Software Technology Evaluation - Research Paper Example

? Software Technology Evaluation James Moravec Software Technology Evaluation Executive summary Peer-to-peer file sharing has gained significant momentum because it allows people to share files easily and at a low cost. In recent years, peer-to-peer file sharing has become popular among organizations that need to distribute files to other users across the Internet. This technology has been of interest to many users since it derives its effectiveness from the power of the client computers rather than a centralized server. Despite the many benefits of peer-to-peer networks and files sharing softwares, there has been increased concern on the security of users who utilize this technology. More specifically, organizations are becoming aware of the threats that peer-to-peer software poses to their networks and users who download or upload files. With regard to the request the client made, it is reasonable to have concern over users who install file sharing software without receiving the authority to do so. This is because there are many threats that target files sharing software, which can harm computer users and the corporate resources, as well. While peer-to-peer file sharing software is popular, their mechanisms of operations offer significant opportunities for hackers to perform exploits that can harm its users. More specifically, such software like uTorrent, Bit Torrent and other popular files sharing softwares can allow propagation of malicious codes such as worms, and spyware. File sharing software can also help hackers carry out intrusion into host computers where they can steal data. Unauthorized installation of file sharing software can expose the host computers to peer-to-peer worms that can affect the users of the network. Over years, file sharing community has been facing the problem of peer-to-peer worms that exploit the vulnerability of hosts in the peer-to-peer network (Salomon, 2010). This means that authorized installation of peer-to-peer software can expose the corporate network to worm infection that can create significant network problems. In an organization where users install files sharing software without the necessary authority, it is impossible to track the number of worms in the network, which means that the entire network might be at risk. In most cases, peer-to-peer networks have scanning worms, which can use the peer-to-peer software to exploit network vulnerability. Indiscriminate and unauthorized installation of file sharing software can introduce spyware into the corporate network. It is has been argued that users install spyware software unknowingly because some get installed along free software or files sharing applications (Baskin & Piltzecker, 2006). More often than not, developers of spyware use free software as a way of distributing their spyware programs that hope to exploit unsuspecting users. Because of this approach, unauthorized installation of file sharing software can introduce spyware into the corporate computers such as desktops and laptops (Appleman, 2004). The problem of spyware entails monitoring and sharing of information on the user of the system. This means that a spyware can monitor the use of an infected computer and share the information with the developer of the spyware. Through this approach, the organization can lose valuable information that could be used against it by its competitors or hackers for criminal acts. While there other ways that spyware can penetrate the corporate network, unauthorized installation of files sharing network is the most covert way of installing spyware on any computer, whether a desktop or laptop computer. Installation of file sharing software on a corporate network can allow hackers to penetrate the network and execute other functions that harm computers connected to the network. While computers users can install new file sharing software to use for distributing materials on the internet, there are high chances that hackers can use the software to gain access to the network resources such as servers or desktop computers. According to Grimes (2001), rogue hackers often know open ports that they could exploit to access a secure network. During the installation of file sharing software, the computer often allows the software client to access outside network via a port. By probing open ports, a hacker can access internal resources within a network and perform malicious operation. For instance, a hacker can access a folder where files are shared and download copyrighted material that could be within the same folder (Engebretson & Broad, 2011). This situation is made worse when many users install file sharing software on the computers without the administrator’s knowledge. The implication of network intrusion can be of significant impact to the organization that can lose the control of the network to hackers. In a case where network users install file sharing software on their computers, it is possible that hackers can access the network and tamper with the company’s network resources. Despite the dangers of users installing authorized instances of file sharing software, there are several technologies that can help reduce the impact of the above risks. First, the client can install and configure a firewall for the company’s network. The firewall is cheap, and effective in creating a barrier that prevents external connections. The firewall and associated Demilitarized Zone secure other network resources, as well (Malik, 2003). However, some users can add exception on the firewall to allow file sharing software to pass files. Another technology is installing an antivirus or antispyware. This software can scan inbound and outbound files for malicious codes such as viruses or spyware. However, the software must be updated continuously. Using encryption software can help limit users who access the files. However, this technology requires more time to decrypting files. Given the strengths and weaknesses of these technologies, implementing a firewall and Demilitarized Zone is the best solution because it can secure the computers within and block any unauthorized users from connecting to the network. In addition, this technology will not cost the firm a lot of money because it is cheap to implement. MATRIX: SOFTWARE SOLUTION 1. What is the Risk or Vulnerability? What needs to be protected? (e.g. passwords, data, file backups, system registry) Candidate technology solution How the technology solution works? Effectiveness (High, Medium, Low) Peer-to-peer worm that can infiltrate the network and infect other computers Data, file backup and the system registry Antivirus software such as Norton Antivirus or Symantec Endpoint Protection An antivirus software scan files and process to detect virus signatures of known viruses or worms. Medium MATRIX: SOFTWARE SOLUTION 2. What is the Risk or Vulnerability? What needs to be protected? (e.g. passwords, data, file backups, system registry) Candidate technology solution How the technology solution works? Effectiveness (High, Medium, Low) Intrusion from hackers using open ports exposed by peer-to-peer software Passwords, data, system registry Firewall and DMZ A firewall listens to connections and allows legitimate connection to pass through. Administrators can restrict connections from certain ports. High MATRIX: SOFTWARE SOLUTION 3. What is the Risk or Vulnerability? What needs to be protected? (e.g. passwords, data, file backups, system registry) Candidate technology solution How the technology solution works? Effectiveness (High, Medium, Low) Spyware monitoring computer use Data and file backups Encryption software This technology secures data using a cipher and requires users decrypt the data before use. Medium References Appleman, D. (2004). Always use protection: A teen's guide to safe computing. Berkeley, calif: Apress. Baskin, B., & Piltzecker, T. (2006). Combating spyware in the enterprise. Rockland, MA: Syngress. Engebretson, P., & Broad, J. (2011). The basics of hacking and penetration testing: Ethical hacking and penetration testing made easy. Waltham, MA: Syngress. Grimes, R. A. (2001). Malicious mobile code: Virus protection for Windows: internet computer security. Beijing: O'Reilly. Salomon, D. (2010). Elements of computer security. New York: Springer-Verlag. Read More