Is there a need to block P2P traffic?

Don't lose control of the network. Monitor and block the use of file sharing software on employees' computers.

Q. There are staff installing P2P (peer-to-peer) software. Is there a way to monitor and block the use of such applications on computers within the network?

P2P traffic and applications come in many guises. Instant Messaging (IM), such as MSN Messenger and Yahoo Messenger, is the most ubiquitous application. There are also file sharing and song swapping applications such as Kazaa, Napster and iMule, as well as voice applications such as Skype.

Most of these applications are typically not endorsed by corporates, but they are easily installed and hard to track and monitor as port 80 is normally left open for Web browsing, which is regularly used within enterprises.

Securing an enterprise means that all layers of security need to be addressed, because when you manage the traffic, you control the network.

Let's look at IM: the value of this application is that it allows for almost real-time communications of simple messages that do not fill already overflowing e-mail inboxes. The downside is that viruses can be transmitted via IM.

Organizations today are looking to do one of three things with IM: monitor usage, block or limit the amount of bandwidth these applications have access to. Using deep packet inspection technology that understands the flow and the application being used ensures companies can do all three and get control over the network because if you can manage the traffic, you control the network.

File sharing applications like Kazaa and Napster are typically not required on the corporate network, and blocking them is desired. Some of these applications, however, typically use port 80 to traverse in and out of the network, and this makes them difficult to control.

Others will "port hop", in other words they will use different TCP ports during the transfer to "fool" the monitoring devices that they are different applications. Layer 7, or deep packet inspection technologies, allow for companies to block access to these applications regardless of the port used. This is key to managing the traffic and, therefore, controlling the network. Dependent on the technology used, a useful add-on is the ability to interoperate with the Intrusion Prevention Systems or even the firewall. This adds an extra layer of security and intelligence to the network.

Blocking and managing this type of traffic is paramount to every organization, so they should be thinking and planning how they will implement this solution into their networks if they have not done so already. Because managing the traffic is controlling the network, this is important for any company.

Our expert: Matthew Syme is the product marketing manager for Security Solutions at Nortel Asia-Pacific.

Check out ZDNet Asia's Security toolkit for the latest news, whitepapers and case studies.