Thursday, July 31, 2008

Peer-to-Peer (P2P) Network Security

Four Steps To Sharing and Swapping Files Without Becoming a Victim

By Tony Bradley, CISSP-ISSAP, About.com

Peer-to-Peer (P2P) networking is a fairly popular concept. Networks such as BitTorrent and eMule make it easy for people to find what they want and share what they have. The concept of sharing seems benign enough. If I have something you want and you have something I want, why shouldn't we share? For one thing, sharing files on your computer with anonymous and unknown users on the general public Internet goes against many of the basic principles of securing your computer. It is recommended that you have a firewall, either built into your router or using personal firewall software like ZoneAlarm.

However, in order to share files on your computer and sometimes in order for you to access files on other computers within a P2P network such as BitTorrent, you must open a specific TCP port through the firewall for the P2P software to communicate. In effect, once you open the port you are no longer protected from malicious traffic coming through it.

Another security concern is that when you download files from other peers on the BitTorrent, eMule, or other P2P network you don't know for sure that the file is what it says it is. You might think you are downloading a great new utility, but when you double-click the EXE file how can you be sure that you haven't also installed a Trojan or backdoor in your computer allowing an attacker to access it at will?

So, with all of that in mind, here are four key points to consider when using P2P networks to try use them as securely as possible:

  1. Don't Use P2P On a Corporate Network:
    At least, don't ever install a P2P client or use P2P network file sharing on a corporate network without explicit permission- preferably in writing. Having other P2P users downloading files from your computer can clog the company's network bandwidth. That is the best-case scenario. You may also inadvertently share company files of a sensitive or confidential nature. All of the other concerns listed below are also a factor.

  2. Beware The Client Software:
    There are two reasons to be cautious of the P2P network software that you must install in order to participate on the file-sharing network. First, the software is often under fairly continuous development and may be buggy. Installing the software might cause system crashes or problems with your computer in general. Another factor is that the client software is typically hosted from every participating user's machine and could potentially be replaced with a malicious version that may install a virus or Trojan on your computer. The P2P providers do have security safeguards in place which would make such a malicious replacement exceptionally difficult though.

  3. Don't Share Everything:
    When you install P2P client software and join a P2P network like BitTorrent, there is generally a default folder for sharing designated during the installation. The designated folder should contain only files that you want others on the P2P network to be able to view and download. Many users unknowingly designate the root "C:" drive as their shared files folder which enables everyone on the P2P network to see and access virtually every file and folder on the entire hard drive, including critical operating system files.

  4. Scan Everything
    You should treat all downloaded files with the utmost suspicion. As mentioned earlier, you have virtually no way of ensuring that what you downloaded is what you think it is or that it doesn't also contain some sort of Trojan or virus. It is important that you run protective security software such as the Prevx Home IPS and/or antivirus software. You should also scan your computer periodically with a tool such as Ad-Aware to ensure you haven't unwittingly installed spyware on your system. You should perform a virus scan using updated antivirus software on any file you download before you execute or open it. It may still be possible that it could contain malicious code that your antivirus vendor is unaware of or does not detect, but scanning it before opening it will help you prevent most attacks.

No comments:

How to Get files from the directory - One more method

 import os import openpyxl # Specify the target folder folder_path = "C:/Your/Target/Folder"  # Replace with the actual path # Cre...