IT Governance, Risk, and Compliance

Feb 26 2009   6:49PM GMT

Peer-to-Peer Networking – Part 1

Robert Davis Robert Davis Profile: Robert Davis

There are a variety of networking architectures available for deployment. Potential candidates include Peer-to-Peer, Client/Server and Master/Slave. However, Peer-to-Peer (P2P) architectures present unique governance issues to the information security manager when comparable network configurations are considered. Flawed implementations, poor legacy security standards, limited user awareness, as well as lax technical security and administrative practices can form especially lethal combinations that may decimate a positive assertion regarding P2P network access protection.

Focusing solely on access vulnerabilities, as most information security professionals are acutely aware, P2P is normally restricted to share-level security (also known as Password-Protected Share). Archetypical share-level assigned password security provisions two mutually exclusive access attributes (read-only and full) to a file, printer or other network object. Share-level security also normally lacks centralized access control capabilities. Specifically, a user ‘access matrix’ is usually absent from P2P architectures for granular authentication or authorization arbitration. Therefore, increased security risks are inherent with P2P deployment compared to other adoptable network configurations.

 Comment on this Post

There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

Share this item with your network: