Pesky P2P: why your users can be your biggest threat

Paul Fenwick

LogicNow sales engineer Paul Fenwick suggests some simple questions you need to ask yourself in order to help protect your customers’ networks.

After a conversation I had with a customer on a recent Tech Walk session, I was reminded of my days looking after client networks and the regular complaints I faced about slow Internet speeds.

On one occasion, the customer told me: “This new router you put in is rubbish, it’s not helped at all. Our ISP has checked the line and it’s not their problem, so it must be your router or the network.”
After carrying out line checks with their ISP, the customer could see no reason as to why they should not be getting the required speeds out of their Internet. Whilst this did happen some years ago and on ADSL, the upload and download speeds should have been sufficient for their needs.

Following days of testing network traffic and checking hardware everywhere the culprit was found. Tucked away in a dark corner of the customer’s office was a PC that was downloading music, films and software from peer-to-peer or torrent networks, and clogging up the company’s bandwidth as a result.

Chuffed with my fault diagnosis, I took the results back to my manager and the MD of our customer. This raised further work for me as it became my mission to prevent this from re-occurring.

How did I do that? With a few simple questions.

Here are a number of recommendations based on questions you need to ask both yourself and the customer:

  • Internet Access

Is it critical for a specific machine to have access to the internet or can it be limited to just local network access?

A common way to do this is in the browser settings: enter a proxy address that doesn’t exist e.g. 1.2.3.4 or even 127.0.0.1. This will result in a time out message when users try to use the internet browser. You can also create a Group Policy forcing the use of an incorrect proxy that would give the same effect on a larger scale.

  • Web Protection

If internet access is necessary for email, web or remote access for that user or device, is there anything that can be done to restrict access to only approved functionality or sites?

Firewalls are an essential protection for a network by stopping incoming and outgoing access through various ports, whether it be hardware or software. Once implemented, there is an online scan available from WhatIsMyIP.org that checks through all the common P2P ports http://www.whatsmyip.org/port-scanner/p2p/

Controlling web browser use by safeguarding what websites can be accessed reduces the risk of end users inadvertently accessing URLs with malicious threats hidden in the code when visited. Protect the web browser by ensuring it has the latest version with all the latest security updates applied.

  • Bandwidth Monitoring Checks

Through software or hardware are the devices monitored for their bandwidth usage?

Devices utilising large amounts of internet bandwidth by downloading or streaming media will significantly affect network performance. Placing some monitoring capability on devices will alert you to any suspect behaviour. This will also help your customers prevent any unwelcome increase in bandwidth charges from the ISP if the usage allowance is exceeded.

  • Software Audit

Do you know everything that is installed on all devices? Do you regularly carry out software audits?

Ensuring no risky programs such as those for downloading through peer-to-peer networks or torrent sites are installed on devices. Carrying out manual checks or running of audit software is effective, but needs to be done regularly to not just prevent this but also ensure legal compliance with software licenses.

  • Administrator Rights

Does the user of the device need full admin rights?

Granting this permission allows users to install software, if this was prevented it would block malicious software getting onto the device. This also assists in maintaining software compliance since end users will not be able to install illegally licensed software.

MAX RemoteManagement helps assist in these recommendations through the FREE asset tracking functionality, Patch Management and Web Protection. If you need any assistance on these then please contact your local Sales representative.