T 2.147 Lack of centralisation with peer-to-peer
In many IT environments, central servers are used to exchange information. The emails from the clients are sent to email servers and made available to the recipient clients. Files are provided centrally on a file server for authorised users, and print servers allow users to access a central printer.
When peer-to-peer services are used, you do not need a separate server to exchange data, and the clients (peers) provide each other with the shared resources. The peers in this case do not need to be located in the same LAN and can be distributed all over the world via a public network such as the Internet.
The following problems can arise from a lack of centralisation:
Lack of control by the security gateway (firewall) and local packet filter
Peer-to-peer communication with external communication partners located outside of the LAN requires a connection between the internal peer and the external peer or the external peer to be allowed to open a connection to the peer in the LAN. However, if any type of communication connection is allowed to be opened, then the packet filter in the security gateway will not be able to reject undesired packets in advance any more. Since port numbers are often negotiated dynamically, restricting the number of open ports to just a few ports would hinder peer-to-peer communication. Protection mechanisms, for example those that prohibit the peers from opening direct connections to the Internet and require them to use a proxy instead would be ineffective. If external communication partners are allowed to connect directly to IT systems in the LAN, then they could execute denial-of-service attacks on the clients or search for vulnerabilities by scanning the ports, for example.
Lack of malware filters
When exchanging information with other users using peer-to-peer services, the corresponding clients need to open a direct data connection between each other. This allows the user to send files to different users, for example. When using a server, for example to exchange information via email, the server should scan the emails received for malware before it forwards the emails. This additional control instance is not available when using peer-to-peer services. If malware is transmitted using peer-to-peer services directly from a peer in the Internet to a peer in the LAN and the virus protection is inadequate, then it is possible for malware to infect the internal clients over this connection, and then to infect other IT systems in the LAN.
Uncontrolled flow of information
With peer-to-peer services, it is possible to transmit information without it being filtered centrally by a server. For example, if an email server is configured so that emails marked as "confidential" cannot be sent to external parties, then it is possible to overcome this hurdle using peer-to-peer services.
To be able to use peer-to-peer services, a suitable peer-to-peer application must be installed on the client. Such applications are available on the Internet, for example for sharing files. Such peer-to-peer applications could be infected with a Trojan horse that logs all keyboard input of the user and sends this information directly to the Internet using the peer-to-peer service, for example. If SSL is used for encryption by the peer-to-peer service, then it will be very difficult to detect such a Trojan horse because it will be impossible to read the information flowing between the attacker and the peer.
Inadequate logging capabilities
A log of who has communicated with whom and which information was exchanged can only be recorded with significant effort when peer-to-peer services are used. It is also easier to manipulate the log data when it is stored on a peer than when it is stored on a central server.
Encryption
For the encrypted exchange of information, additional information needs to be exchanged with every user who wants to communicate. In the case of symmetric encryption, both communication partners must know the shared secret key. However, even when asymmetric encryption is used in which encryption is performed using a public key and decryption using a private key, the sender cannot always be sure that the public key actually came from the recipient.
If certificates are not checked, an attacker could forge the certificates and place himself/herself directly between the peers (man-in-the-middle attack). Since a central instance that is responsible for distributing the keys and can guarantee their authenticity is not often available for peer-to-peer services, the certificates are not checked in many cases.
Complex user administration
In the case of internal and public peer-to-peer services, the peers who want to allow the other peers to access their resources must share these resources. To protect this information against access by unauthorised persons, the shares can be protected using user names and passwords, for example.
If large amounts of information will be shared by various users, then the assignments specifying who is allowed to access what can quickly become complicated. It is also often impossible to use central authentication services (single sign-ons) unless support is provided for this purpose by installing additional peer-to-peer applications.
Searching and version maintenance
In contrast to server-based networks, the resources in peer-to-peer networks are distributed among numerous IT systems. The search for certain information, for example a file, can be very difficult if the user does not know on which IT system the file is located.
There are also often several different versions of a file available. They arise because a user will usually copy the file he wants to edit to the local IT system and then makes the changed file available on his shares. In this case, each user may maintain different versions of the file on his or her IT system, but it will be impossible to determine which of the versions available throughout the network is the most recent version.
Lack of bandwidth on the peers
In a server-based network, the network connection to the servers generally provides enough bandwidth to handle the requests from the clients. In the case of a server-based network, it is possible to plan the required bandwidth and dimension the network accordingly by taking the services the clients need to use into account.
In the case of peer-to-peer networks, though, it is very difficult to plan how much bandwidth will be needed. In general, the peers providing most of the information at a given time will be accessed most frequently. The connections to these systems will become overloaded, and essential services will not have enough bandwidth available any more. If another peer provides more recent information or information that is needed more frequently, then the load placed on the previous peer will drop very quickly, and the connection to the LAN of the peer now accessed more frequently is now inadequate. It is therefore impossible to calculate the required bandwidth in advance when the peer accessed most frequently changes regularly, in contrast to a server whose required bandwidth can be calculated in advance.
Lack of specialisation of the IT systems
The requirements placed on a server are specified in advance. A server is then purchased based on these requirements and as a general rule is only used for the prescribed task. Servers are also typically installed in air-conditioned server rooms, in contrast to standard IT systems, which are usually operated in an office environment. The servers can only perform the prescribed tasks efficiently through the high degree of specialisation.
Peers on which several users can work in parallel are not designed for higher loads as a general rule. If the information is stored on standard hard disks instead of on special server hard disks, for example, a high load can significantly shorten the service life of the hard disks.
In general, additional safeguards are implemented on servers, and special emphasis is placed on the configuration that is critical to security. High requirements in terms of the availability are often met using redundant hard disks, for example. These security features are generally not available on standard IT systems.
Anonymity
It is not always possible at first glance to immediately determine who exchanged information when external peer-to-peer services are used. A peer that was accessible yesterday using a certain IP address may use a different IP address for access on the next day.
For this reason, it cannot be ruled out that the IP address of a peer with which short text messages (messaging) and information (file sharing) were exchanged at one time is now being used by another peer.
If a user now sends information to a supposedly known user, then unauthorised persons may also receive this information.
Legal aspects
Public peer-to-peer services were developed to provide documents more efficiently to other users for the purpose of discussion. Peer-to-peer services are also often used to distribute copyrighted content on file trading networks. If illegal or copyrighted information is downloaded from the LAN of a government agency or company using peer-to-peer services, then there could be damage to the reputation of the organisation in the eyes of the public as well as legal consequences.