Internal theft and sabotage can hit companies hard in many ways, It should be clear that companies need to monitor insiders as aggressively as they do outsiders. However, policing insiders can prove challenging given the privileged access they require to do their jobs. Here are the five most common methods insiders use to access network resources and simple measures enterprise IT can take to protect against the implied threats.
1. Modems. A lack of central management combined with easy-to-guess static passwords make modems an ideal entry point for insiders with detailed knowledge of a network. Many companies have tried to address this challenge by simply unplugging modems until needed. However, unplugging modems makes it impossible to use them for their intended purpose, namely remotely restoring critical systems in times of emergency or outage
2. Open file transfer. Most organizations use open file transfer to patch network infrastructure. Internal technicians and vendors use this poorly secured, unrestricted access to troubleshoot, apply appropriate fixes and correct problems. However, they also can misuse this freedom to change files, remove critical components or disrupt systems, resulting in nonoperational systems, Web site defacements, data theft and other damaging situations.
3. Open telnet and SSH ports. Companies that use third parties to remotely access and troubleshoot systems should properly secure or close telnet and SSH ports. Without these protections in place, all a remote technician needs is a single internal IP address to get anywhere on your network without your knowledge.
4. Server console ports. Technicians frequently connect to serial console ports, very often on routers and Linux/Unix servers. To provide scalable access, companies will typically connect to serial console ports using terminal servers. However, terminal servers, by default, offer minimal security.
5. Unmonitored extranet traffic. Extranets provide a convenience for companies, allowing them to open their networks to vendors, customers and partners to support real-time collaboration. Extranets (for example, IPsec, SSL, remote desktops) work reasonably well when the number of systems to be shared with outsiders is small and the authorization level on those systems can be tightly controlled. However, typical extranets, where access to many systems is required or where high-level authorization must be granted, can be problematic. Often, too much access is granted inadvertently, and activities cannot be closely monitored and controlled. As opposed to typical extranets, vendor access and control systems offer the extra layer of control needed to prevent sabotage and data theft.
Source: Computerworld, By Bill Whitney and Tara Flynn Condon