A Free Educational Resource Created by Carnegie Mellon University to Empower You to Secure Your Part of Cyberspace

File Sharing

Using a network to download and upload music, movies, and other files with others

File sharing is when you share computer data or space with others on a network. File sharing allows multiple users to read, modify, copy or print the same file. Different users may have different levels of access to files on the network.

There are two methods of file sharing: centralized and peer-to-peer. Centralized file sharing uses a central file server, where all the shared files are stored. To get to the files you first have to access the central file server. The most popular network protocol for this type of sharing is the file transfer protocol (FTP).

Peer-to-peer (P2P) file sharing has no central file server. The shared files are stored on users’ computers where they can be accessed by the other users on the network. In this type of file sharing, files are usually divided into chunks and transferred chunk by chunk. This speeds up transfer because chunks can be collected from several users simultaneously. Programs such as Bit Torrent and Kazaa are used to exchange files in P2P file sharing. Microsoft Windows File Sharing can also be used to transfer files between different machines.

File Sharing: security threats & prevention tips

  • Denial of Service An attack whereby excessive traffic is sent deliberately to a connection
  • Intrusion Accessing a computer without permission
  • Malware Programs that are designed to harm your computer
  • Spyware Software that sends information from your computer to a third party without your consent

File Sharing: common problems and solutions

My bank statements ended up posted on a Web site.

If you do not carefully set up your shared information or shared drives, you may end up sharing more information than you intended. This is especially true in the case of P2P applications where the other peers in the network have direct access to your computer. Keep in mind the following safe practices:

  • Periodically check the files you keep in the shared folder.
  • Provide minimum (Read Only) privileges on the shared files.
  • Make sure your shared folder is not the default folder for any other application or for downloads.
  • Run virus scans regularly to ensure that no folders or drives are placed in a share mode without your knowledge.

My computer turns on and off and can not connect to the Internet.

Your computer is infected with a virus, which was probably downloaded as a file or an email-attachment. Spyware could also cause your system to function abnormally.

  • Only download files from trusted sources.
  • Scan all your files that you receive during a file-transfer with an effective anti-virus software.
  • Since anti-virus applications are not very effective against spyware, you would need special anti-spyware to protect your computer from them.
  • If running both the anti-virus and anti-spyware applications as directed yields no results, the virus may have infected your operating system. You might need to reformat your operating system.

Pop-up ads cover my screen and slow down my system.

Your system has been infected with spyware, or a special category of spyware called adware. These can be installed on your system without your knowledge and are extremely difficult to detect and uninstall. They not only slow down the system but at times also advertise information private and confidential to your computer. They are also capable of changing system settings. Prevention seems to be the key solution in such a case.

  • Only download files from trusted sources.
  • You would need anti-spyware applications to detect and eliminate spywares from your computer. The most popular anti-virus products now include adware and spyware scanning. For example, the latest versions of McAfee VirusScan, Norton AntiVirus 2004, and Trend Micro PC-Cillin 2004 now scan for some adware and spyware.
  • Install pop-up blockers to prevent adware and software pop-up windows.

Files on my Web site take too long to download.

Your server may be facing a denial of service attack where malicious hosts collude to disrupt your service. You can do little to stop the attack, but you should practice certain preventive measures:

  • Install a firewall to protect your web server and set up strict filtering rules for the incoming traffic.
  • Set up your Web site to allow only a single download for a certain IP at a point of time. If some IPs are misbehaving, you can blacklist the IPs for further downloads.
  • Your server can be configured not to return ICMP requests.

See the page on denial of service for methods you can use to detect the culprit of a denial of service attack after it is over.

One of my files was mysteriously emailed to everyone in my address list.

Your computer may be infected with malware, specifically a worm that self-propagates and forwards mail to everyone in your address list. This email is also infected and anyone who reads it also gets infected. Malware is a composite of spyware, adware and viruses on the system. An overall protection plan would include installation of anti-virus packages, anti-spyware and rootkit detection systems.

My computer operates in safe mode only and freezes in normal mode.

Malware is a common problem with downloading file-sharing applications. Methods to get around this problem are complicated, so it is important to take steps to prevent the problem from occuring by using anti-spyware and anti-virus packages that could protect your system from being infected. It is also advisable to download material only from trusted sources. Try and install these packages on your computer to detect and clean your system of infection. Even though not 100 percent effective, they will help your system work more normally. The most effective solution, however, would be to reformat your drive.

Connect Safely from Different Places

Office

File sharing allows employees to exchange information quickly and efficiently, even if they are at different locations. Without proper security measures, however, file sharing can expose a company’s network to infection by worms and viruses.

Your office computer may contain sensitive personal and official information that you do not want falling into the wrong hands, so you should be very careful to keep from infecting your system with malware or spyware. Also, a malicious user could use your filesharing portal to access or steal confidential company information.

If your company has a policy against using your workplace computer for personal file sharing, you could end up being penalized on the job. If you use filesharing applications at work, consult your system administrator to learn how to set file permissions to restrict access to your files.

Depending on the policies of your workplace, your employer may log the types of activities that you do on your computer and store this information in an electronic archive. They may examine this archive or be required to turn it over to the government or law enforcement officials if asked. Therefore, you should be careful about the files that you share or download at work.

Mobile

You can use your mobile device to download or upload files from anywhere; however, if you are not careful, these devices can become infected with viruses and worms.

On the road

When you use your laptop to share files on a public network you need to be extremely careful in order to keep your laptop from being affected by viruses, worms and spyware and to avoid infecting others who may be using the same network as you.

Ethical Issues

Peer-to-peer file sharing is ethically questionable when the files that are being shared have some proprietary value, called intellectual property. Taking the physical property of someone else is theft. Likewise, it is theft when you take the intellectual property of someone without their permission and without paying them for the work that they have put into producing the music or video content that you are "sharing."

Even if a file is not protected by copyright and therefore legally available to anybody, it may not be suitable for all users. Certain sexually explicit or violent materials could be offensive or even harmful to other users. Also, files may carry malware that could be harmful to your computer and cause you to lose valuable documents or have important information about you stolen.

Legal Issues

The most critical legal issue with file sharing is copyright violation. A copyright is a legal protection that keeps published and unpublished literary, scientific and artistic works from being copied without the creator’s permission. For example, an MP3 music file on your computer is copyrighted by the artist who created it or the music publisher who published it. Anyone who wants to copy this file must first get permission from the owner of the copyright. Copyright, however, is almost never enforced with file sharing, either because the people sharing files do not know about copyright protection or because they ignore it. So every time you access a shared file, there is a good chance that you are breaking copyright law and could be subject to legal action.

The music industry claims that peer-to-peer file sharing has resulted in huge losses for them, so their industry trade association, the Recording Industry Association of America (RIAA), has filed thousands of lawsuits against individuals who share music on the Internet. When you download copyrighted materials like MP3s, you are risking personal liability, legal fees and court costs. The Motion Picture Association of America (MPAA) has also taken legal actions against individuals who share movie files.

Privacy Issues

By sharing files with other users, you are opening a door through which others can access your computer. When you install your filesharing software, make sure to check what folders you are sharing, and limit access as much as you can. Installing filesharing software creates a big hole in your computer security, and you may end up sharing more than you intended. A malicious user can use your filesharing portal to access unshared files on your computer and steal your private information, including email files and your bank account number, credit card number, social security number and driver's license number.

My home page