Most network and security administrators have gone to great lengths to secure and protect their corporate networks. Depending on the size of the network and the value of the assets being protected, the network may be shielded by firewalls, antivirus software, spam blockers, antispyware tools or an intrusion detection system (IDS). And there is a variety of other hardware and software products aimed at keeping the bad guys out of your network.
But, what if the attack is from within? Security products do a fair job of guarding the resources they are designed to protect, but some may be transmitting sensitive information on the internal network -- information that could be used to circumvent the security software itself or otherwise compromise network resources. If an unscrupulous employee uses a packet sniffer, he may be able to capture sensitive data that is exposed by the security software.
Security researchers have noted an increase in the number of vulnerabilities being discovered in security products themselves, but even some fully functioning security software may be transmitting sensitive information across the network. What can you do to protect yourself?
- Know your security products: As I already mentioned above, there are probably a number of different hardware and software products deployed on the network intended to provide security. To best protect your network, you should understand as much as possible about how the products work,
- what data is transmitted and where it is transmitted to and whether those transmissions are encrypted in any way.
- Encrypt your data transmissions: If you discover that there is confidential or sensitive information being sent across the network, make sure the data is encrypted in order to protect it. Depending upon the nature of the transmissions, you may be able to employ IPsec or another encryption method.
- Watch out for sniffers: Protocol analyzers, also known as network or packet sniffers are useful tools for monitoring and troubleshooting network issues. But, you certainly don't want any employees running rogue packet sniffers and capturing data from the network. Switched networks offer better protection than networks connected via hubs, but they are not immune to rogue packet sniffers either. Detecting sniffers is not easy, but if you suspect that there may be rogue sniffers on your network, invest a little time in learning how to weed them out. It may be a wise investment.
About the author: Tony Bradley is a consultant and writer with a focus on network security, antivirus tools and incident response. He is the About.com Guide for Internet / Network Security, providing a broad range of information security tips, advice, reviews and information. Bradley contributes frequently to other industry publications. For a complete list of his freelance contributions, visit Essential Computer Security.
More information from SearchWindowsSecurity.com
This was first published in August 2005