Vulnerabilities in peer to peer communications Web Security
Vulnerabilities in peer to peer communications Web Security Sravan Kunnuri
What is peer to peer communication n Peer-to-peer is a communications model in which each party has the same capabilities and either party can initiate a communication session. Each communication node has both server and client capabilities. Napster and Gnutella are examples of this kind of peer-to-peer software
How does P 2 P Work n n n Peer to Peer communication consists of get requests, replies, and file transfers. Most of these programs currently use default ports, but can automatically or manually be set to use different ports User must first download and execute a peer-to-peer networking program.
How does P 2 P work (cont. ) n n n User enters the IP address of another computer belonging to the network Computer finds another network member on-line and connect to that user's connection Users can choose how many member connections to seek at one time
Vulnerabilities 3 types of vulnerabilities exist when using P 2 P software. - Technical vulnerabilities are those that can be exploited remotely - Social vulnerabilities are those that are exploited by altering or masquerading - Legal vulnerabilities are those that can result from copyright infringement n
Determining Vulnerabilities n n n Monitoring traffic for common ports used by the software Searching traffic for certain application layer strings commonly used by P 2 P software Scan network storage locations for content commonly downloaded by users
Protection Against Vulnerabilities n n Enforce a policy against the downloading of copyrighted material Acceptable use policy for the corporate Internet connection Regular scanning of network storage and company workstations for unauthorized materials Network restrictions
References n n http: //www. sans. org/top 20/#w 9 http: //searchnetworking. techtarget. com /s. Definition/0, , sid 7_gci 212769, 00. html http: //h 50043. www 5. hp. com/psg/event s/relatedfile/SG/E 236159 AI%20 Public. p df http: //www. carnet. hr/cuc/tnccuc 2003/program/slides/s 3 c 1. pdf
Thank You Any Questions? ? ?
- Slides: 9