/
I recently reviewed an excellent white paper and would like to direct your attention to the problems and solutions it presents.
"Security Concerns for Peer-to-Peer Software" by Mike Petruzzi, Rob Sherwood, John Dunnivan, Rob Chavez and Pat Holley of Key Technologies and Security, reviews the security implications of programs such as Napster, Gnutella and their possible variants.
The following extracts (slightly reordered) from their well-written paper are reprinted with the kind permission of my old friend and colleague, Fred Tompkins, senior vice president of KTSI:
Peer-to-peer (hereafter referred to as P2P) communication software allows individual computers to share and swap various types of files. Recently, P2P software has been much in the news due to current and potential lawsuits. Napster, the company that makes software for exchanging MP3s (encoded music files), is being sued for copyright infringement; the recently re-released Gnutella has the potential for exchanging all types of files and may therefore be embroiled in litigation even more quickly than Napster was.
P2P software takes the idea that the Internet is for sharing to new levels. P2P has been described as "an anarchistic threat to the current Internet" (David Streitfeld, The Washington Post, July 18) and Marc Andreesen has called P2P software the most important thing on the Internet in the last 6 years (when Netscape was first released) and a "benevolent virus." Ian Clarke, the creator of FreeNet, says, "People should be free to distribute information without restrictions of any form."
Even protected code is not safe. Programs like AOL Instant Messenger, or any other P2P software, can be reverse engineered and released as Open Source software. These programs can then be released for any operating system platform. This also gives malicious hackers the ability to change the software code so that it can be used for other purposes. This requires a great deal of programming knowledge and skill, but can still be done.
The first obvious concern is the liability of copyright infringement. Even though all of the companies that produce and release P2P software issue warnings regarding the illegalities of downloading copyrighted materials, simply releasing the software makes those illegal acts possible. Some P2P software contains security warnings during the installation of the software and enables default settings to protect the naïve consumer and their computer. But armed with some simple knowledge of the Internet and its protocols, even a beginner criminal hacker can cause many security risks to users of this class of software.
More important than any copyright concerns are the potential security concerns for corporations and consumers. For corporations, P2P software threatens:
Peer-to-peer software and security
 
|
|||
 | |||
|
Sign up to receive this and other networking newsletters in your inbox.
- *Bandwidth consumption.
- Liabilities and acceptable use violations.
- Undermining of security policies.
- Trojan Horse and virus distribution.
- Disclosure of IP and MAC addresses.
- Telecommuters.
- Disclosure of IP and MAC addresses.
- Disclosure of connection speed.
- File sharing.
- Trojan horse and virus distribution.
