Preventing and Detecting Sensitive Data on P2P Networks

Recently, we've heard a lot of talk about P2P apps and data leakage concerning various members of Congress. It started with this article over at NetworkWorld, followed up by the guys at nCircle, directing criticism towards Congree from Techdirt, comments from LonerVamp, and lately a rambling from Alan Shimel on how NAC will solve the problem.

The problem is not so straightforward. It's a mix of company policies, perimeter and endpoint protection, data protection, and culture. Alan fails to see the problem all the way through. Sure, your NAC might prevent P2P apps from existing on the network.. But what about on employee's home networks? Many people are being issued laptops so they can work from home, on the go, etc. How is NAC going to stop P2P there? How do you stop people from installing P2P apps on their personal computers? From bringing or sending data home through email, thumb drive, cd-rw?

Besides Tiversa, has anyone actually tried to automate P2P network scanning looking for [their] sensitive data? One of the ways at trying to fix the problem is looking at/for the source of information leaks. Use honeytokens to weed out nosey people, spies, and people who are most likely violating policies. Use an IDS or other network monitoring solution to alert when it sees those honeytokens traveling out of the network.

So the issue is one we'll be seeing a lot from now on as we move towards "protecting data." Preventing information from leaking onto P2P networks and detecting it is going to be tough. There is no single answer, but many that require a lot of thought and planning. In addition to these latest news articles, check out Inadvertent Disclosure - Information Leaks in the Extended Enterprise. It's the only paper I've come across that tries to analyze the extent of the problem and demonstrates the threat and vulnerability it poses to businesses.

Posted by Marcin on Sunday, July 29, 2007 in News, Politics, Security and Tech.