S 5.1 Peer-to-peer services
Description
The module was eliminated in 2009 with the 11th version.
Module S 5.1 Peer-to-peer services originally dealt with clients that provided each other with resources in a local network and focused primarily on Windows clients. Examples included shared access to directories on hard disks or to printers connected locally to the client (peer). These shares can often be administrated directly by the operating system without requiring the installation of additional software.
However, the term "peer-to-peer" is now used differently. Although it is still possible in state-of-the-art operating systems to share resources with other users in the local network with little effort, the term "peer-to-peer" (often abbreviated to P2P) is usually used to refer to the exchange of information in the Internet. In this case, and in contrast to the local exchange of data previously addressed in this module, no operating system functionality is usually needed for this purpose. Instead, special applications are installed that establish connections through a server or establish them directly to another peer in order to exchange information. These servers and peers do not have to be in the same local network, but can also be located on the Internet. Thus, it is possible to exchange information with strangers. The exchange of information between IT users with the help of peer-to-peer services in the Internet is often referred to as file sharing.
Due to the security risks posed by the use of peer-to-peer services, organisations should prohibit their use for exchanging information in the Internet (file sharing).
It may make sense in exceptional cases, though, to use peer-to-peer services in local networks (to share directories and printers). However, it is better to use central servers for sharing resources in local networks. Central servers should be provided in a LAN instead of local shares so that that several users can access shared memory and therefore share information. If several users need to share a printer, these users should be administrated on a print server.
More in-depth information on peer-to-peer services can be found in threat T 2.147 Lack of centralisation with peer-to-peer and in safeguard S 5.152 Exchange of information and resources using peer-to-peer services.
The last version of the module published with the 10th version can still be retrieved in the Resources for IT-Grundschutz on the BSI websites.