P2P .... what P2P?

Here is a summary of an email thread between our team and an end user today:

  • Security: You have P2P software installed. This is the third time we told you.
  • User: I don't know what you're talking about. I didn't do it, nobody saw me do it. Can't prove a thing.
  • Security: How about all these movies you have been downloading. Here is the file listing including time stamps.
  • User: Oh, those. Oh, right. It was not P2P the movies came from email. Sorry about that. Never happen again.

This is fairly typical. People just want their tunes and movies, man.

The trouble is two-fold:

  1. Bad guys use the same protocols to get data about your company.
  2. Set up one of these P2P clients wrong and your HR person just shared employee data out to the Internet.