_The Impact of P2P on Security in the Enterprise_

Presented at DEF CON 9 (2001), July 15, 2001, 2 p.m. (50 minutes)

Increasing democratization of the network means more and more users are finding interesting things to do with the resources at their disposal. In the wake of watershed decentralized applications such as Napster, many commercial and open source efforts are producing so-called "peer-to-peer" (P2P) or decentralized applications and computing frameworks. The genesis of P2P, decentralization, and distributed computing as a fundamental architecture has serious implications for the way security is handled, not only in the wilds of public networks like the Internet, but also in closed enterprise environments. Like it or not, users will be using these apps and participating in these networks. It behooves every security administrator to become familiar with the nature of P2P systems and to understand both the potential threats and possible benefits of such systems, as well as to anticipate user adoption and related issues.


Presenters:

  • Dan Moniz
    Dan Moniz is a Research Scientist and Chief Security Architect at OpenCola, a leading developer of distributed computing infrastructure (DCI) software, including peer-to-peer (P2P) applications and reliable multicast systems. His primary work to date has been in the area of security architecture for generalized P2P applications, protocols, and frameworks. Previous projects have involved digital rights management (DRM) systems predicated on true electronic rights inside capability-based secure environments as well as analysis and design of authentication protocols for distributed media streaming applications. Before joining OpenCola in September of 2000, Mr. Moniz worked as a Researcher for Viasec Limited, a crypto software development firm, and contributed to their flagship email encryption server Consus, as well as additional internal research projects involving single sign-on (SSO) technology, biometric identification systems, smartcard tokens, capability-based systems, and security for mobile devices. Mr. Moniz supplements this experience with several years of exposure and participation in the public infosec community at large.

Links:

Similar Presentations: