A new bill in Congress could put an end to the use of popular P2P (peer-to-peer) programs on all federal computers according to Federal Computer Week (Bain, 2009). This ban would be the result of a number of high profile incidents where sensitive government documents were leaked from government pc's using P2P software.
The leaks were discovered during a Congressional investigation (Moscaritolo, 2009) and have prompted lawmakers to consider prohibiting these programs from not only all government owned computer systems, but also from all computers used by government contractors and telecommuters. P2P applications are just one of the new challenges that network administrators face, and controlling them with older security equipment can be difficult or impossible. P2P programs allow users to connect to other remote P2P computers and share files which can lead to legal as well as security issues. Copyrighted material, malware, and sensitive information can all be transferred by these programs without the administrator being aware.
Additionally, these P2P programs often have little or no security and if incorrectly installed could result in users sharing their most sensitive documents without their knowledge either. P2P programs are often designed to go undetected and will use sophisticated protocols as well as encryption and tunneling to create connections through firewalls. These design features make it difficult for network administrators to detect the usage of these programs which of course means that they're unable to stop them. These issues combined with the new P2P bill could spell trouble for organizations that do not have the proper security equipment in place. Companies that want to do business with the government will need to show they can identify and stop these programs from transferring files.
To do this they will need to use special P2P aware application controls such as the Astaro Flow Classifier (AFC) which is found in the Astaro Security Gateway. The AFC allows for the detection and classification of the protocols these programs use, and provides administrators the ability to block their usage and identify machines that have them installed. This new bill highlights the need for a flexible security solution that can be adjusted to meet the changing needs of business. Organizations of all sizes need the proper tools to not only provide security but also to remain compliant with new laws and standards. Bibliography Bain, B. (2009, November 18). Bill would make P2P software a no-no for fed systems.
Retrieved from Federal Computer Week: http://www.fcw.com/Articles/2009/11/18/Web-federal-P2P-ban-bill.aspx Moscaritolo, A. (2009, October 05). Army Special Forces document leaked on P2P network. Retrieved from SC Magazine: http://www.scmagazineus.com/army-special-forces-document-leaked-on-p2p-network/article/151309/
The original article/video can be found at P2P Law