As an outsource security partner BAI provides managed security, managed firewall, managed ids, content filtering, internet security, network security, penetration testing, and vulnerability testing.

With all of the recent press regarding the sharp rise in Internet-based external threats, is it any wonder that internal threats continue to be overlooked?  It is a fact that many companies today continue to focus the majority of their budgets and effort on “external” penetration and Denial of Service (DoS) risks.  Regardless of the source you will consistently find that the facts support how internal security breaches continue to lead external breaches by a significant majority.  In fact, the risk of “internal” attacks is very likely to rise in the coming year due to the growth, sophistication, and ease of use of hacking tools available on the Internet.

It has been common place for many years that security professionals would communicate the vulnerabilities of operating systems and network services, such as web, email, ftp, telnet, etc. to the public in many forms.  In order for would-be hackers or disgruntled employees to take advantage of these published vulnerabilities, it would require the individual to create application code or scripts after studying the notes of a select group of experts who originally discovered and documented the vulnerability.  Taking advantage of these security holes would require a level of knowledge beyond that of many common IT administrators and the very vast majority of non-technical individuals.  Hence, the most common threats from non-technical internal employees have mostly been limited to a matter of improperly managed permissions, weak authentication, and other administrative-level issues. 

Over the past year the number of pre-coded exploit applications has been on the rise.  The more sophisticated hackers are now writing and publishing applications that non-technical individuals can use on UNIX or Windows PCs.  These exploit applications can scan internal networks for vulnerable servers and then perform a specific exploit against the selected target.  The most common type of attack used by these new applications is DoS attacks that crash production servers with little or no way to track the source of the problem.  Crashing a server is a very significant issue since it not only affects productivity, but can also corrupt data causing integrity issues.  This is obviously a very serious issue and is rapidly becoming more common in today’s corporate environments.  The need for constant attention to security patches and fixes, as well as an increased need for internal auditing and/or intrusion detection systems is in order to combat this issue.

Internal auditing is one critical aspect of a security plan that can reduce the risk associated with these new attack tools.  However, many internal auditing projects, if they are being done at all, primarily focus on high-level policy issues like weak passwords, directory and file permissions, and disaster recovery procedures.  In many cases, it is only the external audits that commonly test for the actual operating system and network service vulnerabilities being exploited by this new age of hacking tools.  It is vital that the IT management that evaluates security auditing vendors be sure that internal auditing vendors provide a comprehensive analysis of the operating system and application vulnerabilities.  Without this analysis, these new risks to business continuance and data integrity may go undetected until they directly affect the bottom line.

Many managers assume that non-technical employees do not pose a significant risk to business continuance from an information security standpoint.  Unfortunately, because of the easy access to more sophisticated exploit tools that assumption is costing business today in terms of service outages and lost revenue.  Know your risks and remediation requires by performing an internal audit before your company becomes the next victim.