Insiders

Insiders are users who are authorized to have access to the system and perhaps the application and the data. Since the inside hacker is already on the system, you must monitor what he takes from the system. Data can be copied from the system by electronic means, such as copying a file to systems outside the company. This can be accomplished using FTP or e-mail. Connections that go outside the company should be logged by the firewall as to who made the connection, where the connection was made, and what quantity of data was transferred. This should include e-mail. An employee who e- mails a 500-megabyte message to a competitor might be considered suspicious. Data can also be copied from the system through physical means, on printouts, or removable media. Today gigabytes of data can fit into your pocket. This is why access to removable media and proper data handling procedures are so important.

Users should not be given free rein on a system; their access should be only through applications, where possible. User access should be restricted as much as possible. This can generally be done through the correct use of permissions. Employees must be taught to look at computers as tools just as they look at a telephone or typewriter. The company must make available the tools which its employees need to do their jobs. However, a company does not need to make services available to an employee that are not needed for his job. Restricting unnecessary services will limit the possible exposure that could come from the misuse of the service. Companies may have the right to monitor their employees . However, the company must maintain the correct level of monitoring. Job function, responsibilities, and years with the company all affect the level of monitoring that is appropriate.

To protect a system from someone who is a valid user on the system, you must set up an integrity check to validate the integrity of the system and the information on the system. You will also need to monitor activities to be sure there are no unauthorized processes running on the system.

The company needs to make the tools which the users need available to them so they will not go elsewhere to get them. Centralized servers with downloadable software can help maintain consistency among distributed systems, keeping all the software on the systems up to the same version. Using desktop machines that do not have removable media will limit your exposure to unauthorized software being brought onto your system and to having information removed from the system.