Social Networking and Peer-to-Peer Security – CompTIA Security+ SY0-401: 2.6

A single peer-to-peer user in your organization can be a significant security risk. In this video, you’ll learn why peer-to-peer software and social networks should be carefully managed.

<< Previous Video: New Threats and Security TrendsNext: Gathering Training Metrics >>

Social networking and peer-to-peer networking are technologies that from a security perspective can be crippling to an organization. It can be very, very easy to get your private information out. Good example of this is in February of 2009, the Center for Digital Strategies at Dartmouth College did only two weeks of research. And in that two weeks on a peer-to-peer network, were able to find files, and overall get about 20,000 patient records that had names, and social security numbers, and insurance codes, and other personally identifiable information.

And they had patients that had AIDS. 201 of the patients had mental diagnoses. 326 names, social security numbers of people we’re diagnosed with cancer.

This is some very, very private information that should have never been made available to anyone. And there it was something publicly available on a peer-to-peer network, because unfortunately somebody in that organization had installed peer-to-peer software on their computer, not realizing that when you do that you essentially become a file server. And that peer-to-peer software is very good at finding every type of file on your network. And in many cases, making those files available to the world.

All of your content, all of your private information, all of the things that you thought could only be inside of your organization is now available to the world for anybody to access whenever they’d like. We also have challenges with these social networks, because we trust the people that are in our list of friends. And if we get a link from them that says, oh, I saw a picture of you, you should click here to see that picture.

You may not realize that their computer was already compromised. That compromised computer is sending you a link that then is going to compromise your machine, and so on, and so one. So you have to be very careful and make sure users know that participating in peer-to-peer networking puts the entire organization at risk. And just because you trust somebody on your social networking website, doesn’t mean you should always trust every link and everything they’re going to send to you.