Federal Trade Commission links wide data breach to file sharing
The Federal Trade Commission (FTC) said Monday that it has uncovered widespread data breaches at companies, schools and local governments whose employees are swapping music, software and movie files over the Internet.
http://www.washingtonpost.com/wp-dyn/content/article/2010/02/22/AR2010022204889.html?hpid=sec-tech
Peer-to-Peer (P2P) file sharing was perhaps the second killer app for the Internet (after Mosaic) because of its ease of use and utility for sharing free music and porn.
P2P is very easy to use, after installing the application select the files you want to share, then start browsing and downloading files from other users. P2P networks are comprised of millions
and often tens of millions of users -- making these applications the largest compute and storage networks in the world.
There are two big risks with P2P:
- Oversharing -- incorrectly configuring the P2P application to share all of your files
- Compromise -- P2P is often leveraged to download malware to unsuspecting users
Assuring the secure configuration of P2P file sharing across more than a handful of users is very, very difficult. For a large enterprise infeasible. In an enterprise of any size, security depends on the detection of P2P and either on blocking all use or limiting use to selected systems that are subject to stringent access and configuration controls.
Don't be fooled into thinking that your firewalls protect you from this threat. Most P2P applications have been designed to bypass firewalls. P2P detection and control requires the deployment of effective Intrusion Detection (IDS) or Intrusion Protection (IPS) systems.
IPS systems will give you the capability of discriminating between types of P2P applications, selecting a response, and protecting your data.
Michael