:: Home >> News >> March 14, 2006

IN THE NEWS...

In The News Archive >>

6 Factors That Endanger Internal Network Security & How to Prevent Them
March 14, 2006: PlanetMagpie IT Consulting Services
Written by: Robert Douglas

Your routers are in place. Your firewall’s configured. The users have passwords so secure, they’ll forget them each day and request password resets incessantly.

But what about the users themselves?

For over 50% of networks last year, the perimeter was the only line of defense against hacking and viruses. Over half of American businesses didn’t make the effort to secure their networks beyond closing off as much of the outside Web as possible. And that oversight is going to cost them billions.

Internal network security is potentially the biggest security issue of 2006. All the industry data is pointing to the same conclusion: watch the inside of your network as closely as you do the outside. Or else.

According to Aladdin Knowledge systems’ 2005 security reports, malware (viruses, Trojans and worms) cost the 2004 global economy somewhere between $169 and $204 billion dollars. 25% of all computers will have spyware on them by mid-2006. Between 2004 and 2005, phishing attacks (emails and IMs sent to lure users to dummy websites and enter their personal data) increased by 5,000%!

What this creates is a climate of insecurity inside company networks. One careless user can halt the whole company’s productivity. That’s the bad news. The good news is that the “ounce of prevention” rule still applies. Prevention or elimination of security holes caused by user activity is easy to do, and can usually be done without additional cost.

We’re going to address 6 major security areas that exist inside company networks. By and large they’re services businesses use every day, which only increases their likelihood of being targeted by a hacker or malicious code. Here’s how they can cause security problems.

1. Email: The big one. Spam and phishing attacks now account for anywhere from 75-95% of all corporate email traffic. Companies can install spam filters and virus scanners to protect business email accounts. But anyone can bypass all that protection by signing onto their Yahoo or Gmail account, effectively opening a tunnel into their network for spam or virus attacks.
   
   
2. IM: Security experts say that by now, instant messaging has surpassed email for online communications. While they’re convenient, IMs are also dangerous. Users now have to worry about “spim” (spam links sent over IMs) and phishing attacks sent to their IM accounts. IM is being used so much for attacking networks that IM security threats now double every 6 months.
   
   
3. Physical Access: Whenever a user walks away from their desk without locking their PC down, it creates a security hole. Unattended PCs are open for corporate theft. “Rogue users” can steal data off unattended PCs, accounting for anywhere between $60-120 billion dollars of damage a year. Even something as innocuous as saving some data off on a USB drive and taking it home to work on is dangerous. Taking data off-site can breach confidentiality agreements or privacy laws such as HIPAA. Off-site data is also much more likely to be stolen off a spyware-infected home PC.
   
   
4. FTP: FTP is one of the most direct routes inside servers. So when users have FTP access to their company’s servers, it creates a high security risk for that server. A user could potentially have access to an area on the server that they shouldn’t, or be able to get into an area that’s critically important to business function. Information is open for corporate theft in the first case. Deliberate sabotage, or simple carelessness, can bring down the whole network in seconds from the second one.
   
   
5. VPN: VPNs suffer from the same security issue as Webmail, since they’re in a sense the same thing - remote server connections. The system using the VPN to connect to your company’s network, if it’s been compromised or not adequately protected, can be an open invitation to hackers and malicious code.
   
   
6. New Hires: In a growing or high-turnaround business, new people coming and going constitute a significant risk for corporate theft and mismanagement of network resources. One-third of all employees steal from their employers, and 75% of the time, this theft goes undetected. We’re not just talking about pens and Post-Its here. Hackers have reportedly been hired at companies, stolen data from network segments they were unknowingly given access to, installed remote access trojans on their servers, and left.

Scary stuff. But it only drives the point home. Internal network security is as important, if not more so, than external network security. Fortunately, there are multiple potential resolutions for each of those 6 factors. Here are some solutions IT administrators can put into practice immediately to cut down on internal security threats.

1. Email: The most powerful security tool, when it comes to email, is education. Train users to understand the dangers of email viruses, file attachments, phishing tactics and the possible threats from using Webmail. Hire a specialized trainer to strongly convey the message, if you need to. Encourage everyone to use company email accounts only while at work. If Webmail-accessing users remain a problem, block the originating sites at the server. For corporate email, digital certificates afford privacy and encryption to all employee mail.
   
   
2. IM: Of course, blocking IM altogether is the safest tactic. But if your users need to use IM for any reason, your company should first standardize on one platform (MSN, AIM, ICQ, Y!). Set all IM clients to accept messages only from users on their contact lists. Block the ability to download files from IMs (this can be done within the client easily). Send out notices reminding users about not clicking on URLs sent by IM, and to keep their clients up-to-date.
   
   
3. Physical Access: Institute a standard hardware installation policy, so that all new computers lock down automatically after an idle period. If they’re not needed for other hardware, disable users’ USB ports to prevent USB drive use. Set up password regulations, such as frequent changes, character minimums, and alphanumeric/character combinations. Train your users to understand the necessity of securing their PC when they leave their desk.
   
   
4. FTP: If you haven’t already, disable anonymous access. Minimize the number of users with FTP access, and restrict their access levels solely to the areas they will use. Set login time limits to prevent forgotten connections hanging onto the FTP. Consider a second password or Kerberos authentication for critical applications accessible by FTP.
   
   
5. VPN: Consider installing personal firewalls, like the Windows XP Firewall or ZoneAlarm, on all systems going off-site. Configure VPN access to close ports not used. Disable Internet Explorer on company laptops taken off-site. Install Firefox, so popups cannot capture data or transmit spyware. Educate users about safe browsing habits. Scan all laptops that have been used remotely before you let them back into the company network.
   
   
6. New Hires: Centralize your account management and put someone in charge of that management program. Establish user access levels, either through the use of Access Control Lists (ACLs) or custom-designed resource listings. In the case of email, Microsoft Exchange Server is a good example of centralizing account management. It also makes high turnaround easier – remove one account from an ACL or Exchange, total elimination of that user’s security threat.

Though it was already mentioned, the benefits of educating users on how to prevent internal security breaches cannot be overstated. Security education like this is key to keeping your business up and running smoothly. Education on the services listed can help reduce the likelihood of their each being exploited.

User education should be a marked consideration in the company budget. Dedicate an employee to implementing internal security policy and educating users. If you need to, hire an outside consultant to install security procedures and manage user education through training sessions and reminders.

To help educate your users, we’ve included some additional tips to pass on. These quick reminders will help them participate in keeping your network secure.

• Don’t install unapproved software/get approval for any programs you need.
• Don’t turn off your antivirus for any reason. If you’re having a conflict, call support for help.
• Don’t send or accept files over IM. Don’t reply to any IMs from people not on your contact list.
• Don’t send personal emails from work.
• Avoid sending documents as file attachments to email. The recipient may have attachments blocked to avoid getting spyware.
• Be mindful of what documents you leave on your desk, and displayed on your monitor.
• When in doubt, call support.

Finally, don’t forget to let the users know you’re there. People don’t like bugging other people, even if there’s a legitimate problem. Tell your users regularly that they can (and should) come to you with questions or concerns about their PC use. Your network is only as reliable as its weakest part. And sometimes that weakest part is one of its users.

Pay attention to the internal side of your network this year. Vulnerabilities like the ones listed above are well-documented. Hackers, phishers and spyware-writers are aware of them, and will try to exploit them. It’s up to you to block their attacks.

...................................................

Contact PlanetMagpie to learn more about our expertise with internal network security for small, mid-market and enterprise sized businesses:

>> Network Security Services for Small Businesses

>> Network Security Services for Mid-Market Businesses

>> Network Security Services for Enterprise Businesses

PH: 408.341.8770
EMAIL: info@planetmagpie.com