Tackling the File-Swapping Threat

Akonix releases tools to identify and block file trading

Akonix Systems Inc. released two tools to help universities, as well as public and private institutions and corporations, eliminate the dangers associated with peer-to-peer (P2P) and instant messaging (IM) file transfers on their networks. Organizations that do not manage such activity face a range of threats, from legal liability to computer viruses to loss of network bandwidth, not to mention a general loss of information security integrity

“Using P2P file sharing to download any music, video, or software without the appropriate license is not only an open invitation for legal action but a tremendous security risk that allows hackers and viruses full access to corporate networks,” notes Pete Lindstrom, research director of Spire Group LLC in Malvern, Penn.

Case in point: The major trade associations representing the motion picture and recording industries recently sued, then settled with, four university students they accused of hosting applications to illegally swap files. As part of this get-tough stance, they also released a guide, “A Corporate Policy Guide to Copyright Use and Security on the Internet,” which requests that companies ensure that their computer and Internet systems are not being utilized for film and music piracy. Copies were delivered to the Fortune 1000.

Of course companies can put in place (if they haven’t already done so) security policies that prohibit employees from running P2P file-sharing applications or knowingly violating copyright laws. That doesn’t mean employees aren’t doing it, however, and experts say that no matter what the policy says, if employees break the law, the employer can be liable.

“Corporations are facing an uphill battle if they believe that the written policies they have implemented are enough to stop these technologies from being used by their employees,” says Peter Shaw, CEO of San Diego, Calif.-based Akonix. “This is just not the case.”

To underscore the point, Akonix released Rogue Aware, a free monitoring tool—a network sniffer—that detects and reports on the use of free instant messaging programs—AOL IM, MSN IM, and Yahoo! Messenger—as well as P2P file sharing occurring inside the organization’s networks, scanning for many common P2P applications. Rogue Aware creates a report with a range of statistics, including numbers of files traded and file-trading applications in use, to help organizations assess their file-sharing vulnerability.

What is such a report likely to show? A recent search of the top downloads from CNET finds P2P application Kazaa topping the list, with the similar Morpheus application also in the top 10. The listing shows that Kazaa, with over a year on the “most popular downloads” chart, has been downloaded over 227 million times.

Last year, research firm Ipsos-Reid in Minneapolis estimated that one-fifth of Americans—about 40 million people—have downloaded digital music from file-sharing services.

How much of that downloading takes place in the work sphere is open to debate, but no matter what the answer, the threat of liability is only going to get worse for companies, says Akonix’s Shaw. “An Arizona-based company targeted for storing illegal MP3s on company servers has already settled out of court for $1 million and now industry groups, like the RIAA and the NMPA, are lobbying Congress to levy even steeper penalties.”

The information security threat could also continue to evolve. Recently a number of viruses and worms, including Fizzer, have made use of file-trading networks, copying themselves to users’ upload directories to aid in their spread.

To help companies tackle those kinds of threats, Akonix also released Enforcer, a new module for its L7 Enterprise v2.0 gateway that identifies unwanted IM and P2P activity—both incoming and outgoing—and blocks it. Similar functionality is also available in software and appliances from such companies as Packeteer Inc., Palisade Systems Inc., and TippingPoint Technologies Inc.

Of course, administrators can manually block the standard ports used by various products to get in or out of the corporate network. Yet many IM and P2P applications make it easy for users to find other ways in and out of the network. Without technology such as Enforcer or intense manual effort, many of those applications can even if their standard ports are blocked, bypassing many kinds of existing network security including some firewalls.

Enforcer also allows organizations to create and enforce granular security policies. For example, it can scan for message content (keywords, phrases), file transfer properties (file type, size, keywords), time of day, and message direction, then block accordingly. IM access and features can be restricted for specific users. In addition, all IM sessions can be recorded and logged, useful for creating a forensic audit trail. The overall combination can also help companies enforce a security policy and thus comply with HIPAA—the Health Insurance Portability and Accountability Act—and the Sarbanes-Oxley Act of 2002.

L7 also generates detailed reports of activity, can automatically inject custom disclaimers into a message stream, broadcast alerts to any or all logged in users, and ensure that employee screen names correlate with actual identities. It works with four of the biggest public IM networks—AOL, ICQ, MSN, and Yahoo.

About the Author

Mathew Schwartz is a Contributing Editor for Enterprise Systems and is its Security Strategies column, as well as being a long-time contributor to the company's print publications. Mr. Schwartz is also a security and technology freelance writer.