Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Security-Management
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: How much does P2P cost businesses?

from [Beauford, Jason] Network Security [Permanent Link]
Subject: RE: How much does P2P cost businesses?
Date: Wed, 1 Dec 2004 11:35:39 -0500 
Cost per hour can be determined by looking at your bandwidth costs per
month.

How long does it take for REAL work related network tasks to complete
because of bandwidth issues; how much time wasted in waiting?

Fines from BSA upwards around $250,000 per incident if pirated software
is found on your network.  What about STORAGE and Backup times.  Where
are your users storing this crap?  How much money are you throwing at
your servers/desktops to increase their storage so the OS will run.  Are
you backing this crap up?  How MUCH longer is it taking to backup.  With
regards to business continuity, it will take THAT much longer to recover
lost WORK Data as the tape needs to filter through the recorded files.
Also, tapes themselves cost money.  If you are backing up 150GB and half
is .mp3's, movie files and other pirated/cracked software, you are
wasting money on tape and storage costs.

Additionally, how much TIME are you the admin spending repairing
problems caused by these programs?  Are things like SPYWARE and ADWARE
plaguing your network.  If so, P2P like Kazaa, Limewire, Morpheus etc
include SPYWARE with their programs.  So not only is your network
bandwidth reduced due to file transfers, but also due to constant
connection of spyware and adware.  This slows down the desktop too and
causes ridiculous amounts of pop ups.  If you are spending time battling
that, it must be factored in.

But that is the minor stuff.  Brennan hit it on the head with
confidential corporate exposure.  However 1% probability might be too
lenient on the end user.  By default these programs can create a
sub-folder under MY DOCUMENTS (in Windows obviously).  How many people
save important corporate data in their My DOCS?  It takes one extra
click to navigate to that P2P's default SHARE folder of that P2P.

And geez.. What if some idiot end user looking for that cool Holiday
Screensaver downloads a Virus, Worm or what have you.  Now not only is
their PC affected, but the entire Network is at risk.

P2P = VERY BAD for Corporate Networks.  Block that crap at the Firewall
via Egress filtering and keep it moving.  It's tough enough having to
deal with daily IT functions and keeping systems up and running without
having to worry about all of this P2P.

However I understand the need to prove to management via RISK ANALYSIS.

If you come up with something that can be generalized, maybe you can
share with the forum?

Kind Regards,

JMB

-----Original Message-----
From: OBrien, Brennan [mailto:BOBrien@columbia.com] 
Sent: Wednesday, December 01, 2004 11:15 AM
To: Joel Merrick; security-management@securityfocus.com
Subject: RE: How much does P2P cost businesses?


I'd doubt there are any definitive studies on this, but you can
reasonably ascertain the impact... 

X number of staff, of which Y% use P2P services, $Z burdened cost per
hour. 

Risk:  Illegal file sharing leads to lawsuit.  1% probability, huge
cost. 

Risk:  Users accidentally expose internal confidential information.  1%
probability, moderate cost (potentially high depending on your
environment).  

Risk:  Lost time spent dinking around with this stuff. 100% probability,
small incremental cost. 

Now you've got everything you need to make a valid assessment of impact
(except, perhaps, the back half of the equation -- what you would do to
stop it, and how that would impact the bottom line in comparison to the
original calculation... that delta value is your budget). 

Brennan




-----Original Message-----
From: Joel Merrick [mailto:joel@servicestyle.com] 
Sent: Wednesday, December 01, 2004 6:39 AM
To: security-management@securityfocus.com
Subject: How much does P2P cost businesses?

Hi all

I'd be interested if anybody has any links to reports or other
quantative info about how much P2P or other file sharing costs
businesses.

I've seen a couple of links in the past, however I can't find them.

Any help would be glady appreciated.

Many thanks,
Joel

-- 
Joel Merrick

email:  <joel@servicestyle.com>
mobile: 07929 208 567
ServiceStyle Ltd. - Manchester's Technology Experts
https://www.servicestyle.com

GPG Public Key - https://www.servicestyle.com/joel_servicestyle.asc
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  RE: How much does P2P cost businesses?, Eric McCarty
Next by Date:  MODERATOR: Staying Focused on Security Program Management Issues, Bemis, Brad
Previous by Thread:  RE: How much does P2P cost businesses?, Eric McCarty
Next by Thread:  RE: How much does P2P cost businesses?, Richard . Sullivan
Indexes:  [Date] [Thread] [Top] [All Lists]