Peer-to-peer networking has established itself on the computers of adolescents the world over, allowing them to download the latest Hillary Duff offering without having to dip into their allowance. In the process, they’ve turned the music and film industries on their respective ears.
In some circles, it could be argued, the P2P concept has been the most revolutionary networking development since the Internet that it all runs over. Just ask the executives at those megaliths that are the entertainment industry, as they wage their ongoing battle to counter the protocol’s effect on their bottom lines.
And if recent examples of glaring network breaches resulting from P2P mishaps continue, IT security managers just might be inclined to agree with the entertainment industry suits.
Recently, it was discovered that a whack of sensitive U.S. security information was available for download over P2P file-sharing program Limewire, sitting out there in cyberspace right beside 50 Cent and Gwen Stefani. Included in the files were maps of the Pentagon’s network infrastructure and physical terrorism threat assessments of a few large U.S. cities.
Turns out the data got on there after a contract worker at the Pentagon, who was authorized to work at home, let his teenage daughter use his laptop. The girl promptly installed Limewire and turned a folder containing daddy’s documents into a shared one to hold both her father’s “work stuff” and her freshly downloaded ditties.
It was later revealed that 93 U.S. Department of Transportation documents had been exposed in March. And this is only one incident that actually came to light; who knows how much other sensitive data — government, corporate, personal, whatever — is floating around out there?
For network administrators, IT managers and CIOs, the news should be reason enough to lose at least an hour or two of sleep, if not the whole night. While the U.S. government example might be one of the more sensational developments in P2P security, the presence of classified corporate data of Acme Widgets Inc. on this kind of public, heavily trafficked network would be considerably more alarming for that firm’s IT directors.
If, for instance, marketing strategies for the upcoming fiscal are somehow left out on the network, ready for any competitor to come along and scoop up, the results could be disastrous for the firm and its IT manager’s career.
To avoid such disasters, network admins are encouraged to ensure that any laptops or other mobile devices that may be capable of connecting company info with P2P nets are as secure as can be before leaving the office. With some laptops constantly coming and going and some essentially being “owned” by some employees, it’s easy to let them slip under the radar and not be upgraded with the latest and greatest security defences. Implementing a regular security “tune-up” schedule is a good idea.
And, above all, a little education never hurt either. Remind staff regularly that, when in doubt, don’t mix work traffic with personal. Lindsay and Britney can be saved somewhere else.