Behind the Firewall - The Insider Threat, Part 2 - Page 2


Common methods (continued)

  • File sharing - Trust in file sharing is a very exploitable habit that attackers often take advantage of. Many Peer-to-Peer (P2P) programs today contain "spyware". Spyware allows the author of the program, and other network users, to see what your employee is doing, where they are visiting on the Internet, and even use your employees computers resources without their knowledge. Employees must be informed and responsible downloaders, staying wary of suspicious files that might be infected.
  • Instant Messaging (IM) and Internet Relay Chat (IRC) - Employees who use IRC and IM services should know about ploys that might be used to lure them into downloading and executing malicious software that would allow an intruder to use the systems as attack platforms for launching distributed denial-of-service (DDoS) attacks.
  • Request for information - Attackers will not always try their tricks over the computer. Sometimes they also try to make contact with your insiders over the phone or in person. An attacker might call an insider and imitate someone in a position of authority or relevance with an urgent need for information, and try to get that information out of the user. Help desk employees often are subjected to social engineering tactics and should be especially aware of this tactic. Employees should be made aware that if anyone asks them for their passwords, or any other sensitive information, to proceed with the greatest amount of caution possible.

Start an "office watch" program

Consider creating an internal office watch program similar to the idea of a neighborhood watch. If you set up an open atmosphere that encourages employees to be aware and report suspicious activity, it will be easier to get a handle of potential problems before they turn into real trouble. Encourage your employees to:

  • Report suspicious behavior such as shoulder surfing, or unauthorized people using a PC they shouldnt have access to.
  • If they are contacted by anyone seeking unauthorized access to information, report it to a security manager or other authorized personnel.
  • Approach a security manager or other designated person with their security concerns rather than discussing it with their co-workers.

Next page: Building awareness is key