The worse of two evils -- Internal vs. external security threats
E. Eugene Schultz
What's your greatest security threat? Does it come from the outside, or is it internal? This tip, excerpted from Windows NT/2000 Network Security,
The relative susceptibility to insider- and outsider-originated attacks depends on many factors. Among the relevant factors are the following:
- Personnel security. Some organizations carefully screen all personnel (not only actual employees, but also contract personnel and consultants) before they are allowed access to computing systems, to determine whether their background is sufficiently unblemished to merit trust in them. Better yet, some organizations conduct personnel screening activities not once, but regularly throughout each person's career. Good personnel security substantially diminishes the threat of an insider attack.
- Policy. Having a policy that allows free, unrestricted access to network services generally elevates the proportion of outsider attacks. Policies that call for tighter security (especially network-based security) and that result in restrictions for dissemination of information about networks and the services therein help reduce outsider attacks in particular.
- Type and extent of connectivity. Organizations that do not allow Internet connectivity are, for example, less susceptible to outsider attacks than those that do. The same principle applies to modem dial-ins. Extensive internal connectivity (that is, numerous internal networks connected together), in contrast, increases the probability of internally initiated attacks.
- Network architecture. Networks that have traffic screening and security management barriers generally provide less opportunity for outsider attacks than do those that do not. Multiple entry points (as opposed to a single entry point) into a network are more conducive to outsider attacks.
- Intrusion detection capabilities. Deploying intrusion detection tools appropriately and taking the time to carefully investigate the data they provide can also affect the relative proportion of insider versus outsider attacks. Most of today's commercial intrusion detection tools are better at discovering outsider attacks. Most current attacks on networks and the systems therein do not occur at a single point in time; they often occur over a period of days, weeks and even months. Intrusion detection tools can help shut these attacks off by enabling an organization to discover an attack early, thereby enabling network and security administrators to change packet-filtering rules, disconnect target machines from the network, and take other evasive measures to prevent further, successful attacks. The overall result is less likelihood of outsider attacks (although insider attacks can also be reduced in a similar manner).
Related book Windows NT/2000 Network Security
Author : E. Schultz
Publisher : Macmillan Technical Publishing
ISBN/CODE : 1578702534
Cover Type : Hard Cover
Pages : 375
Published : July 2000
This book is intended primarily for LAN administrators, system programmers, information security staff and advanced users. Although the main focus of the book will be technical, many facets of Windows NT security involve practicing sound control procedures. As such, much of the book's discussion will be pertinent to all three groups. Windows NT/2000 Network Security will also thoroughly cover security-relevant technical issues such as controlling services protocols like Web-services and SMB. The book will be carefully sequenced to delve into technical issues increasingly with each chapter, so that the last half of the book will be more relevant to LAN administrators and system programmers than anyone else -- whereas the first half will be equally pertinent to all groups.
Did you like this tip? Why not let us know. E-mail us to sound off, or go to our tips page to rate this, and other tips.
This was first published in February 2001