Introduction
The purpose of this report is to demonstrate why Security in peer to peer is very important in a small network infrastructure. Peer to peer security is very important when you want to access information over a network , but it has also has a number of risks. This is why in this project I'm going to demonstrate why peer to peer network need to be secure.
What is peer to peer?
The term "peer to peer: (P2P) refers to a class of system and application that utilize resource for function. In this case P2P use computer as their resources such word processing, as disk storage or network bandwidth that can be set up to provide internet to other computer without having a centralize server.
Peer to peer security
Peer to peer users that use file sharing systems often face high security risks as user other internet. On the other end file sharing give more space concerns due of the quantity of file transfer. Due to the quantity of transfer most people trading files on peer to peer network it attract many internet user predator who want to steal the information, so to protect we have to value from unsecure to secure network the security risk, peer to peer user know where to run their application to the source destination they can trust and should be careful to check their anti-virus software and firewalls against attacker.
In order to avoid this issue there's some solution at this problem is to verify authenticate user, make sure every user on the network is valid to access private file and public file. Document on the private link or public link can be protect by using cryptography encryption and decryption, to make it more secure the sharing document over the network will use (VPN) virtual private network system to access their file this system will only allow user with a valid IP address ID authentication to access their file.
Reliability
To make a peer to peer network rebus and durability company need to prevent every possible way to make internal network secure such as from the firewall to the computer system. a good secure network is how well it is secure.
Peer to peer vs client/server
Client server and peer to peer network are very identical because you can built and configure both model to his characteristics such has managing and configuring, functionality look up vs discovery, organization network hierarchy vs mesh, components like DNS (domain name server) and protocols for example IP address. Furthermore you can use each other model to built another model for example you can implement a peer to peer network into a client and server network. Finally both models can perform different types of platforms such as internet and intranet etc and both can serve high recommendation application and software, for that reason, it should not be a surprise that there is so much mystification about what P2P is and what it is not.
Security Majors
During this period of time who would realize that p2p would be a problem to the world, for many organization for fraud and loss just because of intruder inside their network that making peer to peer network on top of the I.T world. Napster was one of the most popular p2p application which end up in a court case because of the attack and more p2p application in our day in the corporate world a problem. This is why with better security protocols p2p would be a problem and business could take their business to a new I.T level.
The figure down bellow of this page show gaps between security protocols by using a p2p application. It is clearly show those gaps are application that are intruding inside the network between the internet and the network so the network still at risk. The internal network might be "protected" but it is still unsecure outside the network.
Following on from this , it now to think what could be best to protect ourselves s against intruder, so we must reconstruct and analysis what's is important , what we can improve or prevent before we deal with the problem. The idea is to improve the network we have to have the most secure anti-virus software, an operation control where software cannot run without authority of the user, access control where user is require a authentication password or a digital signature to access their needed, connection control where we can improve our firewall to block outside port and open port that is required and improve security from the internet such as VPN (virtual private network) and lastly contents protection to protected the data with encryption.
This figure illustrates all the main points a business organization have to focus to deal with unsecure network.
External Threats
In a p2p network external threat is a critical issue, when its break in it bring many threat to the network such as spam, worms and virus attack. A p2p network also allow a user to download and user copyrighted material that violate property law and also file sharing which violate the company security policies. P2p application for example Kazaa, Napster, Limewire and other type are being popular in music, user that work in the organization love downloading music and taking benefit of the high internet speed connection to download mp3 file at work. This is a critical problem because you think you have well secure the internal network where the employee of the company decide to download some p2p file and bring virus to the internet network. Unfortunately p2p network which is decentralize security administration and decentralized data storage that are a critical issue when trying to protect perimeter of the firewall and other devices.
Encryption cracking
When distributing p2p application over a network it require a large amount of desktop which apply the difficulty to the problem. for example in 1999 "distributed.net" is a electronic frontier foundation (www.eff.org) which have lunch a brute force attack with a 56 bit DES encryption algorithm and broke the DES encryption in less than 24 hours. At that time "distributed.net" was trying to test 245 billion of keys per seconds which is quite a lots. DES during this period was the strongest encryption for the US government.
Theft
Corporate company can lose million of money which worth the property due to insecure network files that use p2p technologies. There's a p2p tools such as Wrapster that can mask a .zip file into a .mp3 file, so when a organization use a p2p application to download .mp3 file it inject virus when the .mp3 file is lunch over the network. This is a serious critical issue for many business that being robbed and lost million of genuine software's.
Trojans, Viruses, Sabotage
Internal user of an organization could simply download and install p2p application that can cause serious damage. When the user use the software it can provide a backdoor Trojan which being execute which allow the attacker to access the administrator computer, then the attacker would so some serious damage to the computer and can access to the computer data.
Company user that use p2p software can simply configure their application to protect information for personal use. The p2p file sharing can have for result in failure of control over data that's being share outside the organization.
P2p application gain most security in the same way as an Trojan horse because when the p2p software is installed on a "trusted device" it provide communication through the organization firewall with other users. When the connection is establish from the device to the external network, attacker can quickly have remote access to the trust device which they can steal private document, company information or executing a denial service attack which the attacker will simply gain access control over the network sources.
Confidentiality
P2p software such as Kazaa and Gnutella are a client software that's share you network drive as resources, so as result of a hacker they can find out what operating system the user has and also can view sharing folder of the system which they can gain access to the folder and steal information that is confidential
Authentication
Authentication and authorization in a network is crucial to the company because when using p2p you need to make sure if the peer user is access the right information which your allowing too or the peer user has access the information his not permitted too this is why company need to make sure user have the right access other information.
Internal Threats
As long with external threats there are few issue regarding internal issue with user not simply following the company policy that we have to deal with.
Private Business on a public network
Some company implement a private business into a public network, which put the business in various security risks. Those risk must be eliminate to avoid problem, it is not well structure if a private business use p2p on a public network the company can lost everything.
Adding and removing users
In peer to peer network adding and removing user is quite easy for a single computer but if you have a large network it's hard to add new user or removing because there's too many computer systems. They must add/remove user without decreasing the system performance, this is why most treat are user that know the system because they being working in the organization.
General security
P2P have many security problems with networks over the system that needed a solution. Most common problem over p2p are latency, authentication, restriction, firewall, monitoring intruder and traffic.
Distributed dangers
When downloading and installing an software application from the web it may contain a denial of service when execute which could have effect that the software aren't compatible with the computer or it may contain bugs which can crash the system.
The people problem
there will be always an malicious user that would like to gain access to the internal network, no matter how secure the network is a skillful attacker with enough time will find a way to get around them. So the only way to make the security more secure is to keep in advance of the hacker by implementing better secure network protocols.
At some rate people trying to make peer to peer a new level of revolution by publishing company file to the internet by using a user computer. For example databases information, spreadsheets, application which are enabling for p2p features and critical data information flowing from every user computers.P2p systems provide feature that which have for purpose including searching for specific content information, discovering other type of peer network connection and implementing other application with their function such as editing, remote wireless mobile support, it is clearly view why security in p2p is a critical factors over p2p networks.
By trying to counter attack those threat is to ad hoc deployment, managing and reducing the risks of confidential information or accessibility of systems that require planning and carefully select an p2p infrastructure that will enables application and services will be implement.
Security Mechanisms
Every security mechanisms that are deployed today , they are based on whichever symmetric/secret key or which either asymmetric/public key cryptography or either sometime it use the combination of both. In this section I'm going to explain what are the critical aspects of a secret and a public key techniques which then going be compare to their main characteristics.
Secret key techniques
The function of the secret key techniques is that the sender and recipient will share a secret which will use various cryptographic techniques such as encryption and decryption of secret messages following by the creation and verification of the secret message authentication data. The secret key is now needed to be exchanged in a different bound of procedure which prior to intended communication by using a PKI.
Public key techniques
The function of the public key techniques is base of using the asymmetric key pairs. Each user will be in possession of one pairs of key. On the other end, one of the pair of key is going to be public while the other pair key is kept private. Because one pair key is available there's no need for an outside key exchange however there will be need for an network infrastructure to distribute the public key by using authentication, because the pre-shared secret key doesn't need the prior to be communicated this is why public key techniques are perfect for the security between previous unknown parties.
Asymmetric key pairs
Asymmetric key pairs are not like other key which allows to lock or unlock the door by equal facility which mean the public key used a type of cryptography which is asymmetric. This means only the public key can encrypt the message with simplicity by decrypting it or with some difficulty, as wellbeing one way functions, using cryptography with the public key are also call a trapdoor functions which the function consist of inversing can be done easily without the private key is known.
Protocols
The meaning of protocols is an mechanisms which establish cryptography that verified identity which is important. They are industry standard that allow authorization protocols to ensure that they are communicate with the remote system.
Secure socket layer (SSL)
Secure socket layer (SSL) is a protocol that use for protection of information that is transmitted between a p2p network, some of the p2p utilize the industry standard (SSL) protocol. This will guarantee that file and document that has been send will be received unmodified. Furthermore because both peers use secure socket layer they both automatically recognize each other before information is send over the network. This protocol make sure the mechanism is transfer confidential communication with the right over end part that will use the same techniques that all website operator use to protect consumer for privacy and confidential send over internet.
IPsec Technologies
VPN (virtual private network) is a type a system that use IPSec technologies which evolve framework of protocols that's becoming a standard to most vendors. IPSec is use for both software and hardware VPN to remote access with clients. User that use IPSec require some regular knowledge for the client because of the authentication which is not a user based that mean a token ring like a cryptography card is not used. However the security come from a workstation with an IP address or from a certificate which establish by the user to identify and ensure the integrity to the network. IPSec is basically a tunnel acting as the network layer protocol protecting data packet passing through despite of the application.
VPN ( Virtual private network )
Virtual private network is a tunnel which keep information private. The last thing you don't want a business to have are stolen information by hacker or other type of attacker, VPN help to strongly secure data on the same public network. To authenticate VPN users a firewall will be necessary because all VPN require configuration to access device whichever software or hardware support to secure a channel. A random user will not be able to access the VPN, because it would ask for authentication to allow a remote user if it can have access to the network. VPN can prevent attacker from successfully authenticate with the network even if they were trying to get a VPN session.
Future of peer to peer security
In P2P security everything must rely on trust, with the user, software or hardware. If everything was trusting each other there will be a greater security and peer to peer network will be more secure than a centralize server. In now day business users are gaining trust in a P2P community because all user need to assign a unique digital signature which is an IP per users not for the computer. This trust level will now growth between user and help to validate user on the network which can help to determine intruder. The plan is to all user of the organization will have a low level of trust and a high level of trust which are implement in user accounts. This idea will keep low level user trust and high level trust separate on network to make sure every user is accessing the right information on the network this is why in nowadays centralize server can provide this type of technology.
Conclusion
Security in P2P network is very crucial when the issue is to design and implementing P2P system. A peer to peer network have to be secure from the system to the internet to avoid problem from attacker. It is vital that user start to realize a measure of security is being utilized is to protect themselves when P2P technology reach its full capability. At the moment security is a big measure issue for most company in our world that needed new level of security that must be addressed immediately.
