The Dangers of File-Sharing in the Office
Jan. 26 -- You have all your e-mail and Web-filtering software in place at the office, and you carefully monitor message logs for signs of abuse by workers.
But little do you know that for months, a disgruntled employee has been instant messaging company secrets to a friend who works for one of your competitors. And he's been using commonly available utilities to disguise sensitive files as MP3s, which he shares openly using peer-to-peer (P2P) file-sharing services.
The explosion of instant messaging (IM) and P2P file-sharing applications in the workplace is a new security challenge. Employees can easily download such applications for free, often without detection by the Information Technology (IT) staff.
The threat from such applications amounts to much more than simply lost productivity and wasted time.
Open Secrets
Divulging company secrets is only one of the serious threats posed by IM and P2P applications. Both provide new entry points to your network for intrusions, data theft, denial-of-service attacks, viruses, and worms.
In fact, security vendor Symantec reported in one of its biannual Internet Security Threat Reports that the number of attacks over IM and P2P systems quadrupled from January to June 2003. Both applications are adept at bypassing firewalls using port-scanning and tunneling techniques.
And none of the popular IM clients offers strong authentication or encryption, so they are vulnerable to account hijacking and eavesdropping for valuable or damaging company information divulged by unwitting employees.
Network Crawl and Legal Liabilities
Then there are the bandwidth issues. Since each P2P node is acting as both a client and a server, your precious network bandwidth may be devoured not only by your internal P2P and IM users but also by P2P users all over the planet downloading songs from your users' shared directories.
And don't forget the legal issues. The Recording Industry Association of America (RIAA) has repeatedly warned Fortune 1000 companies that they could be liable for employees that break copyright laws by using their networks to download, store, or distribute music or movies illegally.
