The Insider

Most of this chapter so far has focused on automated tools such as viruses, worms, and spyware. Because these threats have grabbed the majority of headlines over the past few years, they received the majority of the focus in this introductory material. Viruses, worms, and spyware do not, however, represent the majority of potential security problems on a given infrastructure. In addition to them, there are many others, not the least of which are those caused by the insider.

An insider is a person who has some level of permission on the protected network. Insiders either work for a company and are therefore trusted on its network or are a member of your family at home and are therefore trusted on your home network. They are on the inside. Many security managers focus strongly on outside threats and ignore the real threat of the insider. The insider already has the type of privilege that an outside attacker desires. They are already positioned to steal or do direct damage to an infrastructure.

Some insiders, such as disgruntled employees, cause damage or breaches in security will-fully. Examples of an insider attack include willful destruction of data, data theft, and password theft.

Others, however, with the purest of motivation and believing they have the company s interest at heart, cause damage or breaches by nothing more than ignorance or carelessness.

They may write their passwords down on sticky notes and leave them where others can find them, dispose of confidential information in a nonsecure manner, or unwittingly download Trojan horse files from the Internet that create back doors for hackers.

The network security manager must be just as aware of and vigilant against these insiders as against the outside attacker. These insider issues are far more difficult to detect and prevent than the more well-known and obvious ones. As with the other attacks discussed in this chapter, it is the behavior of the systems under attack that makes them vulnerable.