Peer-to-peer (P2P) file-sharing programs, such as Napster, KaZaa, and Gnutella, pose serious network security threats and could lead to legal entanglements. The question is: What can you do to stop the use of these programs on your network?
Although P2P programs often have built-in measures for disabling the file-sharing features, it's a small security step, and one that must be taken within the software itself. And of course, the end user can reactivate it at any time. In addition, since the users are downloading the programs for a specific purpose, it’s unlikely that they would willingly deactivate file sharing or even know that it’s possible. That leaves the job of preventing security lapses resulting from P2P program use in the hands of admins.
In response to a recent article on the risks of P2P programs, members offered solutions to the problems of dealing with P2P software. Some strategies involved technology; others relied on setting and enforcing company policies. The responses offer valuable insights and options for preventing P2P programs from becoming a damaging security and legal issue for your corporate network.
Using technology to clamp down on P2P
One member suggested that the key to preventing P2P program use is to block access at the sign-in level, because once users are connected to the P2P network, you really can't control it. The member also said KaZaa was a big problem until the company took steps to prevent its use.
“KaZaa was in rampant use on my network, but I found that blocking outbound TCP port 1212 prevented users from logging in, thereby preventing them from sharing or downloading files.”
Another possible option, member alece suggested, is URL blocking to prevent users from accessing the sites that distribute P2P programs.
“The user cannot run what cannot be installed,” alece said. “Also, we block the known ports of these software programs, and we run periodic Sniffer traces of the unprotected segment between the firewall and the Internet router.”
Alece noted that these steps are more an effort to protect the network than to prevent copyright infringement by users downloading bootlegged music and movies, which is obviously another concern.
Enterprise Architect Jim Huggy said that his company uses a Tivoli scan to remove such programs from users’ desktops. He added that most of the users in his company are not granted the access rights to install programs on their desktops anyway.
Member rpadgett agreed that one way to prevent problems is to limit users' access rights so they can't install the programs.
“Simply set yourself up as the Administrator and create a user account for the end user with limited access.”
These are a few of the ways that TechRepublic members take advantage of networking and OS security technologies to prevent users from endangering network security through P2P programs. But some members disagreed with the effectiveness of such measures.
Technology loopholes and user behavior
Locksmith columnist John McCormick is among those who aren't convinced that technology can effectively prevent P2P program use and its associated security risks. He believes that user behavior and management recognition of the problem are the real keys to protecting corporate networks.
“At some point, it always boils down to educating users. But if you don’t get management solidly behind you, you are just wasting your time.”
McCormick is in favor of extreme measures with regard to security and said that anyone who fails to follow written security rules should be dismissed.
“The biggest problem most companies face today is too heavy a reliance on technology and too little concentration on people problems.”
Rpadgett also believes that while admins can take technological steps such as limiting user access to particular functions, such measures are not always successful.
“I agree that training is a key,” rpadgett said. ”A determined user can often find a way around our measures if they are skilled enough. Even if they don't, they'll waste hours trying to, time that could be spent earning the company money!”
But can policies and education alone really solve the problem? Jeff Lash, network administrator for Stark State College, said that his social engineering efforts have done nothing to prevent the use of P2P software on the college’s network.
“We are inundated with KaZaa, MP3 programs, etc., and this is despite logon banners pointing to the computer usage policy and posting the regulations in all labs.”
Since policies seem to be largely ignored, he wonders if blocking users' ability to install the programs might be a better solution.
Balancing the P2P security equation
So there you have it. McCormick is a firm believer in the idea that user behavior is the key to eliminating P2P threats, but many members claim that despite the best efforts of admins to educate users and alter their behaviors, the issue remains something of a wildcard. Short of dismissing those who don't follow security rules, nothing can really force all users to follow security guidelines all of the time. Admins will likely have to turn to other measures, such as blocking certain ports and URLs, to thwart users’ attempts to share files with P2P programs—while bearing in mind that technology provides no surefire method of guarding against P2P threats.
Ultimately, it comes down to combining security policy and technology measures to minimize the risk posed by P2P programs. No method may completely eliminate them, but members suggest the following steps to reduce the risk as much as possible:
- Put security policies in writing and distribute them to all users.
- Enforce security policies.
- Block ports commonly used by P2P programs.
- Block the URLs of sites that distribute P2P programs.
- Lock down user access privileges to prevent them from installing unauthorized programs such as P2P software.
As is so often the case with security issues, protecting your network from P2P threats is likely to be a balancing act. But following these simple guidelines should help.