Insider actions and the fight against network threats
External and internal threats are driving enterprises to the edge, costing
them millions of dollars and forcing them to constantly find new ways to protect
their networks. But whether threats originate from outside or inside an organization,
there is always one person in a position of control -- the insider!
Because users play such a critical role in network security, the OSI stack
has been extended from its seven layers to include the eighth layer - the human
layer. Layer 8 is where technology interfaces with users and it addresses security
in the network by controlling user actions through identity-based policy creation.
Insiders lead attackers inside the network
Internal users have the easiest access to sensitive corporate data, applications
and resources in the network. They are increasingly using multiple protocols
like email, IM, P2P, FTP, HTTP and Web 2.0 for their business communication
needs, giving rise to multiple points for data leakage and threat entry.
User behavior is the most unpredictable and this has put the most precious
asset in enterprises - corporate information - at high risk. Ignorance about
security policies, lack of up-to-date knowledge on network security, malicious
intent for financial gains and aversion to corporate policies and practices
can prompt an insider to pass on sensitive information to outsiders.
Consider this example: A disgruntled employee wanting to get even with his
previous organization sent email to a former colleague, asking him to look at
some photos on his Geocities website, which is a Yahoo! portal. Because the
ex-colleague knew the sender of the email, he went ahead and logged into the
site using his Yahoo! username and password to access the photos. What he didn't
realize was that the login page was a fake and the miscreant now had his login
details. He was still oblivious of what had happened as he was redirected to
the Geocities page with the photographs. The attacker now had the ability to
log on to Yahoo! using the ex-colleague's identity and could get away with confidential
corporate information because Yahoo! was the standard mode of communication
in the organization. He could easily misguide customers and put the enterprise
at risk. He could even install malware and keyloggers in the network to wipe
out or send information at their discretion.
Data leakage in enterprises can cripple the business and may lead to loss of
goodwill and trust among its customers. Thus, whether intentional or not, insider
actions can make or break enterprises. Insiders thus play the most critical
role in facilitating external and internal attacks in enterprises.
Sign up for ITworld's Daily newsletter
Follow ITworld on Twitter @IT_world
Esther Schindler
If the comments are ugly, the code is ugly
claird
SVG a graphics format for 21st century
pasmith
Take Chrome OS for a test spin
Sandra Henry-Stocker
Solaris Tip: Have Your Files Changed Since Installation?
jfruh
Android fragments vs. the iPhone monolith
mikelgan
What Gizmodo missed about the Pro WX Wireless USB disk drive
Sidekick: The Good News & the Bad News
Either way you look at it Microsoft Data Center management did not follow standards or best practices in this failure. In which case it makes me wonder more about the outsourcing of corporate data much less personal data.
- mburton325
Join the conversation here
Quick, practical advice for IT pros. Made fresh daily.
Want to cash in on your IT savvy? Send your tip to tips@itworld.com. If we post it, we'll send you a $25 Amazon e-gift card.
