- Peer-to-peer file swapping networks have been growing in popularity ever since Napster emerged, with Morpheus, Gnutella, and Kazaa being the more popular options in use today. In addition to the copyright issues and bandwidth problems these programs often cause, they can introduce numerous security risks into your organisation.
Morpheus popped up in the news again recently, after a purported attack against its network. According to StreamCast Networks CEO Steve Griffin, the Morpheus network was the recipient of a DoS (denial of service) attack and had its client software attacked -- encrypted messages that changed registry settings were sent to Morpheus users. As a result, Morpheus is switching from the FastTrack-Kazaa network to Gnutella.
Any user connected to a file-sharing network is vulnerable to attack, whether in the form of information pilfering, session hijacking, or DoS. Additionally, some files available for download are infected with viruses. In preparation for this column, I downloaded a handful of files from Morpheus and found two of them carrying viruses.
How can you protect your organisation's network from these file-sharing applications? First and foremost, define a policy on how to deal with these applications. If you want to deny access to these services (as do most organidations), ensure that your policy clearly states this and outlines consequences for failing to adhere to the policy.
The most common step to enforce this kind of policy is to block access to these services at the firewall. An excellent resource for information about configuring your firewall to block various file-sharing services can be found here. The site even contains the specific IPchains or IPtables rules you need to implement.
One note about this approach: You should block both port access and IP addresses. Although some file sharing systems use a specific port number, many can be tunneled through HTTP port 80, bypassing virtually any firewall rules because port 80 is almost always allowed. Blocking access to the service by IP address can be more effective, but it also takes a little more effort because the IP address ranges can change periodically.
Second, you can try to stop the issue at its source by preventing users from installing the client software on their system through Windows Group Policy or a personal firewall configured to prevent unknown applications from accessing the network.
One of the more unique solutions I have heard about involves using Snort, the open-source IDS (intrusion detection system), to identify file-sharing users. In this solution, Snort signatures are created to identify the file-sharing services; when usage is detected on the network, you can easily identify where the traffic originated and remove the client application from that system.
Whichever tactic you employ when it comes to file-sharing applications, make sure it starts -- and ends -- with your company's security policy.
Andress covers security and networking for the InfoWorld Test Centre.