Get this Security+ CertiGuide for your own computer.
Click Here!
Use coupon code "certiguide" to save 20%!
(Expires 2004/12/31)

Also available: 300-question Security+ practice test!
Get It Here!

Custom Search







Table Of Contents  CertiGuide to Security+
 9  Chapter 2:  Communication Security (Domain 2.0; 20%)
      9  2.5  File Transfer

Previous Topic/Section
2.5.2  Blind FTP/Anonymous
Previous Page
Pages in Current Topic/Section
1
Next Page
2.5.4  Vulnerabilities
Next Topic/Section

2.5.3  File Sharing

In addition to concerns about data being sniffed across the network, there are also concerns about proprietary data being shared with those not authorized to have it, and with users “borrowing” others’ FTP sites to share files with the rest of the Internet.

For example, you may decide that only certain employees can put files up for FTP on your site, because you want files to be reviewed for sensitive material before they are made available on your site.

Similarly, you may wish to limit users’ ability to upload files into only one or two directories, in order to restrict the locations that can be used by random net users looking for a location in which to store their latest Warez for download by their friends around the Internet.

Another issue with file sharing is that users may go outside the bounds of FTP, to the world of peer-to-peer (P2P) file sharing services. Since services like Napster, Gnutella and Kazaa is client based, they’re more difficult for the organization to control than a centralized FTP site.

What if an employee shares their entire hard drive via Napster and their hard drive includes confidential source code? Similarly, what if P2P users are using up a significant portion of your organization’s bandwidth? It tends to be challenging to prohibit P2P connections through technology alone (as countless schools could tell you, if you asked them). The best defense is an appropriate use policy, backed up with technology to prevent what you can, and catch as much of the rest as possible.


Previous Topic/Section
2.5.2  Blind FTP/Anonymous
Previous Page
Pages in Current Topic/Section
1
Next Page
2.5.4  Vulnerabilities
Next Topic/Section

If you find CertiGuide.com useful, please consider making a small Paypal donation to help the site, using one of the buttons below. You can also donate a custom amount using the far right button (not less than $1 please, or PayPal gets most/all of your money!) In lieu of a larger donation, you may wish to consider buying an inexpensive PDF equivalent of the CertiGuide to Security+ from StudyExam4Less.com. (Use coupon code "certiguide" by December 31, 2004 to save 20%!) Thanks for your support!
Donate $2
Donate $5
Donate $10
Donate $20
Donate $30
Donate: $



Home - Table Of Contents - Contact Us

CertiGuide for Security+ (http://www.CertiGuide.com/secplus/) on CertiGuide.com
Version 1.0 - Version Date: November 15, 2004

Adapted with permission from a work created by Tcat Houser et al.
CertiGuide.com Version Copyright 2004 Charles M. Kozierok. All Rights Reserved.
Not responsible for any loss resulting from the use of this site.