P2P has more uses than just sharing files such as music, videos and games, as is commonly thought. It can also include Instant Messaging (IM) and grid computing architectures. In either case, the two biggest issues, to start, are confidentiality and authentication.
A Web of authentication needs to be set up so only trusted clients can communicate with each other. First, since multiple clients can access each other, without a central authentication server, the system has to have a way for two clients to authentication each other when communicating. This can be done through certificates or key exchanges, for example.
Confidentiality is best protected by encrypting the traffic between the peers once they authenticate each other. Again, key exchanges and agreed upon encryption protocols for the system can be used for this purpose, similar to the way SSL works.
Since P2P networks contain a mix of clients, not always designed for heavy traffic like a dedicated server, they can also suffer from availability issues. Some P2P networks can't handle the loads of their stronger client-server cousins.
Finally, P2P networks can be a den of malware and spread viruses among their clients. They should be carefully monitored for unwanted traffic from outside the network and usage policies should be in place restricting the types of files they can transfer and to which networks they can connect.
- Learn methods for securing Web-based applications.
- Discover how to block IM applications in the enterprise.
Learn how novel P2P server infrastructure may turn out to be a game-changer
Dig Deeper on Web authentication and access control
Related Q&A from Joel Dubin
Ensuring authenticity of online communications is critical to conduct business. Learn how to use a public key and private key in digital signatures ... Continue Reading
Learn about the purpose of CAPTCHA challenges that enable websites to differentiate bots from authentic users to stop spammers from hijacking forums ... Continue Reading
Proper planning is at the top of the list for single sign-on best practices, but it's important to get enterprise SSO implementations off to a good ... Continue Reading