Congress,looks,ban,P2P,file-sh technology Congress looks to ban P2P file-sharing, will companies follo
Active shredder safety technology for the small office. Shreds 15sheets per pass into 5/32" x 1-1/2" cross-cut particles (Security Level3). Patented SafeSense® Technology stops shredding when hands touch thepaper opening. Designated shredde The electronic cigarette is not new. People who buy electronic cigarette knows that this product has been in the market for years now. Despite some sectors apparently trying to shoot the product down from the shelves, the popularity of elect
Normal 0 false false false EN-US X-NONE X-NONE /* Style Definitions */ table.MsoNormalTable{mso-style-name:"Table Normal";mso-tstyle-rowband-size:0;mso-tstyle-colband-size:0;mso-style-noshow:yes;mso-style-priority:99;mso-style-qformat:yes;mso-style-parent:"";mso-padding-alt:0in 5.4pt 0in 5.4pt;mso-para-margin-top:0in;mso-para-margin-right:0in;mso-para-margin-bottom:10.0pt;mso-para-margin-left:0in;line-height:115%;mso-pagination:widow-orphan;font-size:11.0pt;font-family:"Calibri","sans-serif";mso-ascii-font-family:Calibri;mso-ascii-theme-font:minor-latin;mso-hansi-font-family:Calibri;mso-hansi-theme-font:minor-latin;mso-bidi-font-family:"Times New Roman";mso-bidi-theme-font:minor-bidi;}Recently in the United States Congress, RepresentativeEdolphus Towns of New York introduced a bill (HR 4098) to banP2P file-sharing on US government, and government contractor computers. Thisbill was likely prompted by the reckless loss of sensitive government documentsthrough P2P networks including information about the Joint Strike Fighter and Marine One. Congressman Towns had sent a letter to the Attorney General and the CEO of Lime Corp at thattime requesting information. I applaud Congressman Towns' actions and hope tosee quick passage of something that seems so obvious... Computers containingsensitive government data have no need for file-sharing software, which istypically used for sharing music, movies, and pirated software. I don't wish todemonize P2P, as I use it regularly to download Linux distributions and otherlegitimate content, but the bill has a provision for authorized use wherenecessary.What's interesting here is that by governmental standardsthey seem to be taking quick action to close this gaping hole in our nationalsecurity. The bigger question is, what are you doing to ensure your sensitivecorporate data, and the personally identifiable information of your staff andclients is protected against leakage via file-sharing networks? In working with companies, I find that most IT departmentshave a policy against the use of P2P programs in the workplace. Like with manyother rules though it is not monitored and there is no enforcement mechanismavailable to prevent their use. In addition to using the integrated application control technology in Sophos Endpoint Security and Data Protection, administratorsshould look to how they handle sensitive data and their firewallconfigurations.With the risk of client applications sending off sensitivedata, users loading more and more portable applications that do not requireadministrative privileges to install, and the absolutely huge risk presented bywebsites being compromised (3.6 per second) our firewalls should beblocking all outbound ports from within our walls. Sending email and browsing the web are the most commonapplications users need to use on business networks, and that traffic should befiltered at the edge. The network edge is the most common point for both dataleakage and bots sending off stolen information to criminals who prey on ourusers. Appliance-based or gateway DLP solutions often are unable to look for contentin the fragmented packets of P2P traffic, so another approach is necessary.Another concern is why were these sensitive documents notencrypted? At a minimum simple file-based encryption would ensure accidentalsharing would not compromise the secrecy of the stolen documents. Can you saythe same for your critical data? I often recommend users not only encrypt their hard disks,but also ensure that extra sensitive information like personally identifiable information be file or folder encrypted as well. This way if the file is lost orstolen, at least it is no longer accessible to third parties. Don't let your company react to the threat of P2Pfile-sharing and data leakage slower than the US government. Look to thetechnologies available to you and find a way of giving that P2P policy someteeth. Thisarticle was written by Chester Wisniewski of Sophos and is published here with their fullpermission. Sophos provides full data protection services including: securitysoftware, encryption software, antivirus, and malware protection.
Congress,looks,ban,P2P,file-sh