US-CERT Cyber Security Tip ST05-007 -- Risks of File-Sharing Technology

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


                      Cyber Security Tip ST05-007
                   Risks of File-Sharing Technology

   File-sharing technology is a popular way for users to exchange, or
   "share," files. However, using this technology makes you susceptible
   to risks such as infection, attack, or exposure of personal
   information.

What is file sharing?

   File sharing involves using technology that allows internet users to
   share files that are housed on their individual computers.
   Peer-to-peer (P2P) applications, such as those used to share music
   files, are some of the most common forms of file-sharing technology.
   However, P2P applications introduce security risks that may put your
   information or your computer in jeopardy.

What risks does file-sharing technology introduce?

     * Installation of malicious code - When you use P2P applications, it
       is difficult, if not impossible, to verify that the source of the
       files is trustworthy. These applications are often used by
       attackers to transmit malicious code. Attackers may incorporate
       spyware, viruses, Trojan horses, or worms into the files. When you
       download the files, your computer becomes infected (see
       Recognizing and Avoiding Spyware and Recovering from Viruses,
       Worms, and Trojan Horses for more information).
     * Exposure of sensitive or personal information - By using P2P
       applications, you may be giving other users access to personal
       information. Whether it's because certain directories are
       accessible or because you provide personal information to what you
       believe to be a trusted person or organization, unauthorized
       people may be able to access your financial or medical data,
       personal documents, sensitive corporate information, or other
       personal information. Once information has been exposed to
       unauthorized people, it's difficult to know how many people have
       accessed it. The availability of this information may increase
       your risk of identity theft (see Protecting Your Privacy and
       Avoiding Social Engineering and Phishing Attacks for more
       information).
     * Susceptibility to attack - Some P2P applications may ask you to
       open certain ports on your firewall to transmit the files.
       However, opening some of these ports may give attackers access to
       your computer or enable them to attack your computer by taking
       advantage of any vulnerabilities that may exist in the P2P
       application.
     * Denial of service - Downloading files causes a significant amount
       of traffic over the network and relies on certain processes on
       your computer. This activity may reduce the availability of
       certain programs on your computer or may limit your access to the
       internet.
     * Prosecution - Files shared through P2P applications may include
       pirated software, copyrighted material, or pornography. If you
       download these, even unknowingly, you may be faced with fines or
       other legal action. If your computer is on a company network and
       exposes customer information, both you and your company may be
       liable.

How can you minimize these risks?

   The best way to eliminate these risks is to avoid using P2P
   applications. However, if you choose to use this technology, you can
   follow some good security practices to minimize your risk:
     * use and maintain anti-virus software - Anti-virus software
       recognizes and protects your computer against most known viruses.
       However, attackers are continually writing new viruses, so it is
       important to keep your anti-virus software current (see
       Understanding Anti-Virus Software for more information).
     * install or enable a firewall - Firewalls may be able to prevent
       some types of infection by blocking malicious traffic before it
       can enter your computer (see Understanding Firewalls for more
       information). Some operating systems actually include a firewall,
       but you need to make sure it is enabled.
     _________________________________________________________________

     Author: Mindi McDowell. Some content contributed by Brent Wrisley
     and Will Dormann.
     _________________________________________________________________

     This document can also be found at
 
     <http://www.us-cert.gov/cas/tips/ST05-007.html>

     Copyright 2005 Carnegie Mellon University

     Terms of use

     <http://www.us-cert.gov/legal.html>


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)

iQEVAwUBQksOJxhoSezw4YfQAQIBawgAlEJKf+JNd60G4ubPyMvNlIiKC+e7Kfii
irVTi4MsqmJYiViQ48w+HCUIA4aaRR+wwuG8Ln3B/VCDW6BZ9xSS6qwmzNcljapI
dpTrjajbgocN3iMewPcAMQaE8q1OC9WmJVhw8JcL1aCRof54UTdOtO/vok7HIEvt
ODlSmZIdHKtfdONVob0cCfX95AslgO4pKbHjYd/NPjAmZrkZrIWyHIdi8JAQrset
d3HHpJKwaKdBSMY/ysE1ySRTTDLdmItB8b8E164M+C0phMmMVEVPjrHSRXRrg4y9
n0NGe6u6l+HV807bCmbuj0/OHVJubEHRtNvatVsQMN1luWUXmW8Bag==
=SZJD
-----END PGP SIGNATURE-----

[Index of Archives]     [Fedora Announce]     [Linux Crypto]     [Kernel]     [Netfilter]     [Bugtraq]     [USB]     [Fedora Security]

  Powered by Linux