I stumbled upon this company page today, and thought you all should check it out. A software makers comments on P2P file sharing and IM services, and their software to prevent these “Rogue Protocols”.
““Rogue Protocols”, like those used by instant messaging (IM) and peer-to-peer (P2P) file sharing services, represent a serious, widespread and rapidly-growing threat to corporate networks.
Rogue Protocols are “rogue” because their behavior is difficult to control. In fact, Rogue Protocols are specifically designed to evade network security using port scanning, tunneling and other hacker techniques.
This behavior opens a Pandora’s Box of security risks, including transmission of unencrypted confidential messages and files over public networks, delivery of virus payloads to user desktops, and client security loopholes that allow remote attackers to execute arbitrary code with the privileges of victim users.
And Rogue Protocol penetration of corporate networks is increasing steadily. For example, IM is experiencing very rapid adoption by business users. Gartner Research estimates that by 2003, the penetration of “free” IM services in enterprises will be 70 percent – often implemented by end users without corporate IT sanction. IDC projects that corporate IM volume will increase by over 130 percent per year through 2004, to more than 4.3 million instant messages per day.”
“P2P File Sharing a Looming Threat
The use of P2P file sharing in the workplace is also growing rapidly. Websense, Inc., reported in April 2002 that “the number of peer-to-peer file sharing and file transfer Web sites has spiked more than 535 percent in the last 12 months” and that “30 percent of products listed on CNET’s ‘Most Popular’ software download list are P2P applications.””
“According to the SANS Institute’s Peer to Peer Networking report, “perhaps the most serious risk with file-sharing P2P applications is information leakage”. Users may inadvertently share files containing sensitive information, and the P2P application installer may automatically share files or folders (including password files) without the user’s knowledge.
The report also identifies the risk of virus transfers and hacker attacks via P2P networks: “Viruses and Trojans are placed into the P2P network in new and insidious ways. Malicious clients have been written so that they will return a match for any given search request. However, when the queried file is transferred and later opened, the user’s system is infected with a virus, Trojan, or worm that propagates inside what once was a fairly secure network”.
In addition, large audio and video files, such as MP3, AVI, MPG, are commonly shared by P2P users. “These massive files,” the report notes, “can congest network links to the detriment of official or other related traffic.””
Related
- Employees still swapping at work
- Viruses turn to peer-to-peer nets
- House Committee Takes Up P2P Protection Bill
- Get ready for corporate P2P apps
- Morpheus 4.0.3
