The Ongoing Threat of P2P
p2p news / p2pnet: Ex-White House security advisor Howard Schmidt is now president of R&H Security Consulting, but that doesn’t mean he’s abandoned any interests he may have had in the worlds of corporate entertainment or non-corporate p2p.
In fact, Schmidt, “warned corporations they need to address a ‘new generation’ of security weaknesses enabled by peer-to-peer (P2P) networks on the systems of third-party contractors and business partners,” says thep2pweblog.
“It’s a very important and emerging issue,” the post has him saying. “We [talk a lot] about intrusion detection and antivirus … but one thing we’re not paying enough attention to is P2P file sharing networks and how much data we’re really exposing inadvertently, which we have no control over.”
Err, Yes. Well.
“Shenanigans,” declares Grant Robertson. “Yes, you heard me, shenanigans.
“This is an excellent example of a security “expert” using the spooky acronym P2P to sell security audits. This is the equivalent of telling you how dangerous your neighborhood is while trying to sell you an alarm system.”
And, Robertson points out, Schmidt went on to explicate the enormous p2p threat, namely:
“Schmidt said IT managers typically control the use of file sharing networks within their own networks but contractors or agents working for their organisation can often keep or access corporate data on their laptops or home PCs, alongside P2P clients. He added that these users may then look for music or movie downloads on P2P applications, and inadvertently expose the entire contents of the hard drive.”
But, “I’m not buying it,” declares Robertson. “Sure, theoretically someone could make several mistakes in setting up eDonkey or a similar file-sharing app, and potentially expose some data. However, from a risk management point of view the threat of spyware/malware or keylogging applications is a much larger blip on the radar.”
Schmidt was vice chairman of George W’s Critical Infrastructure Board and, “helped create the National Strategy to Secure Cyberspace,” says GCN.com.
Microsoft’s ex-chief security officer, and also the former chief security officer at eBay, he resigned at a time, “when the Bush administration has been criticized for a lack of leadership in IT security”.
Also See:
thep2pweblog – P2P Fear Mongering or Vaild Business Concern?, June 20, 2006
GCN.com – Howard Schmidt is leaving the White House, April 4, 2003
p2pnet newsfeeds for your site.
rss feed: http://p2pnet.net/p2p.rss
Mobile – http://p2pnet.net/index-wml.php
June 22nd, 2006 at 1:29 am
“Schmidt said IT managers typically control the use of file sharing networks within their own networks but contractors or agents working for their organisation can often keep or access corporate data on their laptops or home PCs, alongside P2P clients.”
It really isn’t a corporate IT manager’s business what a contractor (or an employee, for that matter) does on the laptop or home (desktop) PC that is their own personally owned, private property. If they are that concerned about security and expect an individual to be able to access corporate IT resources from outside locations, then they should provide that individual with a suitable machine with the understanding that its use is governed by the established policies of the organization and is only to be used for business purposes.
Basically this guy is peddling a big load of alarmist crap in order to drum up business as an ‘expert’ consultant.