Printer Friendly
The Free Library
14,702,759 articles and books
Member login
User name  
Password 
 
Join us Forgot password?

The enemy within. (Security).


These days security is often top of the IT Manager's to-do list with most businesses, regardless of size, implementing firewalls to protect the company network from outside hackers, encryption to safeguard data sent externally and group policies to control who has network access and when. However, too many companies are overlooking the very real threat to IT security that comes from within the company itself.

According to according to
prep.
1. As stated or indicated by; on the authority of: according to historians.

2. In keeping with: according to instructions.

3.  recent research commissioned by Oracle, internal security breaches present the largest threat to compromising data within a company. More than half of the sample surveyed felt internal security breaches were a bigger threat to business than external ones. This is not really surprising: who knows most about the company's computer system, it's security loopholes and points of penetration? Its (former) employees. Over the past 18 months the IT industry has seen a spate of layoffs and with it, a rise in 'work rage', usually manifested in attacks on the company's IT system. Last year it was reported that three local government websites in Wales Wales, Welsh Cymru, western peninsula and political division (principality) of Great Britain (1991 pop. 2,798,200), 8,016 sq mi (20,761 sq km), west of England; politically united with England since 1536. The capital is Cardiff.  were the victims of simultaneous hacking attempts carried out by disgruntled dis·grun·tle  
tr.v. dis·grun·tled, dis·grun·tling, dis·grun·tles
To make discontented.


[dis- + gruntle, to grumble (from Middle English gruntelen; see  employees, when obscene messages were posted across the councils' homepages. In America, a third of San Francisco San Francisco (săn frănsĭs`kō), city (1990 pop. 723,959), coextensive with San Francisco co., W Calif., on the tip of a peninsula between the Pacific Ocean and San Francisco Bay, which are connected by the strait known as the Golden  was recently plunged into darkness after an employee sabotaged an electricity substation, and in yet another case, a worker stood trial after allegedly planting a computer 'bomb" that deleted software, costing his employees more than $10million in sales and contracts.

Internal security breaches are not always an act of revenge. Human nature is naturally curious and if employees know that confidential information Noun 1. confidential information - an indication of potential opportunity; "he got a tip on the stock market"; "a good lead for a job"
steer, tip, wind, hint, lead  is stored on the corporate network, most will probably attempt to access it. An American company was reported to have set up a fake server in an experiment to attract the attention of hackers, but IT bosses were shocked to discover that the company's CEO (1) (Chief Executive Officer) The highest individual in command of an organization. Typically the president of the company, the CEO reports to the Chairman of the Board.  had paid a visit. One of the main factors responsible for the high occurrence of internal security breaches is often just pure stupidity. A common sight in any business, large or small, is a post-it note Post´-it note

n. 1. A small sheet of paper having the back part partly covered with a non-permanent gum which allows the note to be attached temporarily to another object, and easily removed without leaving any trace of glue on the object to  stuck to the computer screen with the computer username The name you use to identify yourself when logging into a computer system or online service. Both a username (user ID) and a password are required. In an Internet e-mail address, the username is the left part before the @ sign. For example, KARENB is the username in karenb@mycompany.  and password written on it. Other typical security errors include failing to change a password from the default, encrypting data but leaving it on a machine in an unencrypted format or locking it with a blank password, or failing to change system passwords during updates. Such simple errors can cost a company dearly.

What's more, with the current trend towards remote working, huge amounts of confidential information are being stored on portable computers, PDAs, etc., which are taken outside the protection of corporate security. This creates even more security risks as these devices are often lost or stolen. There's also the possibility of these portable devices being able to bring malicious software straight back into the corporate network because the user is a trusted party..

How, therefore, can companies safeguard against so many potential internal threats? The following five, easy steps, should be enough to cut down significantly on internal errors:

1. Analyse The Risk

The first step in combating internal security breaches is to know the risks, and how the company network is exposed to those risks. Who has access to what and when? Is remote access provided for mobile workers, if so, who and how many? How are those remote users authenticated au·then·ti·cate  
tr.v. au·then·ti·cat·ed, au·then·ti·cat·ing, au·then·ti·cates
To establish the authenticity of; prove genuine: a specialist who authenticated the antique samovar. ? A simple audit of your network and its usage patterns will soon identify the key internal threats it faces.

2. In code

A simple way to protect sensitive or confidential data from prying pry·ing  
adj.
Insistently or impertinently curious or inquisitive: ignored the prying journalists' questions.


pry  eyes, is to employ some form of data or file encryption solution. The easiest to deploy is a software-only encryption method, which can be used across multiple sites giving end-to-end encryption Continuous protection of the confidentiality and integrity of transmitted information by encrypting it at the origin and decrypting at its destination. For example, a virtual private network (VPN) uses end-to-end encryption. Contrast with link encryption. . Some software-only methods are also platform independent, which means your choice of firewall, routing, switches and other security measures Noun 1. security measures - measures taken as a precaution against theft or espionage or sabotage etc.; "military security has been stepped up since the recent uprising"
security , is not being dictated.

3. The Tool Kit

There is a range of vulnerability assessment A Department of Defense, command, or unit-level evaluation (assessment) to determine the vulnerability of a terrorist attack against an installation, unit, exercise, port, ship, residence, facility, or other site.  tools on the market that can perform rigorous system examinations, to identify potential security violations. In addition, intrusion detection See IDS and IPS.  tools can provide supplementary layers of protection by monitoring system and user activity, statistically analysing abnormal activity and recognising activity patterns reflecting known attacks. In order to get complete protection from viral threats, it is also worth investing in an anti-virus scanner that monitors all tiers of your corporate network including workstations, file servers, email and laptops. This will ensure that you pick up on any infections brought into the system by email or by users of portable machines.

4. Security As A Service

With so many potential security risks, companies need security that can he distributed easily. Security should he provided as a service that is completely transparent, integrated, automatic and reliable for the end-user, and at the same time centrally administered and defined by the system administrator. In effect security should be a utility service like electricity, gas or water: it's there without users needing to know how it works or how it's delivered.

5. Maintenance

Once a secure system has been set up, it is vital that the organisation maintain the hardware and software. New forms of attack are continually evolving, finding new and more damaging ways to infiltrate the network. It's no use simply introducing a system and hoping for the best. If you are to stand any chance of remaining secure in the face of technological advancements, the system needs to be upgraded as quickly as the new attacks are being invented. www.f-secure.com
COPYRIGHT 2003 A.P. Publications Ltd.
No portion of this article can be reproduced without the express written permission from the copyright holder.
Copyright 2003, Gale Group. All rights reserved. Gale Group is a Thomson Corporation Company.

 Reader Opinion

Title:

Comment:



 

Article Details
Printer friendly Cite/link Email Feedback
Author:Holloway, Jason
Publication:Database and Network Journal
Date:Jun 1, 2003
Words:912
Previous Article:China's software developers eye Linux. (IT News).
Next Article:Firms neglecting remote workers' IT security. (IT News).



Related Articles
Bush's winning hand: racial tokens in the administration. (Enemies of the State).
Enemy Aliens: Double Standards and Constitutional Freedoms in the War on Terrorism.(Book Review)

Terms of use | Copyright © 2009 Farlex, Inc. | Feedback | For webmasters | Submit articles