audnet.gif (4937 bytes)

 
AuditNet Links
Audit Programs
AuditNet Newsletter
AuditNet Mailing Lists
AuditNet Library
Audit Jobs
Travel Links
Audit Career Links
Partner Discounts
Search AuditNet
Sign Guestbook
Sponsor Advertising
About AuditNet
About Jim Kaplan
AuditNet Seminars
This article written exclusively for AUDITNET.ORG by:  PCProfile  Rob Harmer Consulting Services Pty Ltd  
P.O. Box 196 Modbury North Sth Australia 5092 fax +61 8 8265 1961
email robharm@pcprofile.com  http://www.pcprofile.com

Shared.......... from right under your nose!

Have a think about the following statement.....................

Whilst you are busy reading this web page and listening to music via one of the many popular music file sharing programs (remember you agreed to file share so you could access Napster etc) then you may have had files copied, or lifted, or deleted, or altered, from "right under your nose"!

If you aren't interested, then just continue on listening to MP3 files, but be aware that you may also be unloading your credit card and bank account details, corporate information, trade details, sensitive details, intellectual property and so on with whoever wishes to extract them from your PC right under your nose, whilst you enjoy your music! 

It's a FACT - File sharing is here to stay!

The Application Service Provider (ASP) market model is based on "renting software and services" across the web. The Microsoft NET model is based on the same approach and the HailStorm technology they announced recently  confirms this view. The ASP model has had some nervous starts with some failed service providers already and many Information Technology Professionals are very nervous about using software "over the web" as a means of running the business.  This article is not about ASP activities BUT about the wider issues and risks of FILE SHARING!

There are File Sharing software web located services already on offer that allow Peer to Peer (p2p) file sharing of much more than you might be comfortable with!  In fact they are becoming very attractive web sites as everybody loves FREE software!  see: http://www.auditnet.org/articles/have_you_been_napstered.htm 

HOWEVER some of the software at these sites offers access using file sharing techniques to not only MP3, and Sounds, Images, etc BUT ALSO executable files, documents, spreadsheets etc TO ANY user who cares or can locate an OPEN share on a PC based system.

The threat here is ENORMOUS in piracy, theft of corporate or private data and the risk is rising daily!

What sort of files can be accessed using specialist file sharing software?

They could be any one of the following:

  • music
  • images
  • documents
  • text
  • executable files
  • passwords
  • credit card details
  • bank account details
  • customer details
  • corporate documents
  • corporate spreadsheets
  • intellectual property
  • new technologies
  • R&D details
  • personal records

Basically it can be any kind of file, application or corporate sensitive information  that is stored and saved on the local hard drive or network drive where the "share" has granted (unwittingly) open access to other unseen users across the Internet! The most extensive capability is located at ShareSniffer located at http://www.sharesniffer.com who have come up with a technique for a trademarked product for a fee that allows you to DETECT open shares on any PC on the Internet and then copy/download/execute that file without the end user knowing.

This means if your open PC on the www has a share that is locatable then they have access to your data etc. If you are a home user the biggest risk is your credit card and bank account details.

Of course, they have to have "intent" to grab your details - BUT can you afford the risk?

Some Commonly Known File Sharing Sites  
Aimster        audioGnome        BearShare      File Rogue       Gnutella       LimeWire     Mac      MojoNation          Napigator        Napster      Rapigator      Riffshare   SongSpy     ShareSniffer      WinMX

and some more (from www.dmoz.org)

  • After Napster - The Beat Goes On - A large listing of Napster alternatives - software for various platforms, search and met search services.
  • Audio Galaxy - Music sharing software like Napster which automatically finds nearest file (for Windows and Linux). Site includes featured MP3s, bands; software, discussion forums, and chat.
  • Carracho - Offers software that allows you to share files, search for files, resume stopped downloads, and create own chat rooms.
  • CuteMX - Client to client media exchange program from the makers of CuteFTP.
  • Direct Connect - Integrated searching, graphical navigation of files, and public and private chatting.
  • eDonkey2000 - Program that allows you to transfer any type of file.
  • File Share PROJECT - File share portal with updated news, reviews, editorials, documents, and synopsis of the latest and greatest file share devices.
  • FileSwap - Allows users to search for and share mp3, video, images and other files, as well as chat and messaging features.
  • Filetopia - Strong encryption chat and file server.
  • Freebase - File sharing community that allows you to share any type of file with other Freebase users. Instant messaging and Gnutella compatibility is currently being added.
  • FreeNet - Distributed system for semi-privately storing documents.
  • Hotline Communications Ltd. - Hotline enables private and public virtual community building and live interaction with real time chat, conferencing, messaging, data warehousing and file transfer and viewing.
  • iMesh - User-to-user exchange community.
  • JukeDaddy: multi-user networked jukebox system - Offers a program to allow streaming of mp3s and control music files from anywhere on your network.
  • KaZaA - KaZaA is a completely distributed peer-to-peer file sharing service.
  • Konspire - A searchable, distributed file sharing system with no central servers, and resumable file transfers. Written in Java 1.1 for portability.
  • MP3 Voyeur - A local area network MP3 search tool that crawls local networks for shared MP3 files.
  • OnSystems - Private, Secure p2p Networking - Site offers secure private p2p networks. Create a low-cost VPN with all of your friends, family, and co-workers.
  • OpenBlue FileShare - Peer-to-peer file sharing at its best. Share all your files quickly and easily and search our database for any file type you want to download.
  • openCOLA Inc. - An open source development shop working in the area of distributed computing and peer to peer exchange.
  • PornDigger - Offers an adult file sharing community with a built-in viewer and direct thumbnail display.
  • Servent - Servent is a peer-to-peer based collaboration software tool that allows you to share and download files of any type with Servent users all over the world.
  • Sharewax - The sharewax community is the first non-copyright infringing community of file sharers.
  • SongSpy - A graphical peer-2-Peer mp3-only sharing network designed from the ground up by music addicts for music addicts. Earn Karma Points good toward prizes just for sharing.
  • Xtellinet - The eXtended Intelligent Network is a peer to peer network for the future, building on the principles f its predecessors like Napster, Gnutella, and Freenet.

If you wish to add the actual web links to your Internet site BLOCK LIST then send an e-mail as follows;

Add me to the PCProfile Audit maillist and send list of file sharing sites

 

SUMMARY

This paper is very clearly about the risks of file sharing. Napster was an example that leads you on to the other risks. I don't care about the home user. They are stealing, that's their problem.

However, I do care about organisations (corporate and government) that get landed with a pile of problems because their staff are "Napstering the organisation or using file sharing in a manner that exposes the organisation to risk".

I coined the word "Napstering" as they were one of the pioneers of file sharing. Napster won't be around in its current form for as long as what they think but already there are a pile of other alternatives that offer the same or better service  Check out the page of open servers available for just sharing Music at one site (Napigator)

If you are corporate user the risk is bigger.

File sharing is risky. Napster has paved the way for a very fragile Internet medium and the software vendors have been slow to respond and always in retrospect! Already the exposure levels are astronomical!

By all means, continue to share your credit card and bank account details with whoever wishes to extract them from your PC under your nose, whilst you enjoy your music!!  BUT don't say you weren't warmed!

What should you be doing as The AUDITOR?

  • talk to your computing management about just how secure the firewall is in your organisation Is it on your audit program list to check?
  • if they say it's "all under control" make sure you CHECK that it is! DON'T JUST TAKE THEIR WORD FOR IT - most systems have Microsoft SMS auditing TURNED OFF due to network bandwidth choke!!
  • you have no firewall? then make sure all the IP external connection shares are REMOVED when connecting to the Internet. Make sure external parties can't access and violate your systems. 
  • you have a firewall? then make sure all the IP external connection shares are REMOVED when connecting to the Internet. Make sure external parties can't break through and access and violate your systems. 
  • Get the IT guru's to PROVE to you using extensive testing methods that your systems are secure! AUDITNET has some methods to do this through it's Auditors Sharing Knowledge (ASK) Program
  • start examining WHAT APPLICATIONS are installed on your PC's -Is it authorised, legal and the sort of software you want installed on your PC's Do you know what is installed on every PC?
  • examine user logs of Internet activity for unauthorised access/downloading Never done it? DO IT TODAY!
  • conduct "SPOT RAID" SOFTWARE AUDITS - DON'T DELAY - Never done it? DO IT TODAY!
  • if necessary audit the IT/IS/Computer department to make sure they have all the protective measures in place and are software compliant! DON'T JUST TAKE THEIR WORD FOR IT!
  • re-inforce desktop compliance policies over software downloading You have some don't you?
  • stamp-out the usage of unauthorised/illegal software There's none in our organisation! Or is there? 
  • increase your audit vigilance over software auditing and desktop management DO IT TODAY!
  • send a clear message to desktop users about the risk and your user policies DO IT TODAY!
  • conduct spot raids to ensure software and Internet compliance DO IT TODAY!
  • repeat the audit cycle on a regular and irregular (un-announced) basis IT WORKS!

Try our 25 user FREE "Software Compliance Message"!   This will Help get YOUR message "to the desktop"

When did you last conduct a software compliance audit?

To get a handle on WHAT APPLICATIONS are installed on each PC then why not try out AUDIT-Manager ?

AUDIT- Manager version 2.3 is a simple, fast and effective software audit program designed for use under direct instruction of MANAGERS as a pivotal part of software compliance management!
AUDIT- Manager version 2.3 is designed to provide the means to conduct hardware and software audits ON DEMAND, at ANY TIME and to enable your organisation to minimise your risk of being lumbered with "pirated software" and other "unauthorised software" e.g. games, shareware etc.
This fast, efficient and accurate PC asset AUDIT program enables management to direct the AUDIT of any Windows 95, Windows 98 and Windows NT based desktop or notebook computer, and produces 3 audit files (text and CSV) and/or reports of the status of both hardware and software inventory on the computer with minimal assistance from skilled computer staff.
Self installing version Download a LIVE demo which collects data on COM and OCX files (approx 2.2 Mb File Size)
This demonstration file is designed to run an a STANDALONE PC
 
 NON-SELF Installing version Download a LIVE demo which collects data on COM and OCX files (176KB) 

We also offer other FREE audit software tools at the following page links; http://www.pcprofile.com
Main Index  |  About Us  |  Contact Details  |   Shopping Mall Sites  |  Fast Search Engines | Hot News  |  Fax Ordering Facilities  |  Site Map  Please contact webmaster@pcprofile.com regarding any problems with this site  
Site Contents Copyright © 2001 Rob Harmer Consulting Services Pty Ltd - e-mail  
Last revised: March 21, 2001

PCProfile PC audit software tools provide software compliance solutions for management and auditors. Our flagship product - AUDIT-Baseline allows for a software audit and a "differential" audit to be taken at any time to identify additions, changes and deletions since the last audit! We specialise in PC Audit Software, Software Compliance, PC Auditing, Software Inventory and Licence Management, and PC Desktop Asset Management and have significant management experience in the issues and problems faced by organisations (large and small) when trying to conduct desktop hardware and software audits, software inventory and asset creation.

AUDIT-Baseline, AUDIT-Manager, AUDIT-Images, AUDIT-Sounds, AUDIT-Compare, Software Compliance Auditors Toolkit,  and Software Inventory System Copyright 1999-2001(C) Rob Harmer Consulting Services Pty Ltd All rights reserved Worldwide 

Article written exclusively for AUDITNET.ORG by:  Rob Harmer Consulting Services Pty Ltd  
P.O. Box 196 Modbury North Sth Australia 5092 fax +61 8 8265 1961
email robharm@pcprofile.com  http://www.pcprofile.com

For more information see "Have You Been Napstered? .......FILE SHARING RISKS" etc"
now published exclusively at
http://www.auditnet.org/articles/have_you_been_napstered.htm 

Copyright © 1999-2000 AuditNet.org.  

All rights reserved. No part of this Website may be reproduced in any form, by copying from the Internet, photostat, microfilm, xerography, or any other means, or incorporated into any information retrieval system, electronic or mechanical, without the written permission of the copyright owner.

Send comments to: editor@auditnet.org



Revised: January 31, 2010

Address of this Page is http://www.auditnet.org/