Tip

The real deal with internal security threats

People often say that 80% of attacks on a network come from the inside, and recent studies confirm that management considers internal threats a business problem. According to

Requires Free Membership to View

the 12th annual Ernst & Young Global Information Security Survey, 25% of respondents saw an increase in internal attacks and 75% are concerned about the retaliation of former employees.

But how likely is an attack from the inside?

While there are several common ways that Windows servers get hacked, there is really no adequate way to measure the percentage that comes from the inside.

More on Windows internal network security

Tests for securing the internal Windows network

How Windows servers get hacked

This is because many – if not most – internal breaches go undetected since the controls necessary to mitigate the risks are typically not in place or are not properly managed. The Privacy Rights Clearinghouse Chronology of Data Breaches lists a variety of internal security breaches dating back more than five years -- but this only scratches the surface. In addition, anyone with a computer on the network can carry out an attack, regardless of their technical abilities. If someone with malicious intent wants to get in, they will. Everything's there for the taking.

Marcos Christodonte's new book Cyber Within depicts a situation of an insider gone bad -- and all the things that can happen along the way. However, the insider threat isn't just fiction: If your business hasn't been affected by insider abuse, you can bet a few of your friends have experienced it in their workplace. If not now, then it's only a matter of when.

Harsh economic times lead to employee theft and other exploitations, and what better way to abuse the system for ill-gotten gains than with a computer? It's convenient, there's no physical risk and tech-savvy employees know that the odds are they'll never get caught. Furthermore, there are often many entry points into the network – typically using the same user/password combination – that management often overlooks, especially after employees are laid off or fired.

So, how high is risk of an attack from the inside?

There's really no way to know unless -- and until -- you have reasonable controls that are several layers deep into your network. For the most part, the focus has been on keeping the bad guys out of the network perimeter -- all the while, Windows-based systems on the inside were wide open for abuse.

Therefore, to protect yourself from internal threats, you not only need the typical external firewall and IPS configuration, but you also need to consider the following for your Windows servers:

  • Share and file permissions that keep the people out of information they don't need to access
  • Consistent patch management across all servers including SQL Server and third-party application
  • Audit logging that tracks success and failures of login events and related system access
  • Endpoint controls on servers including personal firewall (such as Windows Firewall) and malware protection

If you have the budget – and are up to the challenge -- you should also consider a third-party data leakage prevention appliance to monitor and protect the comings and goings of classified server information.

While overall dealing with internal vulnerabilities is complex, it can be distilled into some basic elements.

In a nutshell, here's how to combat the insider threat:

While this is a simplified view of things, most organizations can improve in all of these areas. And you've got to start somewhere -- be it with something as focused as Windows servers or more broad like your entire information systems infrastructure.

Remember, with the emerging tech-savvy Generation Y workforce, insider threats are only going to become a bigger issue down the road.

ABOUT THE AUTHOR:
Kevin Beaver is an independent information security consultant, author, and speaker with Atlanta-based Principle Logic, LLC. He has more than 18 years of experience in IT and specializes in performing information security assessments. Kevin has written five books including Hacking For Dummies (Wiley), Hacking Wireless Networks For Dummies, and The Practical Guide to HIPAA Privacy and Security Compliance (Auerbach). He can be reached at kbeaver @ principlelogic.com.

This was first published in January 2010

There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

Disclaimer: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.