Skip to content

Page114

Peer-to-Peer

Peer-to-peer (P2P) networks alter the classic client/server computer model. Any system may act as a client, a server, or both, depending on the data needs. Like most technology, most P2P networks were designed to be neutral with regard to intellectual property rights. That being said, P2P networks are frequently used to download commercial music and movies, often in violation of the intellectual property owner’s rights. Decentralized peer-to-peer networks are resilient: there are no central servers that can be taken offline.

One of the first P2P systems was the original Napster, which debuted in 1999. It was designed to allow music sharing and was partially peer-to-peer: downloads occurred in P2P fashion, but the central index servers (where users could search for specific songs, albums, and artists) were classic client/server design.

This design provided an Achilles heel for lawyers representing the music industry: if the central index servers were taken down, users would be unable to locate music. This is exactly what happened in 2001. Many P2P protocols designed during and since that time, including Gnutella and BitTorrent, are decentralized. If you have a Gnutella network with 10,000 systems and any 1,000 go offline, you now have a Gnutella network of 9,000 systems.

Beyond intellectual property issues, integrity is a key P2P concern. With no central repository of data, what assurance do users have of receiving legitimate data? Cryptographic hashes are a critical control, and should be used to verify the integrity of data downloaded from a P2P network.

Thin Clients

Thin clients are simpler than normal computer systems, with hard drives, full operating systems, locally installed applications, etc. They rely on central servers, which serve applications and store the associated data. Thin clients allow centralization of applications and their data, as well as the associated security costs of upgrades, patching, data storage, etc. Thin clients may be hardware-based (such as diskless workstations) or software-based (such as thin client applications).

Diskless Workstations

A diskless workstation (also called diskless node) contains CPU, memory, and firmware, but no hard drive. Diskless devices include PCs, routers, embedded devices, and others. The kernel and operating system are typically loaded via the network. Hardware UNIX X-Terminals are an example of diskless workstations.

A diskless workstation’s BIOS begins the normal POST procedure, loads the TCP/IP stack, and then downloads the kernel and operating system using protocols such as the Bootstrap Protocol (BOOTP) or the Dynamic Host Configuration Protocol (DHCP). BOOTP was used historically for UNIX diskless workstations. DHCP, which we will discuss in Chapter 5, Domain 4: Communication and Network Security, has more features than BOOTP, providing additional configuration information such as the default gateway, and DNS servers.

Thin Client Applications

Thin client applications normally run on a system with a full operating system, but use a Web browser as a universal client, providing access to robust applications that are downloaded from the thin client server and run in the browser. This contrasts with “fat” applications, which are stored locally, often with locally stored data, and with sometimes complex network requirements.

Thin clients can simplify client/server and network architecture and design, improve performance, and lower costs. All data is typically stored on thin client servers. Network traffic typically uses HTTP (TCP port 80) and HTTPS (TCP port 443). The client must patch the browser and operating system to maintain security, but thin client applications are patched at the server. Citrix ICA, 2X ThinClientServer, and OpenThinClient are examples of thin client applications.