Maybe, experientially, the small branch office with a P2P network has escaped a security incident since deployment. Even so, a functional P2P network unintentionally presents itself as a potential target waiting for someone capable of pulling the threat trigger to introduce a potent security disaster. For instance, at the infrastructure level, attacks can originate from hackers taking advantage of a P2P enabled application to assist spyware or malware in slipping past perimeter defenses and lodging in the background of user devices. In particular, a P2P-agent utilized in communications software can include or hide spyware that collects information about the target system as well as user, then subsequently send compromised information to unauthorized individuals without the legitimate owner’s knowledge. High-Level Data Link Control, Frame Relay, and X.25 protocols have P2P communication modes that can be spyware enabled. Consequently, a P2P network should not be deployed unless effective compensating and mitigating security controls are implemented.
As operational baseline countermeasures to P2P risks, management should document and monitor P2P file-sharing technology to ensure that this capability is not utilized for unauthorized information distribution, display, processing, or reproduction. Furthermore, management should ensure the appropriate encryption is implemented to sustain an adequate telecommunications defense. Lastly, meticulous proactive security risk assessments of P2P networks can prevent inherent IT vulnerabilities from becoming threats requiring incident response resolution.