Dismiss Notice
Join Physics Forums Today!
The friendliest, high quality science and math community on the planet! Everyone who loves science is here!

Peer-To-Peer Security problems

  1. Feb 22, 2005 #1
    P2P:

    hey guys, i need your help, I'm tring to find out about the security problems that faced P2P companies, and why they were unable to deal with them, and by this i tend to mention the unauthorized access to other ones' files, where this is a major security question.

    thanx
    Adham
     
  2. jcsd
  3. Feb 22, 2005 #2

    dduardo

    User Avatar
    Staff Emeritus

    I don't understand your question. The only real issue is that most p2p programs broadcast your IP Address, which can be used for hacking or tracking.
     
  4. Feb 23, 2005 #3

    PerennialII

    User Avatar
    Science Advisor
    Gold Member

    Don't many (most?) p2p programs require quite a bit of system priviledges in order to operate ? Like "server" level rights in firewalls, enabling them to effectively bypass it and causing a sort of a security concern. Although didn't quite get the question altogether ...
     
  5. Feb 23, 2005 #4
    P2P messaging programs are more secure than the client-server ones. They can run on a local network without needing to access distant servers on the internet (as in msn, yahoo, irc, etc). So the P2P programs are going to be used more if security is a concern.
    Security issues with P2P still remain, such as 'sniffing'. This is easy to overcome with encryption of messages. What remains difficult to deal with is the problem of social engineering that is the root of a number of attacks. For example as you mentioned a problem is with file sharing. If you download a malware file it can act as a virus, or worse as a trojan horse that communicates with the source computer.
    Yet I don't see any security problem that is inherent in the P2P model.
     
    Last edited: Feb 23, 2005
  6. Feb 23, 2005 #5
    Thanks even though you didnt give what i want, i will give an example for this issue:
    you are (X), and you have(Y) shared files and (N) not shared files. N are private. oneday in the upload section you see (U) another P2P user uploading a file from N.

    my question is why this happens?, and why companies are unable to solve this problem?

    thanks
    Adham
     
  7. Feb 23, 2005 #6

    dduardo

    User Avatar
    Staff Emeritus

    PerennialII, p2p programs can use port 80 and you don't have to run the server with privleges, so that really isn't an issue.

    I have to agree with ramollari. P2P isn't inheretly any less secure than say your average IM client. If you set your shared folder to you complete drive/sensitive data that is just plain dumb on the user's part.
     
  8. Feb 23, 2005 #7

    PerennialII

    User Avatar
    Science Advisor
    Gold Member

    Yep, appears that avoiding the same crackpot pitfalls as usual can make it pretty smooth sailing (didn't know that specific port limitations have been all but erased). Remember seeing somewhere that e.g. antivirus apps have been added with "p2p shields" in order to limit the inflow of malware etc.
     
  9. Feb 24, 2005 #8
    Do you mean "downloading a file from N", because "uploading a file from N" makes no sense?
    Every application instance in a P2P environment is also a miniature server. So any client in P2P can be endowed with all capabilities (including security) of a file server.
    Maybe, since a P2P client has a myriad of other features, the developers could overlook the security aspects and access privileges of file transfer.
     
  10. Feb 24, 2005 #9
    Well, if that's a real life example, that would count as a violation of certain viewing rights in my book, so I grant you your worries over possible more hidden glitches in the software. What you cannot see you cannot hack, or at least not so easily. I also think they should be patching such a thing ASAP, if not rethink the whole setup.

    Also the malware is getting smarter in bypassing shares and firewalls once inside. There's even talk of more malicious ghost-like software, and not by idiots, but by Microsoft itself. They even developed a detection program for it, called Strider Ghostbuster, no joke. So I don't think this issue is totally OTT.

    http://www.eweek.com/article2/0,1759,1766413,00.asp
     
    Last edited: Feb 24, 2005
  11. Feb 25, 2005 #10
    i mean another user uploads from your PC and downloads on his PC, for instance in kazaa there is two ways of traffic for every user( upload, download).
    anyway, it turned out there is no such a problem exactly, but its that P2P are not secure for many reasons i have no idea about?

    Thanks
     
  12. Feb 25, 2005 #11

    dduardo

    User Avatar
    Staff Emeritus

    Your rambling.

    Other users cannot upload files to your computer. You must explicitly download the files off of the p2p networks.
     
Know someone interested in this topic? Share this thread via Reddit, Google+, Twitter, or Facebook

Have something to add?



Similar Discussions: Peer-To-Peer Security problems
  1. Security Theorem (Replies: 1)

  2. Usb security (Replies: 1)

  3. The TAO of security (Replies: 4)

Loading...