News Stay informed about the latest enterprise technology news and product updates.

Managing network problem users: The Downloading Disaster

With this second entry in a new series about network problem users, looks at users who download by the gigabyte, for legitimate purposes or otherwise, and what networking professionals can do to keep these users from slowing their networks to a crawl.

Problem Users, a series, examines the different varieties of internal users who can threaten the corporate network. Each story in the series offers advice on how to mitigate the unique risks each type of user represents.

Enterprise networking professionals have been contending with intensive downloaders since the dawn of the Internet, but there's still no quick fix for dealing with the "Downloading Disaster."

Network administrators must be adaptive when dealing with these troublemakers. Simply blocking all downloads, or file sharing sites, isn't the answer because many of these users are hogging bandwidth in order to download data that is essential to business processes. Enforcing a ban on all video downloads will make a mess of things if some users are trying to download essential training videos.

Indeed, the Downloading Disaster may occasionally download data for legitimate business purposes, but the havoc this user causes can create headaches, latency and more for the unprepared network admin.

Security risk: While large downloads by themselves may not pose a particularly severe threat, users in the habit of downloading – and running – whatever they can off the Web often bring in some nasty viruses along with their newest instant messaging client or screensaver.

Users getting their files from peer-to-peer (P2P) networks pose an even greater threat, since these networks offer little validation that shared files really contain what a directory says they do. There is almost no way of knowing whether the file is hiding a malicious trojan.

Fortunately, these dangers are not new, and viruses embedded within downloaded files are usually rooted out by the basic antivirus solutions that every company should have in place to begin with. However, excessive downloaders are constantly opening up new avenues of attack. Every newly installed, unsanctioned instant messaging client opens up unmonitored channels for phishing or social engineering attacks.

Congestion risk: According to Michael Kennedy, managing partner of Network Strategy Partners, the congestion threat that downloading poses is greater than ever before, despite larger bandwidth and more sophisticated throttling mechanisms.

Kennedy pointed out that many end users are downloading consumer applications and putting a strain on the network with the intention of using them for legitimate business purposes.

More on network management
Voices of Authority: 'New rules' for networking, telecommunications

Search Security: Peer-to-peer security

Windows peer-to-peer networks: Lock them down in five steps

What is Peer-to-Peer?

"We're moving faster away from this idea of applications being developed by the enterprise in a closed little world," he said. "Many of the applications being developed in the consumer space are now becoming business tools."

This movement, which can have a variety of side benefits, including cost savings or increased productivity, also means that a blanket "no downloads" rule is impractical in many situations. The line between good and bad is blurring, Kennedy said, and once traditional no-no's like BitTorrent are now being put to legitimate work.

"It's a mix of stuff you shouldn't be doing at work and stuff that it looks like you shouldn't be doing, but has legitimate purposes," he said.

Gaining an understanding of what is being downloaded can be challenging. Kennedy said most download traffic is pure HTTP, and while tools that monitor and classify application and traffic types, like Blue Coat PacketShaper, do a great job identifying what those files are, few IT departments have the extra manpower to decipher those logs and then develop policies on how to contain the congestion threat.

Overall threat level: Low to medium, depending on enterprise stance. While many companies are opening up to allowing user downloads, YouTube, and an array of other once-verboten Web practices, many more are still content to keep the network locked down except for a special, case-by-case basis for downloads, such as one firm that has its users first route all downloads through a quarantined computer before installing anything.

For companies like that, the overall threat is fairly minimal. For others, with a more permissive corporate culture, the threat could tick up a notch, particularly as business-critical Software as a Service applications compete with high-definition training downloads.

Threat resolution: As mentioned, locking down the network and disallowing downloads is always an option, and it's not a bad one for many companies. Kennedy warned, however, that corporate culture might overrule well-grounded IT fears and preclude this strategy.

In this case, a multi-pronged approach may be best advised. As with the Novice User, the Downloading Disaster might best be held in check by a strong education program. Tell users, for example, to download files at off-peak hours, avoid protocols like BitTorrent that consume both upload and download bandwidth, and download files off the corporate intranet, rather than the public Internet, whenever possible.

Many employees, once they see the damage they're doing to the network, will readily change their ways.

"I don't think there are really too many 'rogue users,' " Kennedy said. "There are a lot of people who come to work conditioned to the excellent service they have at home, and take it for granted they can do that at work. So it's really a matter of education and training, part of an employee-orientation process."

Education is likely to solve only part of the problem, however.

It's also important for companies to develop policies that fit their corporate culture and then share and enforce those policies with their employees, both through administrative oversight and user-access controls, which, at least partially, lock down what users can do.

If bandwidth concerns remain, Kennedy said, traffic-shaping tools can often do the trick, particularly if they're used to prioritize Web traffic and specific applications at the expense of large downloads.

It's a solution, he said, that might even leave the Downloading Disaster happier.

"If you have somebody who uses a lot of downloading capacity, that same person is going to be doing more normal Web browsing," Kennedy said. "They're probably going to judge their response system based on their normal Web browsing." While they were unlikely to complain about a 12-minute download now taking 15 minutes, he said, they would definitely appreciate a 15-second webpage load cut down to three seconds.

Have a problem user yourself? Discovered a whole new genus of problem users? Contact news writer Michael Morisy and share your horror stories – and solutions.

Dig Deeper on Network management and monitoring

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.