P2P clients security breach?

[N1K]

Hi guys,

I need to now how high is a security risk while you use P2P clients like Limeware, WinMX and Bitorrent on Win2000 Server?

[fizban2]

is this a corperate environment? or just something at home? running P2P will increase your security risk either way since you have to open the ports used by those programs and most of the ports are well known.

[N1K]

It's a corporate enviroment and the ports for those applications are open...

[chilifrei64]

Not a good idea. your are asking for a load of problems opening up ports for P2P apps on your corporate enviroment.

As a general security practice.. you want the least available ports open as possible. so opening up more is not a good idea

P2P on a corporate is not a good idea.. you will get loaded with viruses and other unwanted things on your network.. remember.. if you open the ports on your corporate firewall. anyone else will be able to run the software download all sorts of stuff to your network

As a network admin.. why would you want P2P on your corp. network.. you know you are only asking for trouble.. P2P filesharing is illegal you know.. your company can get into a LOT of trouble if you have illegal software

It is not only a security risk but it is a financial risk for your company and should be a risk of your job.

[fizban2]

I would say close the ports as soon as you can, there is no reason why they should open, plus this is most likely eating up alot of your bandwith, on the network and on your internet connection.

[I_Broke_My_MHZ]

Allowing them on the clients is OK in theory as long as you maintain the policy of keeping up to date with patches, but in practice it isn't a good idea because users generaly cannot remain responsible with such tools.

Having them on the server themself? Are you kidding me? That is a definate NO.

[chilifrei64]

P2P on a Corporate Network is a definate NO across the board.. workstation, laptop, server.. it doesnt matter.. In theory.. there is no problem like you said.. in reality.. there is nothing legal/right about it.

[ringfinger]

P2P on a Corporate Network is a definate NO across the board.. workstation, laptop, server.. it doesnt matter.. In theory.. there is no problem like you said.. in reality.. there is nothing legal/right about it.

<{POST_SNAPBACK}>

I agree... P2P at work in a corp environment leaves the network vulnerable period. Not a good idea at all.

[N1K]

This is the situation:

Win2000 Server with the latest security patches and up to date anti-virus app...

The only one who can access this server is IT dept, and only they can use those P2P apps. This is Connect Direct machine and all the other users use proxy for internet connection.

None of the corp users has access to this machine...

[chilifrei64]

I think you are missing the point.. P2P should not be on a Corporate network because it is more than a security risk.

[fizban2]

What chili is trying to get at is that P2P isn't truly legal, just having it on a corporate machine puts that company at risk, say someone downloads a movie or song and some tracks the IP back to your company, now the company is is real trouble, doesn't matter who it is. the company is taking the heat now for having it on the network there. Just take it off...

[I_Broke_My_MHZ]

Why does this kid have the privaledge of using a corp. server? Seriously, quit your job and find a new passion, or get a clue. This is just reckless.

[N1K]

Why does this kid have the privaledge of using a corp. server? Seriously, quit your job and find a new passion, or get a clue. This is just reckless.

This kid is older than you and would kick ur a** so shut up!

Anyway I've closed those ports and removed P2P clients..

Edited October 7, 2005 by N1K

[fizban2]

Good choice N1k,

It will save you hassle later on and should help the network out some too, less traffic from teh P2P clients, They are nothing but troulbe in a corperate environment