 |
|
DAILY NEWS AND INFORMATION
FOR THE GLOBAL GRID COMMUNITY /
|
Breaking News -
Security:
Network Box Advises Clients
Against Using P2P Applications
Network Box, suppliers of managed Internet security services to small
firms,
is advising its business customers that peer to peer applications often brings
hidden costs. Network Box is recommending business owners ensure that none of
their staff load file sharing programmes like KaZaA or BearShare onto company
IT systems.
Simon Heron, director of Network Box explained, "At any given time, over 5
million people are using the Internet to download 'free' music via shareware
programs. The real risks of fines resulting from copyright infringement are
growing. The Recording Industry Association of America (RIAA) has already
agreed a $1 million dollar settlement with a firm whose employees had been
illegally downloading music at work."
As the use of P2P software has grown, so have the associated business
risks.
For example, the 'fizzer worm' spreads as an e-mail attachment or via KaZaA.
It disables antivirus software and steals passwords and credit card
information. It can automatically set up IRC and AOL Instant Messenger
accounts and enable them to receive further instructions from virus
writers.
Add the risk that peer-to-peer software is capable of opening up a
company's
IT network to outside scrutiny -– payroll, staff records, customer details,
even research ideas -- all are vulnerable and could be accessed by
unauthorized people using P2P software.
"Then there are problems with bandwidth being hogged when large files are
downloaded. And consider the increased vulnerability of business systems to
viruses and you finally start to appreciate that these applications are a
liability companies can do without," added Simon.
One of the problems with preventing the use of KaZaA lies in the way the
application itself is designed. When KaZaA is actively blocked by a firewall,
it is clever enough to start looking for unblocked ports. Firewalls do provide
some protection but are not ideal. KaZaA can port hop, it can hop onto port 80
where it cannot be blocked by a firewall without preventing Internet access
across a whole organisation. The most effective way of eliminating KaZaA
without monitoring the network is to throttle its use on known ports.
Network Box said that KaZaA and its peer-to-peer brethren should all be
listed
as banned applications in Company Policy Documents. These are an essential
part of any company's quality system and provide employees with a clear
indication of the uses to which a company's network may or may not be put.
"Unfortunately, the problem does not end once KaZaA's usage has been
curtailed. It must be removed from every machine and any files downloaded
should be checked to ensure undesirable material is not being stored on the
network. This is time consuming and an expensive project for any IT manager,"
he added.
Concluded Simon, "IT systems are the backbone of all companies, so it is
vital
that mangers ensure their employees appreciate why using file sharing software
at work is not acceptable."
|