Peer-to-Peer (P2P) Network Security

Peer-to-Peer (P2P) networking is a fairly popular concept. Networks such as BitTorrent and eMule make it easy for people to find what they want and share what they ha e. The concept of sharing seems !enign enough. "f " ha e something you want and you ha e something " want# why shouldn$t we share% &or one thing# sharing files on your computer with anonymous and unknown users on the general pu!lic "nternet goes against many of the !asic principles of securing your computer. "t is recommended that you ha e a firewall# either !uilt into your router or using personal firewall software like 'one(larm. )owe er# in order to share files on your computer and sometimes in order for you to access files on other computers within a P2P network such as BitTorrent# you must open a specific T*P port through the firewall for the P2P software to communicate. "n effect# once you open the port you are no longer protected from malicious traffic coming through it. (nother security concern is that when you download files from other peers on the BitTorrent# eMule# or other P2P network you don$t know for sure that the file is what it says it is. +ou might think you are downloading a great new utility# !ut when you dou!le-click the ,-, file how can you !e sure that you ha en$t also installed a Tro.an or !ackdoor in your computer allowing an attacker to access it at will% /o# with all of that in mind# here are four key points to consider when using P2P networks to try use them as securely as possi!le0 1. Don't Use P2P On a Corporate Network: (t least# don$t ever install a P2P client or use P2P network file sharing on a corporate network without e2plicit permission- prefera!ly in writing. )a ing other P2P users downloading files from your computer can clog the company$s network !andwidth. That is the !est-case scenario. +ou may also inad ertently share company files of a sensiti e or confidential nature. (ll of the other concerns listed !elow are also a factor. 2. Beware T e C!ient So"tware: There are two reasons to !e cautious of the P2P network software that you must install in order to participate on the file-sharing network. &irst# the software is often under fairly continuous de elopment and may !e !uggy. "nstalling the software might cause system crashes or pro!lems with your computer in general. (nother factor is that the client software is typically hosted from e ery participating user$s machine and could potentially !e replaced with a malicious ersion that may install a irus or Tro.an on your computer. The P2P pro iders do ha e security safeguards in place which would make such a malicious replacement e2ceptionally difficult though. 3. Don't S are #veryt in$: 4hen you install P2P client software and .oin a P2P network like BitTorrent# there is generally a default folder for sharing designated during the installation. The designated folder should contain only files that you want others on the P2P network to !e a!le to iew and download. Many users unknowingly designate the root 5*05 dri e as their shared files folder which ena!les e eryone on the P2P network to see and access irtually e ery file and folder on the entire hard dri e# including critical operating system files.

6. Scan #veryt in$ +ou should treat all downloaded files with the utmost suspicion. (s mentioned earlier# you ha e irtually no way of ensuring that what you downloaded is what you think it is or that it doesn$t also contain some sort of Tro.an or irus. "t is important that you run protecti e security software such as the Pre 2 )ome "P/ and7or anti irus software. +ou should also scan your computer periodically with a tool such as (d-(ware to ensure you ha en$t unwittingly installed spyware on your system. +ou should perform a irus scan using updated anti irus software on any file you download !efore you e2ecute or open it. "t may still !e possi!le that it could contain malicious code that your anti irus endor is unaware of or does not detect# !ut scanning it !efore opening it will help you pre ent most attacks.