As an outsource security partner BAI provides managed security, managed firewall, managed ids, content filtering, internet security, network security, penetration testing, and vulnerability testing.

Even with the growth of Spyware and the increasing sophistication of WORMS and viruses, the biggest source of unauthorized access is still from within.  According to Gartner, more than 70% of unauthorized access is done by your own employees.

Obviously the importance of due diligence regarding internal assessment and the use of proper protection mechanisms is still critical.  In this article, BAI Security shares some of the most common threats as identified by assessments performed over the past 3 months.  In addition, we’ll provide some high-level advice on how to protect your environment from these threats.

Discussion Boards and Blogs

The use of discussion boards and blogs is becoming very common today.  Internal users can easily post sensitive information and file attachments that put your organization at risk. 

What do to:

Implement HTTP monitoring filters to identify key terms and create alerts to notify appropriate personnel.  This method is not effective for SSL-based communications (HTTPS), as the traffic is encrypted.  However, there are services such as Google Alerts www.google.com/alerts that can scan the Internet for your keywords in websites, newsgroups and alike. 

You may even choose to limit access to discussion boards and blogs by using Web Category Filtering systems that categorize websites and allow you to block based on the type of site accessed.

Remote Access

Naive internal employees attempting access to unauthorized data, systems, and alike still believe that if they are off-site, they are less likely to be caught.  In addition, laptops can end up in the wrong hands and have remote access software used by a legitimate employee.  In either case, remote access is high on the list of risks commonly found in various organizations today.

What to do:

·         Limit remote access to only those users who really need it and immediately disable and/or remove accounts in conjunction with termination. 

·         Implement audit trails on file access for remote users and publish the fact to the user base that the policy is in place. 

·         Limit the servers, systems, directories, and files that a remote user can access.  Far too many remote access implementations allow for full access to the network.

·         Where possible put restrictions on the time of day users can access the system remotely.

·         Consider two-factor authentication systems such as secure cards.

 Distributing Sensitive Information via Instant Messaging & Email

It is not uncommon for internal employees to transfer sensitive information via standard email clients (including unencrypted POP3), as well as Instant Messaging.

What to do:

Using content filtering products or outside services to monitor email content is growing in popularity and for good reason.  The process helps protect companies from unknowingly allowing sensitive information to leave the company without authorization.  The filters can either notify appropriate personnel or block the communication altogether.

Peer to Peer (P2P) Networking

Many people have heard of programs such as Kazaa, Limewire, and other file sharing programs.  These programs are used to share MP3 music files, videos, software, and just about any other type of file.  What many IT managers and executives do NOT realize is that these programs are running within the organization on production PCs. 

This is just another way that sensitive information can be extracted from the environment in a relatively anonymous manner.  The P2P software can be setup on the inside and set to share entire directories of corporate files to the public.

What to do:

It’s hard to imagine why any company would allow such programs as a policy considering the risks, so make it policy that they are not allowed.  Identify specific default ports used by these programs and scan the network for active instances of them.  Ideally, it would be best to implement network monitoring tools that identify and block the traffic, as the default ports used by these programs can be changed in most cases to get around firewalls.

Wireless Networks

We’ve heard it many times – “we don’t have wireless networking in our production environment”.  With common inexpensive testing tools we walk the halls and sure enough… an unsecured access point(s) happens to show up.  We’ve even caught external users connected to these rouge access points from outside the company in nearby locations.

While not exactly related to our “from within” topic today, another lesser-known wireless risk is the public wireless networks in coffee shops and some restaurants.  These public networks can be monitored by others participating on the same wireless network.  Unencrypted traffic between your remote employee and the company email system, FTP file sharing, internal systems, etc is then viewable by others by using freeware traffic capturing utilities off the Internet.

What do do:

·         Be sure to manually scan your networks for rouge access points on a regular basis.

·         Implement network monitoring programs that identify all computers in the network and look for non-standard computer names and/or new unauthorized systems.

·         Always require encryption between remote users and internal system to minimize the possibility of the traffic being captured between your remote employee and the home office.

As a Managed Security Service Provider (MSSP), BAI Security assists companies every day to solve these and any other challenges.  Contact us today to further discuss the array of solutions we offer to mitigate your security risks.