Return-Path: <sentto-279987-5082-1027992564-fc=all.net@returns.groups.yahoo.com> Delivered-To: fc@all.net Received: from 204.181.12.215 [204.181.12.215] by localhost with POP3 (fetchmail-5.7.4) for fc@localhost (single-drop); Mon, 29 Jul 2002 18:33:08 -0700 (PDT) Received: (qmail 19905 invoked by uid 510); 30 Jul 2002 01:28:22 -0000 Received: from n33.grp.scd.yahoo.com (66.218.66.101) by all.net with SMTP; 30 Jul 2002 01:28:22 -0000 X-eGroups-Return: sentto-279987-5082-1027992564-fc=all.net@returns.groups.yahoo.com Received: from [66.218.66.95] by n33.grp.scd.yahoo.com with NNFMP; 30 Jul 2002 01:29:24 -0000 X-Sender: fc@red.all.net X-Apparently-To: iwar@onelist.com Received: (EGP: mail-8_0_7_4); 30 Jul 2002 01:29:23 -0000 Received: (qmail 88345 invoked from network); 30 Jul 2002 01:29:23 -0000 Received: from unknown (66.218.66.217) by m7.grp.scd.yahoo.com with QMQP; 30 Jul 2002 01:29:23 -0000 Received: from unknown (HELO red.all.net) (12.232.72.152) by mta2.grp.scd.yahoo.com with SMTP; 30 Jul 2002 01:29:23 -0000 Received: (from fc@localhost) by red.all.net (8.11.2/8.11.2) id g6U1VlP01284 for iwar@onelist.com; Mon, 29 Jul 2002 18:31:47 -0700 Message-Id: <200207300131.g6U1VlP01284@red.all.net> To: iwar@onelist.com (Information Warfare Mailing List) Organization: I'm not allowed to say X-Mailer: don't even ask X-Mailer: ELM [version 2.5 PL3] From: Fred Cohen <fc@all.net> X-Yahoo-Profile: fcallnet Mailing-List: list iwar@yahoogroups.com; contact iwar-owner@yahoogroups.com Delivered-To: mailing list iwar@yahoogroups.com Precedence: bulk List-Unsubscribe: <mailto:iwar-unsubscribe@yahoogroups.com> Date: Mon, 29 Jul 2002 18:31:47 -0700 (PDT) Subject: [iwar] [fc:IT.Nightmare:.The.Enemy.Within] Reply-To: iwar@yahoogroups.com Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit X-Spam-Status: No, hits=3.2 required=5.0 tests=RISK_FREE,FREE_MONEY,DIFFERENT_REPLY_TO version=2.20 X-Spam-Level: *** IT Nightmare: The Enemy Within <a href="http://www.newsfactor.com/perl/story/18778.html">http://www.newsfactor.com/perl/story/18778.html> NewsFactor Network July 29, 2002 The discovery that employees are attacking internal systems is a challenge because the majority of security monitoring is focused on the outside perimeter of the organization, not on the inside. All it took for Tim Lloyd to destroy more than 1,000 of his employer's programs was about a half-dozen lines of code. Lloyd, employed for 11 years by Stamford, Connecticut-based Omega Engineer Corp. as a network administrator, was convicted in May 2000 of doing US$10 million in damages to the company by deleting proprietary programs. While Lloyd maintains his innocence, his case represented one of the first federal prosecutions of computer sabotage. Such a situation is every business' worst fear: that employees could betray their trust and attack their computer systems from the inside. "In most organizations, there is the genuine desire to trust your employees. It's just easier to deal with the world if you think you can trust them," Eric Hemmendinger, information security analyst at Aberdeen Group, told NewsFactor. "But that is not always the case." Outside Threats Outpace Internal While internal sabotage is a potential problem that will exist as long as companies have employees, there is evidence that although the incidence of insider attacks has increased this year, attacks originating from the outside still pose a greater threat. A 2002 Computer Security Institute (CIS) survey, released by that organization in conjunction with the Federal Bureau of Investigation last April, showed that among 502 organizations surveyed, 64 percent faced some type of insider attack on their computer systems in 2002, compared with 59 percent in 2001. Of the respondents, 72 percent came under fire from outsider attacks in 2002, up 10 percent from 2001. Last year was the first time, according to the survey, that outside attacks eclipsed internal threats. Threats Equalizing? "In the history of information security up until the present, it's generally been acknowledged that the inside threat is the worst threat, or [the one] most likely to cause you some serious trouble," Ryan Russell, senior threat analyst at SecurityFocus, told NewsFactor. "It could be that recently the outside threat has gotten bad enough that they may be equalizing, but the inside threat is still very significant," he added. The CIS survey measured such insider areas as theft of proprietary information, sabotage of data networks and unauthorized insider access. Detection Still Difficult Russell told NewsFactor that for most companies, the discovery that employees are attacking internal systems is a challenge because the majority of security monitoring is focused on the outside perimeter of the organization, not on the inside. "The insiders best know how to take advantage of problems, and probably best know how to hide themselves," said Russell. But he noted that once internal intruders have been caught, they are easier to deal with if damage has not been too severe. "For most companies, it's a whole lot easier than trying to bring legal action against someone external to the companies," he explained. However, the problem, according to Symantec (Nasdaq: SYMC) Research Labs chief architect Carey Nachenberg, is that insiders can often wreak more havoc on systems than outside hackers. "Many of the outsider attacks are computer worms, blended threats and viruses, which aren't targeted at any particular system or at the crown jewels of the organization," Nachenberg told NewsFactor. "Insiders have the potential to do a lot more harm." Prevention Possible Some level of protection is possible, according to Russell. Particularly effective is use of a firewall or scanner that can be "turned inward" and applied throughout a company. "For example, you may want to have [a security device] running on that portion of your network that controls your HR information or your financials. That way, you have some idea when someone is poking around," Russell said. Nachenberg said he believes standard policies on password creation, termination of old accounts and network sniffers can help alleviate risk, as can implementing internal database security measures -- because databases typically are not well protected. Forecast Bleak Nachenberg predicted that threats from outside sources will do more than persist -- they will likely increase beyond internal threats as more mission-critical systems go online, as hacking tools become more readily available, and as hackers become more familiar with their targets. "My guess is that external threats are going to play an increasingly critical role, even more so than today," said Nachenberg, noting that computer networks that regulate power and water are currently major targets. "The risk to our national infrastructure is tremendous due to blended threats, which can spread extremely rapidly and potentially cause massive distributed denial-of-service attacks," he said. ------------------------ Yahoo! Groups Sponsor ---------------------~--> Free $5 Love Reading Risk Free! http://us.click.yahoo.com/NsdPZD/PfREAA/Ey.GAA/kgFolB/TM ---------------------------------------------------------------------~-> ------------------ http://all.net/ Your use of Yahoo! Groups is subject to http://docs.yahoo.com/info/terms/
This archive was generated by hypermail 2.1.2 : 2002-10-01 06:44:31 PDT