P2P .... what P2P?
Here is a summary of an email thread between our team and an end user today:
- Security: You have P2P software installed. This is the third time we told you.
- User: I don't know what you're talking about. I didn't do it, nobody saw me do it. Can't prove a thing.
- Security: How about all these movies you have been downloading. Here is the file listing including time stamps.
- User: Oh, those. Oh, right. It was not P2P the movies came from email. Sorry about that. Never happen again.
This is fairly typical. People just want their tunes and movies, man.
The trouble is two-fold:
- Bad guys use the same protocols to get data about your company.
- Set up one of these P2P clients wrong and your HR person just shared employee data out to the Internet.