The dangers of peer networks and being married are both made clear in this Hartford Courant piece.
The story looks at a security breach at Pfizer that occurred when the spouse of an employee downloaded a file-sharing program. Sensitive information about 17,000 current and former employees were exposed.
Peer-to-peer (P2P) networks are the wild west of security. Since there is no hierarchal and centralized structure -- a server answering requests for data -- P2P networks tend to be less easily managed and secured. This Nevis Networks posting does a good job of describing how such a network works and its ramifications for security.
The applications that P2P networks often are used for, such as music and movie file sharing, makes them part of daily life for a lot of folks who are liable to load the files up with viruses and other forms of malware. In an interview we posted earlier this week, Ari Tammam, the vice president of Channels for Promisec, discusses the challenges of P2P and suggests that organizations monitor it closely -- and, if necessary, use software to keep it off the corporate network.
The P2P world is getting no cleaner. This Security Focus story says that more than 40 companies have been the subject of denial of service (DoS) attacks mounted by hackers exploiting a flaw in a type of P2P software called DC++, which is based on the Direct Connect protocol. The DoS attacks have created more than a gigabit of "junk data" per second, according to security firm Prolexic Technologies.
Cyber criminals combine different pieces of dirty work into a stronger single threat. Spam containing viruses are one such "blended threat." Another -- explained in depth in this paper posted at the Advanced Computing Systems Association site -- describes the use of P2P to create botnets, which are armies of hijacked computers that are used for nefarious purposes.
The potential threats caused by combining botnets and P2P are described in less academic jargon in this InfoWorld piece. However, the introduction of the researchers' paper does a good job of starkly saying what is happening:
"Presently, the centralized characteristic of botnets is useful to security professionals because it offers a central point of failure for the botnet. In the near future, we believe attackers will move to more resilient architectures. In particular, one class of botnet structure that has entered initial stages of development is peer-to-peer based architectures."
Thus, adding P2P will rob security forces of a major tool in the fight against botnets. Researchers have to take heed, and corporate security forces need to deal directly, forcefully and intelligently with the use of P2P.