Idea Transcript
Home | Other Issues | ITS Home
Security Risks behind File Sharing and Best Practices
In recent years, with the development of new file sharing technology based on the peer-to-peer mode, it takes no time and little effort to share files with users all over the world via the Internet. FastTrack, OpenFT, eDonkey, Freenet, GNUmet, Gnutella, Bit Torrent, MUTE, I2P, etc. are some of the most commonly-used file sharing protocols.
If you have the habit of sharing and downloading files on / from the Internet, are you aware of the security risks behind? Security Risks Some file sharing software, especially peer-to-peer applications, are bundled with malicious codes which may affect the normal operation of your system, web browsers, firewalls as well as anti-virus and anti-spyware software. Your important data on the computer may be shipped out without your knowledge as a result. By installing file sharing software, your computer may also be at risk of attacks through the opened connection ports or services.
To protect your PC, you are advised to follow the best practices below:
Best Practices for File Sharing DO NOT install and use peer-to-peer file sharing software (e.g. BitTorrent, Bluster, Direct Connect, eDonkey, Freewire, Kazaa, Limewire, Mactella, NeoNapster, Qtella, Shareaza and WinMX) to download or share files. If you need to share files with other users, post them on a server or your personal web page and enable the access control mechanism for authorized users. Some free web-based services are available for users to host files for sharing with the public. Since the files will be hosted on the public repository, you should take extra care of the data security issue. Any sensitive or confidential files SHOULD NOT be shared using this method. You can use Windows' file sharing service if you need to share files with your colleagues on campus. However, there are some points you need to note: DO NOT enable the ‘using simple file sharing' function Open File Explorer Select Tools > Folder Options from the menu Select the View tab De-select the 'Using simple file sharing' option in the 'Advanced settings' box
When sharing a folder, DO NOT grant the access rights to 'Everyone' but only to a named user. Right click on a folder and select Sharing and Security from the quick menu Select the Sharing tab Click Share this folder Click Permissions
Click Remove to remove the default Everyone group Grant a temporary user (with limited rights) with the Read right only: - Start > Settings > Control Panels - Double click User Accounts - Double click Create a new account - Give a new user name and click Next - Select Limited account type and click Create Account
Always turn off the sharing function once the file sharing is completed. Always turn off the sharing of the 'Shared Documents' folder under directory C:\Documents and Settings\All Users At My Computer, right click the Shared Documents folder and select Sharing and Security from the quick menu In the Sharing tab, select Do not share this folder
Copyright Issue In addition to the security concern, users are also reminded of the copyright issue when sharing files on the Internet. In fact, many of the files that are being shared on the net using peer-to-peer file sharing programs are copyrighted music, movies, computer systems/programs, e-books, etc. Please note that the sharing of these copyright protected materials without the consent of the copyright owners violates the Copyright Ordinance and you may be liable to criminal offence.
Be Aware of Forged Links! In the IT security article in the July issue of Get Connected, we have asked readers which of the following links will bring you to the true PolyU website: (1) http://www.po1yu.edu.hk (2) http://www.pоlyu.edu.hk (3) http://www.рolyu.edu.hk The answer is: ALL are forged links. BUT WHY? Link no. 1 is obvious. The letter ‘l' in ‘polyu' is replaced with '1'. Link no. 2 and 3 look perfectly normal on the surface. However, the letter ‘p' in 2 and the letter ‘o' in 3 are in fact not Latin English letters typed using the corresponding keys on the keyboard. Instead, they are letters of a different language and although they look the same as the letter ‘p' and ‘o' of Latin English, they are of different codes under the Unicode standard and therefore could not be correctly interpreted. These examples demonstrate that even though an URL may look legitimate and trustworthy, it is still possible that it is pointing to a forged website. You are therefore recommended to type the URL in the browser instead of clicking the link provided in emails.
Other IT Security-Related Articles: 10 Easy-to-Follow Tips to Protect Your PC and Data Protecting Your Computer Physically Basic Need-to-Knows about Backing up Your Computer Strong Passwords - Your Computer's First Line of Defence Learn about Computer Viruses - the H5N1 in the Computer World What is Spyware - How to Fight Against it? Personal Firewall - the Baseline for Protecting Your Computer Regularly Apply the Latest Security Patches to Safeguard Your Computer from Security Threats Beware of Security Attacks Hiding in E-mails and Attachments How to Protect Your Personal Information on the Internet