SSLv2Hello message.

    CVE-2014-3554
    Published: 2014-07-31
    Buffer overflow in the ndp_msg_opt_dnssl_domain function in libndp allows remote routers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted DNS Search List (DNSSL) in an IPv6 router advertisement.

    CVE-2014-5171
    Published: 2014-07-31
    SAP HANA Extend Application Services (XS) does not encrypt transmissions for applications that enable form based authentication using SSL, which allows remote attackers to obtain credentials and other sensitive information by sniffing the network.

    Best of the Web
    Dark Reading Radio