For many years, organizations have been very rigid and structured about work environments. The majority of workers worked in an office full-time, and a limited number of remote employees spent the majority of their time on the road or working from home. However, things have changed, and industries have proven that there are real benefits to having a large number of remote workers. The investment in remote working technology has given us new flexibility and freedom that was not available before.
Everyone now knows how to use a video conference system, and much of the terminology is part of regular use. “Collaboration” has taken on new meaning, as video conferencing has enabled employees to speak, see, and share as though they are sitting in a conference room next to one another.
Many of these collaboration applications work on a peer-to-peer basis. The connection is initiated via a control server, but the actual video and audio flows directly from one user to another. This is because of video and audio quality. If I am sitting in London, speaking to someone in Paris, I do not want my conversation to have to pass through a server in New York, as that exchange would make the delay unusable.
A brief history of P2P
Peer-to-peer (P2P) communication is nothing new. In fact, in the early days of the World Wide Web, it was viewed as the way forward, with all data being distributed and machines learning from other machines. IP telephony has used P2P protocols like SIP to communicate since their inception, and it is this model that modern video calling technologies use now. For a while, there was great excitement around the ability to use P2P to share spare resources on the world’s computers in order to complete very intensive scientific calculations.
Peer-to-peer became notorious when music and movie sharing applications became available. Applications like Napster and BitTorrent changed the way that many consumed content. To use these applications, the user must install software, which then adds that device to the P2P network to create a group of sharers.
With this in mind, there are some obvious downsides to using P2P applications:
- Piracy and copyright infringements
- The easy lateral movement of malware
- The ability to bypass firewall controls
- Almost no security can be applied
Just when we thought that peer-to-peer was dead, some new uses arrived. Blockchain and cryptocurrency use P2P technology, as well as some other new eCommerce systems. The latest version of Windows can use P2P to distribute updates to attract new users.
The hidden risks of P2P
While most P2P applications are useful and benign, some are hidden in other applications and unwittingly installed. These hidden P2P apps are very efficient at distributing bots, spyware, adware, trojans, etc., so while we need to enable certain P2P apps, we also need the ability to control them.
When users are at home, they are isolated from all of the corporate security infrastructure and, therefore, more vulnerable to attacks via phishing or malspam. New national COVID-19 track and trace systems have opened up a whole new world of potential scams. Home working exposes users to threats via gaming consoles, CCTV, sound systems, and a host of other new home technologies.
As users connect back into corporate networks in the coming months, the potential for malware to propagate within the network is very high. If a number of users have unwittingly picked up a nefarious P2P application, then havoc can be wreaked in an organization.
Control P2P access
The best way to manage the use of P2P applications is to control the access they have to the endpoint. This is most efficiently achieved by creating a whitelist of those services that can communicate with each device. We want to be able to easily enable the video conferencing systems that we use, but we probably want to block BitTorrent and other similar applications.
The key is to achieve two things:
- Visibility of communications between endpoints
- Simple creation of rules to control the communication between endpoints
Illumio Edge complements existing endpoint security solutions like endpoint protection platforms (EPP) and endpoint detection and response (EDR) tools by providing visibility into the connections between services running on endpoints and blocking unauthorized inbound connections. This stops the lateral movement of malware between devices.
By being able to identify the traffic flows for each group, endpoint, IP address, port, number and process, it is possible to identify flows that need to be blocked or allowed. This can show unauthorized P2P traffic in the network that has hidden for the last week or month.
Rules need to be easily created with only a few simple clicks to remove any complexity. With Illumio Edge, individual pre-set or custom services can be chosen to be included for a specific group.
Once the services have been chosen, then the sources can be chosen based on the needs for each of those applications. For example, video conferencing should be allowed from all sources.
For more information about Illumio Edge,