US-CERT Cyber Security Tip ST05-007 -- Risks of File-Sharing Technology

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

		      Cyber Security Tip ST05-007
		   Risks of File-Sharing Technology

   File-sharing technology is a popular way for users to exchange, or
   "share," files. However, using this technology makes you susceptible
   to risks such as infection, attack, or exposure of personal
   information.

What is file sharing?

   File  sharing  involves using technology that allows internet users to
   share   files   that   are   housed  on  their  individual  computers.
   Peer-to-peer  (P2P)  applications,  such  as those used to share music
   files,  are  some of the most common forms of file-sharing technology.
   However,  P2P  applications introduce security risks that may put your
   information or your computer in jeopardy.

What risks does file-sharing technology introduce?

     * Installation of malicious code - When you use P2P applications, it
       is  difficult, if not impossible, to verify that the source of the
       files  is  trustworthy.  These  applications  are  often  used  by
       attackers  to  transmit  malicious code. Attackers may incorporate
       spyware, viruses, Trojan horses, or worms into the files. When you
       download   the   files,   your   computer  becomes  infected  (see
       Recognizing  and  Avoiding  Spyware  and  Recovering from Viruses,
       Worms, and Trojan Horses for more information).
     * Exposure  of  sensitive  or  personal  information  - By using P2P
       applications,  you  may  be  giving other users access to personal
       information.   Whether   it's   because  certain  directories  are
       accessible or because you provide personal information to what you
       believe  to  be  a  trusted  person  or organization, unauthorized
       people  may  be  able  to  access  your financial or medical data,
       personal  documents,  sensitive  corporate  information,  or other
       personal   information.  Once  information  has  been  exposed  to
       unauthorized  people,  it's difficult to know how many people have
       accessed  it.  The  availability  of this information may increase
       your  risk  of  identity  theft  (see  Protecting Your Privacy and
       Avoiding   Social   Engineering  and  Phishing  Attacks  for  more
       information).
     * Susceptibility  to  attack  - Some P2P applications may ask you to
       open  certain  ports  on  your  firewall  to  transmit  the files.
       However,  opening some of these ports may give attackers access to
       your  computer  or  enable  them to attack your computer by taking
       advantage  of  any  vulnerabilities  that  may  exist  in  the P2P
       application.  There  are some P2P applications that can modify and
       penetrate firewalls themselves, without your knowledge.
     * Denial  of service - Downloading files causes a significant amount
       of  traffic  over  the  network.  This  activity  may  reduce  the
       availability  of  certain  programs  on your computer or may limit
       your  access  to the internet (see Understanding Denial-of-Service
       Attacks for more information).
     * Prosecution  -  Files  shared through P2P applications may include
       pirated  software,  copyrighted  material,  or pornography. If you
       download  these,  even unknowingly, you may be faced with fines or
       other  legal  action. If your computer is on a company network and
       exposes  customer  information,  both  you and your company may be
       liable.

How can you minimize these risks?

   The  best  way  to  eliminate  these  risks  is  to  avoid  using  P2P
   applications.  However,  if you choose to use this technology, you can
   follow some good security practices to minimize your risk:
     * use   and  maintain  anti-virus  software  -  Anti-virus  software
       recognizes  and protects your computer against most known viruses.
       However,  attackers  are continually writing new viruses, so it is
       important   to   keep   your   anti-virus  software  current  (see
       Understanding Anti-Virus Software for more information).
     * install  or  enable  a firewall - Firewalls may be able to prevent
       some  types  of  infection by blocking malicious traffic before it
       can  enter  your  computer  (see  Understanding Firewalls for more
       information).  Some operating systems actually include a firewall,
       but you need to make sure it is enabled.
     _________________________________________________________________

     Authors: Mindi McDowell, Brent Wrisley, Will Dormann
     _________________________________________________________________

     Produced 2005 by US-CERT, a government organization.

     Note: This tip was previously published and is being re-distributed 
     to increase awareness. 
  
     Terms of use
 
     <http://www.us-cert.gov/legal.html>
  
     This document can also be found at
 
     <http://www.us-cert.gov/cas/tips/ST05-007.html>
 

     For instructions on subscribing to or unsubscribing from this
     mailing list, visit <http://www.us-cert.gov/cas/signup.html>.
     
     
     

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)

iQEVAwUBR/T1cvRFkHkM87XOAQK2sAgAqrtkqSitA/D8aOZvHMuoFrF7Xqt1RE2M
IeEDZBaXGzQuOl2Gq3/F1wy4o9rAVUkYORJ5wQM9lHEOJLU6aGssJllYnIHxpiBT
HgB09Z42xUoZwqwH1rzNKWW+0Fdtt8WVzBjdPMI/WT/rRWAKqU9t0kkCmMD0Tjtl
+IdrIsIm+TOuapYZtfxPJP8JVF0oETbK64E4uDRC84FMFfZcninHHA2qCN0II87j
Ev1kPtzYtnbwkfBDGgQ0I2N9u4/lyLMD485Vof71l3DjTENnN1LRiw5xDeNrCGsr
q/gPtKLyp8T3lePz1SLPMIQ0bgoMAdaThaucTkejuCBu57Em3PcPvw==
=a6Ti
-----END PGP SIGNATURE-----

[Index of Archives]     [Fedora Announce]     [Linux Crypto]     [Kernel]     [Netfilter]     [Bugtraq]     [USB]     [Fedora Security]

  Powered by Linux