Opinion
Computing Applications Technical opinion

Managing P2p Security

Considering the potential benefits and trade-offs of file-sharing systems.
Posted
  1. Introduction
  2. Are We Over-Empowering Novice Users?
  3. Operational Complexities
  4. Controlling P2P Technology
  5. References
  6. Authors

Since its inception, the Internet has thrived on a myriad of innovative concepts and technologies [4]. Recently, the peer-to-peer (P2P) architecture has evolved to empower masses of users to share a variety of file types, usually within a narrow niche (such as music). In 1996, drawing on the success of several open precursors, such as Mirabilis’ ICQ and AOL’s instant-messaging programs, P2P computing was adopted by users worldwide at an incredible rate. P2P applications such as Napster, KaZaA, and LimeWire allowed for the ubiquitous exchange of a variety of file types, including music, documents, pictures, and software. The launch of these applications marked the unprecedented threat to open systems connectivity issues such as security, privacy, copyright protection, and information quality [5]. These risks came about quickly, easily, and with little deliberation over its consequences. In the future, P2P is expected to have a larger role in e-commerce [2].

There are many different applications of P2P, including file sharing, distributed computing, and real-time communication. In the P2P configuration, a computer becomes a node in a file-sharing network for users with common P2P applications. Using this scheme, a computer becomes a `peer’ with simultaneous client and server roles. P2P protocols reduce the barriers to assigning a public network address to a peer, thus effectively creating a server within a client’s name space. Each P2P network is defined by its client-side software, which uses its own unique set of protocols. P2P applications are designed to bypass the traditional Domain Name System (DNS) by retrofitting peers into the DNS model. No matter what method of bypassing those controls is used, each participating client is given server-like functionality allowing for the exchange of files with other users of the protocol. By downloading from the Internet, tens of millions of non-DNS accessible addresses have been created by these applications. The user base for P2P applications is still growing faster than the DNS system and at no cost to the user. A closer look at P2P helps to understand why it is the subject of security and privacy concerns and what can be done to alleviate the risks.

Back to Top

Are We Over-Empowering Novice Users?

The human factor should always be a consideration when security is at issue. The prevalence and preference of this technology has been motivated by the ease of installation and use, low cost (free in most cases), and its intrinsic rewards. Most P2P applications include a familiar browser-like interface with embedded search features. Novice users have little difficulty searching for personal and business documents that other users intentionally or accidentally shared on the P2P network. Unfortunately, many of these users are novices and do not understand the consequences of their inaction with regard to security. Configuration is only nominally supported during setup and ongoing use in P2P applications. That is a core problem with P2P deployment on even the most secure networks—the technology risk relies heavily upon the user’s level of technical knowledge and skills.

Simply closing the application does not prevent access from peer machines because many of these programs remain operational in the background. This allows for an ongoing open connection to the peer network in addition to access to the application user’s files and folders designated for sharing. Leaving a P2P application running unnoticed over a weekend can compromise an entire network: a malicious user with intermediate hacking skills can take advantage of such vulnerabilities on a large scale. Compromised systems or networks provide effective staging grounds for attacks on participating systems. Remarkably, millions of P2P peers are left unattended and vulnerable at any given time during the day.

The protocol is constantly updated to enable better messaging and file sharing while removing networking constraints, such as arbitrary limits on file size and garbled message headers. It is easy for a user to overlook the range of implications of P2P because it so enabling yet simple to set up and operate.

Back to Top

Operational Complexities

As IT departments are rewarded for their ability to preserve stability, P2P disrupts the traditional networking model and risks causing networking instability. With networks without servers being administered by unskilled users, many organizations are trying to keep this technology under control. The fact is, P2P adoption has outgrown the managerial scope of most IT and security departments. There are two primary reasons P2P poses substantial hazards in the management of IT resources.

First, P2P embodies extreme decentralization of control from the IS manager to the user. It supports the fulfillment of Internet technology by allowing peers to connect to any other peer at any time and place. Security concerns involve permissions, allocated bandwidth, file information content, authorization, and centralization and are therefore too complex for the majority of users. Firewalls, Network Address Translation, and Dynamic IPs provide some protection, but are not always adequate barriers to prevent unauthorized communications when P2P is an element of IT architecture. Given the rapid adaptations to legal challenges made in the industry, it is perceived by many to be a policy-free use zone, whereby traditional constraints of government regulation and taxation and use policies are not enforceable.

Second, P2P networks have open and undefined membership with no common directory service. The file-sharing capabilities of P2P technology threaten the privacy and security of individuals and businesses through their disclosure of network IP and MAC addresses, the potential for virus distribution, and the potential for violations of Liabilities and Acceptable Use laws and policies. Empowering a user, especially a novice, to make choices regarding the accessibility of their files is a significant security risk. Because it is convenient and familiar, a P2P application like KaZaA may allow a user to unwittingly choose to share his or her My Documents folder or worse, the entire contents of the hard drive. Some applications recommend choosing the default settings as a security measure while leading the user to suboptimal security. These applications do not explain the rationale behind the default settings. The future of P2P is uncertain but its enormous base of users makes one thing clear; the application of this technology is desirable and deliverable.

Since the IP addresses of most P2P application users are disclosed in the exchanged message headers, identity theft by malicious users is permitted. By disguising themselves as valid users, hackers can perform anonymous and often illegal actions. This concern has been discussed by government agencies such as the FBI’s National Infrastructure Protection Center, which advised that a medium-level vulnerability exists, no patch or workaround exists; and that the means of exploiting the vulnerability had been published [3]. The exploit is simple to execute for the most novice hacker. The FBI advised that to ensure a more secure P2P experience, users should disable file sharing with other members of the file-sharing network. That is, not to share files on a file-sharing network.

Back to Top

Controlling P2P Technology

Developers and users should integrate adaptive and effective security measures to protect their data and systems as users strive to gain even more control over their computing with technologies such as P2P. Over the course of a pilot study, a sample of P2P file-sharing applications was tested for basic security performance. Inherent to most of these applications was the fact that the user was arbitrarily allowed to choose what files were shared and how they were shared. Users were provided with little or no information about how their choices would affect their privacy and security. However, most of these programs did recommend their default settings, which allowed for sharing only one folder within the program’s installation folder. For most P2P applications, the End User License Agreements (EULAs) established the rules of conduct and who would be liable for what actions. P2P application providers are generally released of liability for user’s security violations. Users must simply agree not do anything illegal, misrepresentative, or otherwise objectionable in order to use these P2P programs. If a user breaches the EULA, the user is solely responsible and the software developer can only be held accountable within the constructs of their own legal system.

Because of the number of applications and protocols that might be resident on a given network, it is very difficult to build and integrate supportive solutions for P2P. The policy-free implications of P2P make the technology very difficult to control by individuals and organizations alike. The best practices and recommendations for managing P2P are as follows.

For businesses

  • Establish a security policy
  • Define an acceptable use policy
  • Perform regular security seminars for users
  • Block access to known P2P servers
  • Block access to known P2P clients
  • Perform regular audits of security policies and procedures
  • Install and perform regular updates of anti-virus software [1].

For individuals

  • Install and regularly update an anti-virus program
  • Install a "personal firewall" application
  • Disable sharing of the hard drive, if feasible
  • Use caution
  • Install Internet access control, especially for children
  • Educate all users of the computer

Failure to implement practical security measures when using this technology can lead to accidental disclosure of sensitive data or worse. Historically, the legal system has not protected the owner of the disclosed information if they accidentally made it available or did not try to protect it. The damage can be devastating in P2P architecture, involving anything from identity theft to the theft of company secrets. The best security policies both inform and educate—some simple advice to P2P users:

  • If you commit to using or permitting P2P technology, try to limit external access to one folder. In addition, only allow shareable contents in that particular folder.
  • Use and competently manage virus protection software by keeping the anti-virus software up to date and performing system scans for malicious code at regular intervals.
  • Install and properly configure a firewall on your machine, especially if you are utilizing a broadband connection.
  • Do not leave the P2P application running with the peer unattended. Power down your peer when it is not in use for extended periods of time or use some other power management tactics.
  • When in doubt, perform investigative research. Contact the P2P application developer if necessary to resolve any concerns.

Managing P2P security will remain an ongoing topic and as with many Internet-based technologies, the future of P2P will remain uncertain. Managers should be aware that since P2P is founded on openness, its potential to further disrupt the traditional view of computing will remain.

Back to Top

Back to Top

    1. Agarwal, M. Security issues in P2P systems, 2002; www. ece.rutgers.edu/~parashar/Classes/01-02/ece579/slides/security.pdf.

    2. Berghel, H. The Y2K e-commerce tumble. Commun. ACM 44, 8 (Aug. 2001).

    3. National Infrastructure Protection Center. CyberNotes, Issue #2002-04 (Feb. 25, 2002); www.nipc.gov/cybernotes/2002/cyberissue2002-04.pdf.

    4. Segaller, S. Nerds 2.0.1: A Brief History of the Internet. TV Books, 1999.

    5. Singh, M.P., Yu, B. and Venkatraman, M. Community-based service location. Commun. ACM 44, 4 (Apr. 2001).

Join the Discussion (0)

Become a Member or Sign In to Post a Comment

The Latest from CACM

Shape the Future of Computing

ACM encourages its members to take a direct hand in shaping the future of the association. There are more ways than ever to get involved.

Get Involved

Communications of the ACM (CACM) is now a fully Open Access publication.

By opening CACM to the world, we hope to increase engagement among the broader computer science community and encourage non-members to discover the rich resources ACM has to offer.

Learn More