Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: Security 2.0 - SANS Internet Storm Center SANS ISC InfoSec Forums

Participate: Learn more about our honeypot network

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Security 2.0

Been thinking lately about some of the restrictive policies that corporations, .mil, .gov, and some others have when it comes to security.

Does it work?

Where are we at?  

Are all the extremely restrictive policies in your corporate work environment working?  

What can be relaxed?  Why?


Example:  I recently ran across an example where iTunes was not allowed on the network because it was considered P2P.  Is iTunes P2P?  Of course not, but here is an example of where reeducation for the "experts" and the loss of "policy for policy's sake" make be helpful.


We'd like to hear your feedback.  What does Security 2.0 mean to you?  We all have our own opinions, we'd like to hear yours!


Joel Esler


454 Posts
Nov 21st 2007
While I'll admit, iTunes is not P2P, we are blocking access to it to reduce the amount of bandwidth used for non-business applications. For this same reason, we have blocked access to most sites hosting any sort of streaming media.

9 Posts
Okay, I can see that. We had another user write in to tell us that they didn't allow iTunes because it would cause alot of issues with having to backup several gigs of music files, per person.

454 Posts
iTunes can quickly cross the line to P2P "like" app. All it takes is for some users to hit edit --> preferences --> sharing and there you go 2 check boxes. Look for shared libraries and share my library. If a user doesn't password their library anyone on the network can now listen and download songs from each other... pretty close to P2P in my book.
But it's not P2P. Just because you can listen to someone else's music does not mean you can GET someone else's music. You are not trading the file, it is no different from streaming radio.

454 Posts

Sign Up for Free or Log In to start participating in the conversation!