A new guide from Network Box advises companies to prevent employees from accessing P2P networks or technology on computers used for work, and gives free advice on how to protect the corporate network from exposure to threats from P2P technology.
This guide examines the security risks of using P2P technology:
- Allowing an open network of users to access PC’s on your LAN and exploit potential vulnerabilities in the P2P software being used
- Downloading a P2P application onto a corporate network which could expose corporate files, if the user doesn’t set access rights correctly, with implications for corporate data protection
- The threat of downloading malware when files are shared which may be “played’ by end users and could install Trojans on the host PC
- Lack of anonymity and privacy issues if a user’s IP address is identifiable over the P2P network (this could attract criminals seeking to target a company, for example)
- Bandwidth issues associated with distributing and receiving large media files.
The guide advises companies to block the use of P2P on the corporate network where practical, and implement security guidelines to limit the risk (for example a child using the computer of a parent that is also used for work). Its advice includes details of how to:
1. Block outgoing, as well as incoming, data to prevent applications such as BitTorrent being used to distribute files
2. Monitor bandwidth use closely, by user
3. Monitor network connections closely. Only allow authorised applications to be used, ensuring all other ports are secured
4. Keep security systems up to date to ensure that any vulnerabilities are patched, and computers are scanned regularly
5. Ensure that any mobile devices (netbooks, laptops etc) that are removed from the corporate environment – for example, for home-working, or remote working – adhere to the same rules as those within the office
6. If for any reason, file sharing is allowed on the corporate network, only use a legal, checked service
7. Educate employees on the risks of using P2P networks and technology.
The free guide is available for download here.