Studies indicate that as much as 60% of broadband ISP bandwidth is being consumed by Peer-To-Peer (P2P) file sharing technologies. Although some P2P technologies can have legitimate uses in enterprises, unmanaged use of P2P file sharing services exposes corporations to serious business risks, including loss of confidential information, viruses, worms, spyware, and copyright violations. With P2P file sharing services, employees have the ability to easily circumvent corporate security measures that are primarily intended to protect the network perimeter from external security threats. This ability is due to the fact that P2P clients are freely downloadable and are specifically designed to evade network security by employing techniques such as port scanning, tunneling, and encryption. Since P2P file sharing is port-agnostic, blocking it at the firewall becomes extremely difficult. Also, since P2P file sharing protocols are not standards-based, they are extremely difficult for network administrators to control, or even detect.
Conventional methods for P2P protocol detection operate on a packet-by-packet basis (or “stateful firewall”), and thus do not act at layer 7 (the so-called application layer). For example, see Sen, Subhabrata et al. “Accurate, Scalable In-Network Identification of P2P Traffic Using Application Signatures.” WWW '04: Proceedings of the 13th international conference on World Wide Web pp. 512-521 (2004). These methods do not provide the ability to terminate connections. Moreover, proxy servers in a corporate intranet may see more unwanted traffic than just P2P traffic. For example, HTTP or HTTPS traffic might occur on non-standard ports. Also, non-standard protocols might be used on well-known ports, such as instant messaging traffic trying to connect out on port 443 hoping that a firewall would allow the traffic thinking that it was HTTPS. The conventional protocol detection methods are not particularly suited for proxy servers in a corporate intranet.
Accordingly, there is a need in the art to control “rogue” network traffic, to correctly identify enterprise applications, and to provide support for other port-agnostic application protocols as they become popular.
Accordingly, there is a need in the art to control “rogue” network traffic, to correctly identify enterprise applications, and to provide support for other port-agnostic application protocols as they become popular.