IT Baseline Protection Manual - The Information Warfare Site

Networked Systems Peer-to-Peer Network
_________________________________________________________________________________________
6.3 Peer-to-Peer network
Description
Here, networked PCs are considered which are operated with
Windows for Workgroups (WfW), Windows 95 or Windows Peer-to-Peer
NT. Only the pure Peer-to-Peer functions of these operating
systems are taken into consideration on the basis of resourcesharing
(printer, hard disk). Only brief attention is paid to
security-specific aspects of single applications when using
Peer-to-Peer functions, e.g. Mail Exchange, Schedule+,
Direct Data Exchange (DDE) or Remote Access Service (RAS).
Since Peer-to-Peer networks offer considerably less security functions than server-supported networks,
the use of Peer-to-Peer functions within a server-supported network should be avoided. Peer-to-Peer
networks with a connection via WfW to another computer with WfW, Windows 95 or Windows NT
should only be considered as a transitional solution until WfW has been replaced.
This chapter deals solely with the threats and safeguards specific to a Peer-to-Peer network. The
threats and safeguards contained in the PC-specific units of Chapter 5 should thus also be observed.
Threat Scenario
The following typical threats (T) are assumed as regards Peer-to-Peer functions under Windows for
Workgroups, Windows 95 or Windows NT:
Organisational shortcomings:
- T 2.25 Reduction of transmission or execution speed caused by Peer-to-Peer functions
Human Failure:
- T 3.9 Improper IT system administration
- T 3.18 Sharing of directories, printers or of the clipboard
- T 3.19 Storing of passwords for WfW and Windows 95
- T 3.20 Unintentional granting of read access for Schedule+
Deliberate Acts:
- T 5.45 Trying Out Passwords under WfW and Windows 95
- T 5.46 Masquerading under WfW
- T 5.47 Deleting the Post Office
_________________________________________________________________________________________
IT-Baseline Protection Manual: Otober 2000