5 ways insiders exploit your network
And what you can do to protect it.
By Bill Whitney and Tara Flynn Condon, Network World | Techworld | Published: 12:00, 13 May 2008
It is dangerous to assume that remote technicians have limited knowledge of your IP addressing schemes, as it is possible the same technician has worked on site at your facility. Also, infrastructure equipment often shares one easily guessed password, making it simple for an insider to access unauthorised equipment.
As a standard practice, it is recommended that companies restrict third-party access via telnet or SSH to systems beyond the typical scope of their services, unless the session is recorded or actively shadowed by a member of your team. Alternatively, many organisations use intermediary systems to create a proxy for these sessions, adding the needed level of control and tracking.
4. Server console ports. Technicians frequently connect to serial console ports, very often on routers and Linux/Unix servers. To provide scalable access, companies will typically connect to serial console ports using terminal servers. However, terminal servers, by default, offer minimal security. By gaining access to a single terminal server, an insider can access and potentially disable thousands of systems. As such, it is recommended that companies regularly review terminal server security capabilities and place security devices outside the console ports of systems hosting sensitive data (for example, financial records, customer data and human resources information).
5. Unmonitored extranet traffic. Extranets provide a convenience for companies, allowing them to open their networks to vendors, customers and partners to support real-time collaboration. Extranets (for example, IPSec, SSL, remote desktop) work reasonably well when the number of systems to be shared with outsiders is small and the authorisation level on those systems can be tightly controlled.
However, typical extranets, where access to many systems is required or where high-level authorisation must be granted, can be problematic. Often, too much access is granted inadvertently, and activities cannot be closely monitored and controlled. As opposed to typical extranets, vendor access and control systems offer the extra layer of control needed to prevent sabotage and data theft.
While many third-party providers are trustworthy, it is risky to make that assumption. Regardless of whether employees and/or third-party providers access your network, human motivations remain the same. With any insider, there is the prospect of misuse, possibility of mistakes, and opportunity for theft. Increased awareness combined with a few protective measures can reduce the risk.
Whitney is CTO and co-founder of Ion Networks. He can be reached at firstname.lastname@example.org.