Peer-to-Peer Technology and Security Issues

ByRaul Rodriguez, Arash Zarrinbakhsh,

Cynthia Roger and Phillip ShiresCollege of Business Administration (CoBA)

April 26, 2007

ForForHTM 304 HTM 304

Professor Fang, FangProfessor Fang, Fang

Introduction

The Peer-to-Peer system/networking gets rid of having to have a centralize server. Peer-to-peer is a method in which computers communicate and share resources equally.

Objectives/Aims

The objective is identifying the different types of technology and security applications with the Peer-to-Peer networking system.

Scope of the Project

This report will introduce centralization, decentralization technology protocols, also security attacks and securing computers / networks.

Business Case

Peer-to-Peer services has the resources to help companies in ways to sharply cut their distribution cost, this reason alone is reason for researching Peer-to-Peer technologies and security issues and concerns.

Research Methodology

Arash Zarrinbakhsh – CentralizationCynthia Roger – DecentralizationPhillip Shires – Attacks on P2P NetworksRaul Rodriguez – Secure P2P Networks

Centralized Technology

Traditional Peer 2 Peer, which connected one computer directly to another computer or server.

Client-Server modelA central server keeps information on peers

and responds to requests from nodes for the same information.

Centralized Technology

As nodes arrive and demands on the system increases, total capacity of the system decreases.

In contrary with decentralized, centralized does not have peers that are responsible for hosting available resources

Decentralized Technology

Definition per Wikipedia, Pure peer-to-peer network does not have the notion of client-server model, but only equal peer nodes that simultaneously function as both “client” and “server” to the other nodes on the network

Decentralized Technology

Unlike centralized, Peers are responsible for hosting available resources.

Peers are redirectors which make available resources sharable to peers that request files.

Decentralized Technology

Advantages Networks are scalable indefinitely The more users the more network

resources available. Less costly

Attacks on P2P Networks

Computer Attacks Viruses Malware – Spyware Denial of Service Identity Attacks Filtering

Attacks on P2P Networks

File Attacks Poisoning Polluting Defections Spamming

Securing P2P Networks

Authentication The process of whether or not some entity

is in fact who or what that entity declares itself to be.

Authorization The process of giving a authenticated

entity permission to do some action or access some resources.

Securing P2P Networks

Encryption The process of converting readily

understandable information (plaintext) into a form difficult to understand by unauthorized individuals and systems (cipher text).

Securing P2P Networks

Software Antivirus protection Firewall protection Microsoft Windows Peer-to-Peer

Networking = All three for Businesses Safe boot = Encryption Super E-mail Verifier 1.66 = E-mail

Securing P2P Networks

Companies/Consultants Fortify Software = Java script advisory Enterasys Secure Networks = Network

access control

Recommendations P2P is an efficient for monitoring traffic and

control what is happening on desktop. Also, “For a name publication and resolution mechanism, Window Peer-to-Peer networking uses PNRP. PNRP is an efficient, protected, low cost, dynamic protocol that uses an iterative, server less method for name resolution.

Scope of Future Work

P2P must be scalable, don’t worry about network defragmatation and loss of search replies.

People must be able to trust resources being acquired.

P2P must become a more robust

network.

Conclusion

The elements to secure systems focuses on trust with users/nodes. Trust is an issue when; management and distribution of content, distributing processed work when other nodes is sharing and collect results.

Authentication Authorization Encryption