Securing From Within

Printer Friendly Version

It's a widely accepted fact that the greatest security risk an organization faces is from within its own ranks. While there may be hordes of script kiddies and seasoned hackers attempting to infiltrate your network on a daily basis, their chances of circumventing your perimeter measures are slim, and so therefore the risk is minimal.

In contrast, the employees within your company already have access to your internal network and are even furnished with a valid logon ID and password. In cracking terms, they are basically as far as any cracker could have wanted to get, and all with your co-operation.

What exactly should you be concerned about? Well, apart from the obvious risks like the theft of hardware and software, there are more subtle risks such as those related to the passing on of intellectual property or the exposure of other confidential information. Given the multitude of ways in which files (and other information) can be transported out of your company's network, both physically and electronically, concern about ensuring the security of your data and other 'information assets' from internal threats should place high on your list of security considerations.

So what practical measures can you use to prevent and discourage (it's almost impossible to prevent information theft entirely) people from passing on information to outsiders? Here are some suggestions that you might want to think about.

Have policies and enforce them - The existence of policies and the ability to enforce them is an overriding consideration in internal security. No matter what the security measures in place, users must be aware of what they can and cannot do. For example, you can't really discipline an employee for sharing their password with another person without first telling they that they must not. It might seem obvious to you and I, but many people will presume that if a person in their own department needs to use their password, then that's OK. Have detailed policies to cover such things in place and have all new and existing users sign a declaration that they have read and understood what is expected of them when it comes to company data and technology assets.

Make sure that users choose passwords wisely - Often, one user is privvy to many of the details of other team workers lives. That means that they know the husband or wife's name, know where their summer cottage is and also know the nicknames for their children. Hackers from outside have to go to great lengths to find out these common passphrases but team workers have this info already. This makes it even more important for users to choose passwords carefully.

Consider implementing internal firewalls - Many organizations are now viewing the use of internal firewalls as an effective means of stopping people from infiltrating parts of the internal network to which they do not need, and should not have, access. That mild mannered junior accounts clerk might seem innocuous enough, but how do you know that by night he isn't a budding cracker just honing his skills for the right opportunity to steal your company's research data?

Track hardware and software - You might think that we are just referring to 'intellectual property in this discussion but the reality is that many losses from companies occur in the physical sense. As well as the obvious, such as taking home the printer that is in the cupboard or pocketing a toner cartridge from the stationery room, there are less obvious moves like taking RAM out of computers. Keeping a detailed inventory of hardware and software is a essential if you are to keep a track of your physical assets.

Implement firewall/email monitoring - Many firewall/proxy server/email servers can perform a range of scanning functions including performing a search for a specific word or phrase (known as a lexical scan) within an email. That way, if a user sends out a message that contains a document which has a certain phrase in it an administrator can be alerted. Now, you might think that users would not be as stupid as to leave key words in documents that they are sending to outsiders, but you would be surprised. To take care of those users who are smart enough to remove key words, make sure that your lexical scans are configured to look for a range of words - for example include the word project, the name of the project and perhaps one of the key terms used in discussions or documentation about the project. Also keep in mind that firewall/email monitoring is only effective if the log files for the software are monitored.

Review and reinforce file permissions - File permissions are your first and last defense against unauthorized access, but in all to many organizations they are not implemented in the granular manner that they are supposed to be. The reason for this is not normally indifference on the part of the network administrator - rather it is normally a policy decision which is made to be to general rather than specific for each file or directory.