P2P is here to stay, so shore up your defences and embrace the technology's potential for a distributed architecture.
Peer-to-peer (P2P) technology has come a long way since the early days of Napster, and even the combined might of the recording and film industries has proved powerless to stop its rapid growth. Research from the music industry's anti-piracy arm, the IFPI, shows that 11 per cent of UK internet users frequently engaged in file-sharing in 2004 and continued to do so in 2006, undeterred by the fact that 10,000 legal actions across 18 countries against large-scale P2P uploaders were launched last year alone.
However, it's not just those trying to sell CDs and DVDs that are affected by file-sharing. Businesses face several threats from client-side P2P technologies. Downloads of the original client software can be contaminated by spyware and Trojans, which are then unwittingly executed on a user's PC behind the corporate firewall. Once the application is uploading and downloading files, the content of the received files can be dangerous.
Malicious-code writers frequently use social engineering to ensure their files - which may be designed to open a backdoor into the users network - are in demand. Unless carefully configured, some popular filesharing software allows other peers to search the network as standard. Much of the content will infringe privacy laws, and all this activity can soak up an almost infinite amount of corporate bandwidth.
Another, if indirect, danger to enterprise is encryption cracking using distributed computing techniques - thousands of PCs linked together in a P2P network. For example, the 56-bit DES encryption algorithm was broken by brute force in less than 24 hours by a distributed network that was able to test 245 billion keys per second. At the time, DES was the strongest encryption algorithm the US government allowed for export.
The latest versions of BitTorrent, which has 135 million users worldwide, and emule, as well as eBay-owned VoIP and instant messaging/file transfer application Skype, use encryption to secure their traffic. "Encrypted traffic can be very worrying for IT managers," Bo Dines Larsen, technical director for Europe at internet traffic management solutions provider Allot Communications, points out. "There's no way to find out what is going on in there. It could be something like Skype or BitTorrent, and you've no idea what content or confidential data is passing in and out of your company."
There are a range of defences against P2P and IM applications, from the desktop to the edge of the corporate network. Many IT managers simply block web access to the client software home pages or limit administrator privileges on the desktop. Others trust their corporate firewall to take care of the problem. But these basic defences have their own, inherent problems, according to Tim Ecott, a consultant in the S3 ethical hacking team at Integralis.
Filter versus speed
"Many P2P clients are designed to operate through commonly open ports in the firewall (such as port 80 and 53), so companies wishing to stop them have to look at the actual traffic through those ports and become smarter with their firewall rules," he explains. "However, this type of inspection slows down your web traffic. The other end of the scale is to seek to control the applications that are installed on desktops. But this may come across as somewhat draconian and, in a big company, can quickly become an administrative nightmare."
Identifying and stopping the applications at the firewall requires more advanced perimeter technology. One option here is deep packet inspection (DPI), which can peer into the IP header to identify the application protocol as it traverses the network and compare this with a traffic-management policy. It works by tracking the initial data packet of an application and cross-referencing this with a library of signatures, which is updated regularly, providing a catalogue of recent peer-to-peer algorithms and their mutations. If the two correspond, the traffic can be siloed for inspection or banned altogether.
"This technology can spot the signature of an application, so each program can have a rule associated with it," says Larsen. "However, the top P2P clients change their signatures every few days or so. Most are now capable of getting through basic firewalls, essentially by using HTTP or HTTPS. Skype in particular is extremely interesting to watch. It will simply keep trying different methods of connecting until it is successful - this flexibility is pretty tough to beat."
However, the most effective weapon against the file-sharers is a piece of paper. BS7799 is an umbrella standard that, properly implemented, will ensure your company is able to evict the wrongdoer. "All companies should have such policies in place," says Susan Mann, counsel at law firm Reed Smith Richards Butler. "If an employee has signed up to a policy banning the misuse of corporate systems, they can be dealt with appropriately. It's essentially a breach of their employment contract. If they've been downloading copyrighted content without paying, that is basically theft. For a business to be liable, it would have to be proven that the individual's manager was aware of and therefore condoned the illegal activity."
It's not all bad news for businesses though. Many believe that the future of corporate security and rich media content rests on the shoulders of P2P technology, especially when it comes to data storage. Using a Bittorrent-style client that not only encrypts its traffic but also swarms file downloads, means that a single confidential file would be stored in tiny fragments across any number of locations - a distributed storage architecture. Without access to the properly configured and authenticated client software, a hacker would first have to decrypt all the data at every possible location, before reassembling the information in the correct order - an impossible task. Such a network would also require lower bandwidth and be less reliant on server farms. Microsoft has even developed its own version of P2P technology, dubbed Avalanche.
"This type of distributed architecture is, in theory, very secure, as the data fragments are stored all over the network at random, making it extremely hard to steal the information," says Mikkel Dissing, chief executive and co-founder of P2P streaming provider RawFlow. "Such a network is also using your redundant hardware capacity, for example on desktop PCs, to best effect. In fact, the web itself is based on a distributed model, so it makes total sense to provide content in this way. It's also far more secure not to keep all your valuable data in one place."
Additionally, both businesses and consumers are beginning to benefit from the technology, claims John Griffin, sales and marketing director at IT services firm Ioko, a UK partner of VeriSign's Kontiki. "When you're talking about providing anything from ego TV broadcasts through training to financial results, using P2P instead of centralised streaming can save you 90 per cent of your bandwidth costs. Big corporates, such as Ernst & Young, have begun to use it, and others will follow suit," he says.
The technology is being used for more than business and content provision, though. "Darknets" such as Freenet and Tor allow near-total privacy for your internet access and anonymity for those who might otherwise be censored, for example by their governments. The Freenet network is entirely decentralised, as users download the client and allow a portion of their connection and disc space to be shared. Communications between Freenet's P2P nodes are encrypted and routed through other nodes, making it extremely difficult to track what information is being requested, and by whom. It has been downloaded by more than 2 million users so far.
Regardless of the legality issues concerning content, P2P is here to stay. The security virtues of a distributed architecture are being explored by businesses and censorship campaigners, and the potential bandwidth and infrastructure savings are being acknowledged by some of the biggest content providers. Record companies will just have to learn to live with it.
THE FUTURE OF P2P NETWORKS
With the advent of P2P filesharing, widespread piracy of music, film and software became easy and, for a while, even socially acceptable. Various industry bodies have spent the past few years fighting tooth and nail to stop the trend, but will they ever succeed?
Statistics from the music industry show that P2P activity is holding steady, in spite of well-publicised legal campaigns against the worst individual offenders. However, identifying and taking to court every P2P user is an unrealistic endeavour, while the demise and subsequent rebirth of Napster as a legitimate concern has impressed copyright holders.
Recent court rulings forced Grokster/Kazaa to install filtering technology in an attempt to prevent illegal content from being distributed. A spokesman from the BPI, the trade association for the UK record industry, said: "There are two ways that file-sharing companies have reacted to legal cases: they have either gone legit or folded. The ruling against Grokster was a significant step and demonstrated that companies could not produce P2P software for profit while turning a blind eye to their use to infringe copyright."
Bittorrent has also taken the initiative and begun filtering its content using MediaSentry, a blacklist/whitelist filtering product from Safenet. Files are automatically scanned, and their hash value, file size and title checked against a list of known illegal files. The company works with copyright holders to update the list in advance of new releases.
John Desmond, vice-president of MediaSentry Services at SafeNet, said: "A lot of similar companies are increasingly looking towards legitimate, monetised content, but they have to convince the copyright holders that they can enforce their rights. Filtering is a very positive step, and allows content to be verified. Although there will always be different communities online, some legal and some not, privacy is not a viable business model."
CASE STUDY - INVENSYS APV
Invensys APV provides process solutions and support services to the food, dairy, beverage and healthcare industries and maintains more than 70 offices in over 40 countries. Ahead of a global wide area network (WAN) reorganisation project, the company needed to find out more about network use, upgrade security and control current applications on the network.
Most Invensys business units share a common open infrastructure with firewalls at internet access points and at some key data centres. The infrastructure is based on an IP virtual private network over multi-protocol label switching from various providers. APV wanted to monitor and analyse traffic by volume, protocol, application and user, as well as generate dynamic and historical graphs and reports before applying controls to manage traffic.
The company decided to trial Allot NetEnforcer across 15 sites worldwide. The solution deployed was based on the Allot Communications NetEnforcer AC-402 together with the Allot Communications NetXplorer Centralized Management and Policy Sever.
"APV trialled our solution and found a variety of non-enterprise traffic on their network, such as Google Talk, Skype and other chat protocols, which can take up a lot of bandwidth," said Len Munday, Allot senior systems engineer. "We also found a lot of internet radio applications on PCs, where workers had been listening to music."
Although these were not malicious, the company needed to control their use, as the bandwidth consumed by some of these applications was significant. With a global WAN, bottlenecks can occur and being able to prioritise applications and protocols is essential. In some cases the smaller links around 256kbps can get swamped very easily,
The ability to drill down to the most granular level of traffic enabled APV to detect applications that should not have been running across the WAN and take the necessary action. The company now monitors and manages overused links, can establish usage baselines, track usage over time, block or limit specific flows and have per-application control.
It can also quickly identify PCs and servers that are behaving erratically due to misconfiguration or virus outbreaks and automatically limit the impact they have on the WAN environment.
The solution allows all APV IT staff to log into the centralised management system with different levels of access and control their own NetEnforcer devices. The deployment time was minimal, as the company configured all the appliances at head office, allowing them to plug-and-play at the regional office level.