Home > Articles > Security > Network Security

  • Print
  • + Share This
This chapter is from the book

3.10 Peer-to-Peer Networking

If you want to be on the cutting edge of software, run some peer-to-peer (also known as p2p) applications. If you want to be on the cutting edge of software but not the cutting edge of the legal system, be careful about what you're doing with peer-to-peer. Moreover, if you have a serious security policy as well as a need for peer-to-peer, you have a problem.

Legal issues aside—if you're not uploading or downloading someone else's copyrighted material, that question probably doesn't apply to you—peer-to-peer networking presents some unique challenges. The basic behavior is exactly what its name implies: all nodes are equal, rather than some being clients and some servers.

But that's precisely the problem: many different nodes act as servers. This means that trying to secure just a few machines doesn't work anymore—every participating machine is offering up resources, and must be protected. That problem is compounded if you're trying to offer the service through a firewall: The p2p port has to be opened for many different machines.

The biggest issue, of course, is bugs in the p2p software or configuration. Apart from the usual plague of buffer overflows, there is the significant risk of offering up the wrong files, such as by the ".." problem mentioned earlier. Here, you have to find and fix the problem on many different machines. In fact, you may not even know which machines are running that software.

Beyond that, there are human interface issues, similar to those that plague some mailers. Is that really a .docfile you're clicking on, or is it a .exefile with .docembedded in the name?

If you—or your users—are file-sharing, you have more problems, even without considering the copyright issue. Many of the commercial clients are infected with adware or worse; the license agreements on some of these packages permit the supplier to install and run arbitrary programs on your machines. Do you really want that? These programs are hard to block, too; they're port number–agile, and often incorporate features designed to frustrate firewalls. Your best defense, other than a strong policy statement, is a good intrusion detection system, plus a network management system that looks for excess traffic to or from particular machines.

  • + Share This
  • 🔖 Save To Your Account