How to prevent insiders destroying your network

BT's chief technology officer offers five tips to guard against the threat of employees sabotaging business networks.

By
published
in News

The threat of insider attacks has been highlighted recently with the case of Rajendrasinh Makwana, a software engineer who allegedly planted a "logic bomb" on US financial giant Fannie Mae's computer network after his contract was terminated.

If the malicious code had executed, court documents said it would have resulted in destroying and altering all of the data on all 4,000 Fannie Mae servers. It was likely the attack would have cost millions of pounds in damage.

Microsoft then warned companies to expect an increase in insider attacks by disgruntled, laid-off workers as the recession continued. Microsoft's Doug Leland told the BBC that malicious insider breaches were the greatest security concern.

The problem with malicious insiders is that they have access and an understanding of the system and security. They have access to corporate assets, and are already inside.

So what can businesses do about the problem? Graham Cluley, security expert at Sophos, said that as companies make people redundant, they need to manage their exits very carefully.

"Not only from a HR point of view, but also from an IT point of view because they may have had access to systems, passwords and methods to either get into your company physically or electronically which could cause you problems," he said.

Bruce Schneier, chief technology officer for BT, wrote on his blog about the insider problem. He said it was impossible to build a system without trusting people, but offered five techniques managers could use to prevent insider attacks.

1 - Limit the number of trusted people.

The fewer people that have root access to the computer system, the more secure it is.

2 - Ensure the trusted people are indeed trustworthy.

This might involve background checks, lie detector testing, or personality profiling.

3 - Limit the extend of the trust given to each person.

This would limit the amount of damage a single person can do. This could involve giving keys that only unlocks their office, or passwords that only unlock their account.

4 - Give people "overlapping spheres of trust".

The idea behind this is Defence in depth' a principle similar to giving two separate keys to launch nuclear missiles. It makes it much harder for an employee to defraud the system, because two people are needed to do anything.

5 - Detect breaches of trust and prosecute the guilty.

Trusted people will always be able to play the system which means that businesses need to publicly punish the attacker through the court system to provide a deterrent. Auditing is therefore vital in order to discover any breaches.

Latest
You might also like
View More ▸