Safe Peer-to-Peer Sharing

Whether it is Gnutella or BitTorrent, peer-to-peer (P2P) networks are a popular way of sharing files among users. Music, videos, movies…people pick them all from P2P networks.

Many offices also use P2P networking to connect users’ PCs with each other and with common office resources such as the printer or scanner. But P2P networking has some inherent security threats, which you need to beware of, whether you’re a user of a P2P application or a workplace user.

Connecting PCs to each other

In P2P networking, PCs are connected to each other and each user sets permissions on what content on the PC should be shared with other users on the network. This is different from a client-server architecture, where all PCs (called clients) are connected to a central server ¬– the server hosts all the applications that the users on the network need, such as mail, printing, and file-sharing applications. In a P2P network, on the other hand, each PC acts as both client and server.

The advantage of a P2P network is that the computing resources, hard drives, and bandwidth of computers on the network are used by all the users. There is no need to install, configure, and manage an expensive server for this task. P2P networks also make it easier and more convenient for you to collaborate and share information. Some companies use P2P networks to share assets and information among users in separate locations. Workgroup collaboration using instant messaging and other collaboration software is one of the most popular uses of P2P networks.

Many P2P networks use the Internet for file sharing; users on these networks are in different regions of the world. If you want to become part of such a network, such as Kazaa or Gnutella, you would need to run an application every time you want to connect to the network.

Where security issues arise

The architecture of a P2P network holds some security threats.

Improper authentication: A client-server network has fairly strong authentication procedures, which are not there in P2P networks. Especially in the case of corporate P2P networks, if users share their passwords with people who are not part of the corporate setup, it could lead to loss of intellectual property and confidential data.

Bypassing firewalls: To enable file-sharing on some P2P networks, you have to bypass any firewall that you may have installed on your PC or corporate network. Once this happens, you are open to the dangers of downloading malicious code unknowingly.

Unsafe downloads: When you download any file or utility from a P2P network, you effectively accept it from someone who’s a stranger to you. In fact, the user who has shared the file with you may not even be who he/she purports to be. Therefore, such downloaded files could potentially contain spyware, adware, viruses, Trojans and other such malicious software.

P2P application threat: In some public P2P networks, the application you use to connect to the network could lead to security issues. The application itself could be improperly written or buggy, which could harm your PC’s performance. Secondly, since the application is hosted on other users’ machines, there is no way of knowing whether the genuine application has been substituted with a malicious file, such as a Trojan, which could lead to more serious security issues for your system and the confidential information in it. This, however, is usually difficult to do.

Playing safe on P2P networks

There are several steps you can take to ensure that you use P2P networks safely.

Use good P2P products: If you are setting up a corporate P2P network, use products that have integrated security features. There are several products from different vendors available for this. One of these is Microsoft Groove.

Scan each download: If you use Internet file-sharing on a P2P network, scan everything you download using anti-virus software, before you install and use it. This will ensure that you don’t install any malicious software on your PC.

Scan your PC: Use software such as Ad-Aware and other anti-virus software to scan your PC periodically, to ensure that you haven’t unwittingly installed any adware or malicious software.

Be careful of what you share: When you use a P2P network, a default folder is usually created, where you can store files that you want to share with other users. Ensure that you have shared only that folder with other users, and not the entire hard drive or other confidential folders.

Have a security policy: P2P networks need you to create a separate security policy and train everyone to use it.

Make users aware of the risks: On a corporate P2P network, all users should be made aware of the risks of sharing their passwords and other security risks of sharing information over P2P networks.

Avoid Internet P2P file-sharing on corporate networks: Internet P2P file-sharing should be avoided on office networks. It clogs bandwidth and puts the security of all the network users at risk. The implications of some malicious software getting installed on the network would be very dangerous and far-reaching for the company.

Also read:

Identify e-mails phishing for data