It's also difficult to log P2P activity at the firewall level, since connecting ports frequently change and can't...
be easily identified. Without distinct ports to block or log, P2P traffic can slip through a firewall undetected.
Despite that, P2P doesn't move totally in the dark, and depending on the application, it leaves some footprints that can be tracked by commercially available tools.
One tool is ProxySG from Blue Coat Systems, a leader in enterprise Web content filtering and blocking tools. Instead of blocking ever-changing ports and IP addresses, ProxySG looks for the type of malformed HTTP packets used for communicating to P2P networks. It also checks the headers of outbound packets for known P2P agents like KaZaa. ProxySG can also be used to log allowed agents on the network, so that inappropriate agents, such as P2P, can be logged and tracked.
Another product is Real-Time (RT) Guardian from FaceTime Communications. RT Guardian uses FaceTime's IMAuditor technology and sits in the DMZ to monitor P2P and IM traffic. Since P2P software is often bundled with spyware, FaceTime uses malware-screening technology to dig up P2P instances by detecting spyware that is commonly known to piggyback along with it.
Proventia, a product from IBM Internet Security Systems, logs and blocks P2P by building a profile of common ports used by file-sharing software such as KaZaa and Gnutella.
Despite being difficult to track because of its dynamic and decentralized nature, P2P usage can be logged with commercially available tools through detection of unique HTTP packets, headers and other P2P traffic quirks.
For more information:
Related Q&A from Joel Dubin, past SearchSecurity.com expert
The security of RFID chips and smart cards may not be fully mature, but there are best practices to keep facilities safe. Identity and access ...continue reading
Picture passwords for mobile device security aren't a new idea, but they have been recently improved. Identity and access management expert Joel ...continue reading
Hacked smart cards are a large potential threat to enterprises that utilize them. Learn how to thwart smart card hackers.continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.