Security In Peer To Peer Networks

Thesis statement: Users of Peer to Peer networks must be aware of the security and how to deal with the attacks.

Introduction

Technologies are getting more advance each day, in this assignment will be sharing and discuss about the security in peer to peer networks. Security run an important role in every network applications because this is the place where people and the systems are all link up together and can access each other data and also programs. According to Madron (1992) points out that:

One of the primary objectives of computer networks (and especially of local area

networks) is to provide easy and convenient access to computer systems within an

organizations, and it is that same ease of use that can sometimes conflict with

security needs. (p.3)

This being the case most of the peer to peer networks can remote the systems to access the nodes in the peer to peer network and programs are often transferred in the systems in remote locations and also because of the usefulness of the networking it really attracts people all around to use and at the same time problems of security happens. So it is crucial for the users to ensure their security in the networking. The problems usually started from modification of messages in transit, denial of services attacks and interception of messages, "perhaps the most obvious active threat faced by a communication system is an attack that can destroy or delay most or all messages" (Madron, 1992, p.63). In order to secure the systems of peer to peer network there is three basics requirements of security, integrity and authentication, it seems evident that "Data integrity ensures that data have not been altered or destroyed in an unauthorized manner. Both data integrity and authentication rely heavily on encryption as a primary security mechanism" ( Madron, 1992, p.71). For this security the operating system level and application level is used. As to ensure the security for every users, the helps support security needs to be posted to the peer to peer network and also to be specified.

Requirements

Peer to peer (P2P) file sharing networks have become wildly popular. The first major file-sharing network example was NASPSTER, which designed to allow music fans to share MP3 music files and so on. P2P actually is all about sharing resources like files, storage or processing time, with every other computer in the peer network. The peer network usually consists of authorized peers in a corporate setup. When everyone is accessible to remote peers, the host becomes more open for all kinds of attacks. In addition, as clients, peers may download different forms of files or get their process executed by different remote systems, which may prove to be hostile. The best things to do to prevent all this things to happen, is to stay out from peer to peer network. But with this kind of solution will depose us of all P2P computing or network privileges. P2P systems example like Gnutella, Wired:P2P pages and Groove Networks are here to stay.

"Gnutella

A free software application using peer-to-peer technology for sharing MP3 and video files.

Wired: P2P Pages

This global file-sharing guide lists 240-plus downloads, services, and information resources - most of them free - designed for experienced P2Pers and novices alike. Technical specs are provided for software developers to build many of these services.

Groove Networks

Develops Internet-based software for people to collaborate with one another."

( http://www.business2.com/webguide/0,,26518,00.html )

If P2P are going to be used widely or commercially, the requirements of security of the hosts should make their transactions secure and applications endanger the security of the host.

The Peer-to-Peer networks threat

Peer-to-peer networks software or files are available for free in the network itself, because of this there are threats in P2P networks. During transferring files or loading files, viruses could be sent along with the files that are transmitted. "For example, according to much of the information in industry literature we might well be led to believe that 'worms' and 'viruses' are the primary threats with which we should be concerned" (Madron, 1992, p.8). An example of a network being targeted by virus which is Gnutella networks and the virus is Gnuman worm. This Gnuman worm (Virus) will increase the amount of itself by serving requests from other users and to another one. For example, if a users or peers requests for a music "Daredevil soundtrack" the worm will wrap itself in the music file and will deliver it to the users. Even Instant messengers have been found to be used as a tool for transmitting viruses. Bug in P2P programs can also be dangerous. For instance evident that, "in August 1999 a bug in the AOL Instant Messenger (AIM) client allowed an attacker to overflow internal buffers by sending URLs constructed in a certain manner" (http://www.rcsi.org/Newsletter/2002/Jul/Jul-Aug02Monitor.pdf). In this situation, it was possible to crash the client, obtain control of the AIM program, execute arbitrary code, and add random friends to a friend list through a Web page or email. Since P2P networks perform well in transmitting files and also because of the fast spreading. The best thing to do is to use Antivirus software. Other threats are available such as password and date theft, violating intellectual property laws, using the corporate network for personal or illegal activities, and violating corporate security policies.

The elements of secure systems

* Encryption is one of the major security risks on LANs and HSLNs, which use a multi-access medium the risk of eavesdropping. Eavesdropping can be done by programming the NIU to accept. According to Durr and Gibbs (1989, p.355) "encryption is the process of changing intelligible data into unintelligible date; decryption reverse the process. For most local area networks, data encryption is used only when the security threat is substantial."

The Peer-to-Peer network is very useful, new and in the same way is dangerous. In a P2P application, encryption can play many roles. One obvious use of encryption is to protect the information that flows between peers on an unsecured network such

...