P2P File Sharing Puts Companies at Risk

August 19, 2009 by ADMIN
Share |

By Simon Heron, CISSP Internet Security Analyst

We’ve just published the latest guide in our ‘Securing Social Media’ series.

The peer-to-peer (P2P) technology guide focuses on the threat posed to businesses that let their employees download P2P technology.

The risks of allowing the use of P2P technology at work include:

•    Allowing an open network of users to access PC’s on your LAN and exploit potential vulnerabilities in the P2P software being used
•    Downloading a P2P application onto a corporate network which could expose corporate files, if the user doesn’t set access rights correctly, with implications for corporate data protection
•    The threat of downloading malware when files are shared which may be ‘played’ by end users and could install Trojans on the host PC
•    Lack of anonymity and privacy issues if a user’s IP address is identifiable over the P2P network (this could attract criminals seeking to target a company, for example)
•    Bandwidth issues associated with distributing and receiving large media files.

We advise companies to block the use of P2P on the corporate network where not related to business use, and implement security guidelines to limit the risk (for example a child using the computer of a parent at home that is also used for work).

We also advise that companies:

1.    Block outgoing, as well as incoming, data to prevent applications such as BitTorrent being used to distribute files
2.    Monitor bandwidth use closely, by user
3.    Monitor network connections closely. Only allow authorised applications to be used, ensuring all other ports are secured
4.    Keep security systems up to date to ensure that any vulnerabilities are patched, and computers are scanned regularly
5.    Ensure that any mobile devices (netbooks, laptops etc) that are removed from the corporate environment – for example, for home-working, or remote working – adhere to the same rules as those within the office
6.    If for any reason, file sharing is allowed on the corporate network, only use a legal, checked service
7.    Educate employees on the risks of using P2P networks and technology.

The free P2P guide can be downloaded here.

Follow Simon and Network Box on Twitter

Simon Heron has over 19 years experience in the IT industry, including nine years experience in Internet security. During this time he has developed and designed technologies ranging from firewalls, anti-virus, LANs and WANs. Simon has an MSc (attained with Distinction) in Microprocessor Technology and Applications, and a BSc (Hons) in Naval Architecture and Shipbuilding and is a CISSP (Certified Information Systems Security Professional).  Prior to Net Caboose, Simon co-founded Network Box Corporation (UK) Ltd and was Managing Director, finally merging this franchise with the parent company in 2006. Before Network Box, Simon co-founded and was Technical Director of Cresco Technologies Ltd, a network design and simulation solution company with customers in the USA, Europe and China. Simon started his security career when he worked for Microsystems Engineering Ltd, as a Project Manager, where he implemented network security for the company. Simon began his career as a digital hardware and software engineer, developing pioneering speech recognition technology before moving on to work for the British Antarctic Survey (B.A.S.) as science project leader. While at the B.A.S. he spent two Antarctic winters at the research station Halley in the Antarctic, developing and enhancing graphical technologies in the harshest of conditions. Simon also has a company called Net Caboose which deals with Identity and Access Management and is also development house.

Network Box Limited (NBL) is an international managed security services company, specialising in unified threat management (UTM).  It continuously defends the networks of its customers using PUSH technology to instantaneously update protection, from 12 Security Operations Centres spread around the globe.  NBL’s customers in Asia, Australia, North America and Europe include companies such as BMW, Nintendo and Toyota, as well as banks, utilities companies and government organisations.

*   *   *

Stay Informed With ISR News Feeds and Email Alerts Here: 

The Publisher gives permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author and to Information-Security-Resources.com

These icons link to social bookmarking sites where readers can share and discover new web pages.
  • TwitThis
  • LinkedIn
  • Google Bookmarks
  • Digg
  • StumbleUpon
  • YahooBuzz
  • del.icio.us
  • Wikio
  • Propeller
  • Facebook
  • MySpace
Share |


Filed under: Breach, D&O Liability, FEATURE ARTICLE, Financial, Insider Threat, Sarbanes-Oxley, Simon Heron, Uncategorized, due diligence, hackers, identity-theft, malware, national security, privacy 

Tags: , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , ,

Comments

Tell me what you're thinking...
and oh, if you want a pic to show with your comment, go get a gravatar!