Social Engineering And Other Threats To Internal Security
by Ari Tammam - Promisec - Monday, 19 December 2005.
So far we have shown attacks that are premeditated where the intention is specifically to cause damage or steal information. However, there is the accidental damage by the ignorant or unaware employee or insider that does not realize he is causing any harm to the company. The example above is a combination of the two (accidental and intentional) where the attacker uses that employee’s ignorance in the hope that whoever receives the CD will in fact run it on his PC and forget about the company policy which prohibits the use of unapproved media. This is the exact reason for the prohibition but these prohibitions are difficult to enforce.

In a purely accidental breach an employee may inadvertently disable the personal firewall on their PC allowing any number of malicious applications to enter unhindered. If a personal firewall or content inspection is disabled on a PC, employees can surf to virtually any site on the net and inevitably get infected with malicious applications or dialers which are predominantly found on the most popular recreational sites such as pornography and file shares. Another example may be a salesman who wants to synchronize his PDA, which has wireless connectivity, with is PC. During the same process the modem functionality has been activated on the PDA enabling unauthorized access to his PC, especially if there is no security enabled on the wireless connection. These are just a few examples of the multitude of internal security breaches that can bypass the gateway and access the corporate network.

How does a company protect itself from its own users who intentionally or accidentally can cause serious damage?

In light of the fact that most employees either do not read the company’s security policy or forget its content as soon as they have read it and the fact that it is difficult to enforce this policy anyway other than the threat of terminating the contract with an employee. Companies have to invest in internal security systems that complement existing gateway security solutions and provide real time threat detection that minimizes the window of opportunity for threats to become major security breaches.

Most companies do not think twice when considering security solutions at the gateway to protect the perimeter and control all communications going in and out of the organization but for whatever reason do not place much importance on the threat from within. If we take the example above, of a salesman synchronizing his PDA with his PC we can see how easy it is to bypass the gateway and open an unsecured connection from within the organization rendering investment in the gateway as only a partial solution since too many holes still exist in the security apparatus that need plugging.

A recent study on digital security claimed that 90% of companies surveyed reported ‘Insider abuse of Internet access’ while 50% had experienced unauthorized access by insiders and 40% by outsiders. These figures are certainly not trivial and highlight a problem that is only increasing in its magnitude.

For many years now industry analysts have been saying that most threats originate within the network with estimates going as high as 80% of attacks originate internally. However, the perception of most organizations is that protecting the perimeter is paramount and that securing the internal network is only a secondary or even tertiary concern. This may be true since the most malicious attacks do come from the outside in many forms; DoS attacks, Viruses, Worms, SYN floods etc. and to make them even more difficult to detect many of the attacks are fragmented.

All of this means that securing the perimeter with intelligent security applications is still of paramount importance but no less important is securing the internal network to complement the security devices at the gateway. Some companies have started shifting their security budgets to a more balanced investment between the perimeter and the internal network and this should increase as more and more companies realize the threat from within. Simple, easy to use solutions that can run in the background and provide intelligent security threat alerts that can be acted on immediately either by individuals or by the solution itself is a step towards hermetically sealing networks both from within and at the perimeter. These types of solution are as necessary to have as a firewall or Anti Virus solution but they must be complimentary and have minimal financial overhead to an already tightly budgeted IT Security department to be cost effective.


Harnessing artificial intelligence to build an army of virtual analysts

PatternEx, a startup that gathered a team of AI researcher from MIT CSAIL as well as security and distributed systems experts, is poised to shake up things in the user and entity behavior analytics market.

Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.

Daily digest

Receive a daily digest of the latest security news.

Thu, Feb 4th