Nsauditor Network Security Auditor - Advanced All-In-One Network Tools Suite!
  Recommended Product
Network Security Audit Software
Network Security Audit Software and Computer Security Tools
  Learn More
 
 
  Network Security Software
Network Bandwidth Monitor Network Bandwidth Monitor
NBMonitor tracks Internet bandwidth usage (upload and downloads) and shows process names initiated network connections...
Network Hardware Inventory Software Network Hardware Inventory Software
Nsasoft Hardware Software Inventory is a powerful network inventory software for home, office and enterprise networks...
BlueAuditor Monitors Mobile Devices in Wireless Network BlueAuditor Monitors Mobile Devices in Wireless Network
BlueAuditor is a wireless personal area network auditor and easy-to-use program for detecting and monitoring mobile devices in a wireless network...
Network Access Monitoring Network Access Monitoring
ShareAlarmPro allows easily perform network shares and folder monitoring, block unwanted users attempting to access secured shares...
Network Shares Monitoring Network Share Watcher
Monitors network folders permissions and identify shares which are violating company data access policy...
NetworkSleuth Network File Search Utili NetworkSleuth Network File Search Utiliy
NetworkSleuth is a network file searching utility, that allows you to quickly locate files across a network....
Product Key Finder Product Key Finder
Product Key Explorer enables you to quickly recover over 3000 popular software product keys from network computers...
Backup Key Recovery Crashed Drive Keys Recovery Backup Key Recovery Crashed Drive Keys Recovery
Backup Key Recovery retrieves product keys for Windows, MS Office, SQL Server, Adobe products and more than 2500 popular software products...
 
 

Network Security News

How To Prevent IT Sabotage Inside Your Company

Aug 19, 2011 | ITNews.com

Preventing external attacks to IT systems is a huge and critical task for most companies, but what are businesses doing to stop similar attacks when they come from within? That's a question that more companies should be asking themselves as internal IT sabotage cases regularly hit businesses hard, causing big monetary losses and often knocking companies offline for days or weeks.

Earlier this week, a 37-year-old former IT staff member for the U.S. subsidiary of Japanese drug company, Shionogi, pleaded guilty to remotely infiltrating and sabotaging the company's IT infrastructure this past February. The damage scrambled the company's operations for days and cost Shionogi more than $800,000 in damages, according to IDG News Service.

The former employee, Jason Cornish, logged in to the network using a hidden virtual server he had previously created, then wiped out the company's virtual servers one by one, taking out e-mail, order tracking, financial and other services, according to IDGNS and court filings. IDGNS also reported that Cronish's former boss at Shionogi refused to turn over network passwords and was eventually fired.

IT security analysts say that incidents like this should be clear reminders that companies need to be working harder to fight back against such attacks on a regular basis using basic security steps and common sense. It is key to remember that intrusion threats can come from within your corporate walls at any time, not just from outside your firewalls.

"The thing to do is to try to separate the duties out so that anything that happens would require collusion between more than one person to perpetuate fraud or do damage," says Pete Lindstrom, an analyst with Spire Security. "The way you separate this is to have proactive steps and a logging or monitoring system that will record activity to other systems. It generates their tracks."

The challenge, Lindstrom says, is that IT insiders are often experts in their departments and they know how to work around such protections. "At this stage, it's a tricky game. A really clever attacker can do a lot to hide himself."

In addition to maintaining a separation of duties, it is important to really know who your company is hiring to take on critical IT tasks. "Certainly you should be doing background checks," Lindstrom says. "If you knowingly hire someone who has a history of hacking that's a risk you need to know about."

Companies should also work hard to limit the use of IT administrator accounts that are shared between several people, he says. "It's where you can run into problems," Lindstrom says. "You should try to minimize that. Try to convince administrators that they don't really want the responsibility of all this access because every cop knows that every crime is an inside job and if something happens, they'll be an early suspect."

Clearly delineating which IT staff members have specific privileges and responsibilities is crucial to preventing inside attacks, Lindstrom says.

Dan Twing, president and COO of analyst firm Enterprise Management Associates, says several important steps can be taken by companies to guard against internal sabotage before it occurs:

1. Create and maintain good documentation for networks and resources used by broad parts of the IT department. That means having tightly-controlled records for passwords and access points, as well as clear documentation for the systems infrastructure from top to bottom, on-premises and off-premises. "There's just so much that isn't documented by IT departments," he says. "Some IT people don't write things down so they can be the hero in an emergency and swoop in to fix things, or they are too lazy to document things and they think that makes them indispensable."

2. Maintain "super administrator" access where possible so your company can maintain the highest level of control over your systems to prevent infiltration. Be sure that this is clearly documented and is controlled by only a few senior and trusted people in your organization.

3. Have fast and clear change procedures for administrative passwords so that no worker can make system changes once they leave the company. If they need access for something, they can be given compartmentalized access which can be overseen by other trusted IT team members so they can do their work separate from the production environment. "The more of this that you do, yes, you are slowed down a bit, but you gain control," Twing says. "There's always a trade-off."

4. Use IT tools that allow you to set thresholds and alerts when there are unexpected activities inside the network to aid in the detection of possible sabotage events. "Remember that you need to be monitoring internal processes and systems as much as you are monitoring your perimeters to keep hackers out," he says. "At least you can stop something internal before it becomes big. Don't just assume that your external perimeter is the only place where bad things can happen."

Andrew Walls, a security analyst with Gartner, says the critical balance in all of this is ensuring that your IT people have the needed powers to get their jobs done while also setting limits to their overall control over the systems.

"Many organizations have this idea that IT is this arcane world and that the wizards who reside there have to always be trusted," Walls says. "That idea went away a long time ago. The same rules that govern the rest of your company's staff have to apply to your IT staff."

In the recent Shionogi case, Walls says it is ironic that the former IT worker used licensed IT tools to cause the harm from within the company. That could have been avoided if his network access had been removed immediately, within 20 minutes of his departure from the company, Walls says. "In no uncertain terms, if you terminate a person from their employment, their access must disappear immediately, not in five or 20 hours. In many organizations, they actually start removing access privileges before the person is even gone. That's what enabled this whole attack."

In the Shionogi case, Cornish had resigned after an ongoing dispute, but the company hired him back as a contractor so he could finish a project for them, according to IDGNS. That might have been a fatal mistake, Walls says.

"I worry about an organization that says 'we don't like what this guy is doing so we're going to turn him into a contractor and then allow him to keep access,'" Walls says. "If someone can't be trusted, they shouldn't have access to your environment. What happened here to enable this to go on was that their user provisioning lifecycle was not handled well. If your system is so complicated that you cannot replace one member of your team quickly, then you have a bigger problem."

One simple way to help prevent such problems, Walls says, is for business executives and the IT staff to actually get to know each other better so they work as a team and not as separate worlds.

"The business manager needs to have personal relationship with their IT managers and know them on a first name basis," Walls says. "They need to talk with them regularly. A business needs to know when an IT person is going off the rails and the only way to do that is to have personal relationships and know each other. IT people shouldn't be treated as a 'geek squad' at a separate table but as part of the company and part of the team."

View more news

 
  Most Popular Articles
 
 
  Popular Searches
network security magazine network security auditor network security news network security software corporate network security network security systems home network security product key finder password recovery software Network Bandwidth Monitor Network Access Monitoring data access policy monitoring remote shutdown Network File Search key recovery Network Monitoring Computer Security Ethical Hacking Network Security Network Inventory Software Information Security
 
 
  Partner Sites
Network Security Auditor
Nsauditor is a complete networking utilities package that includes more than 45 network tools and utilities for network auditing, scanning,network connections monitoring and more. For more information, please visit:
www.nsauditor.com


Password Recovery Software
SpotAuditor is All-in-one password recovery program that offers administrators and users a comprehensive solution for recovering passwords and other critical business information saved in users' computers. For more information, please visit:
www.password-recovery-software.com

Product Key Explorer
Product Key Explorer quickly recovers and displays product key, including Windows 7 keys, Windows Vista key, Windows XP product key, Microsoft Office 7 product key, MS office 2010 key, Adobe Photoshop, Adobe CS5, CS4, CS3, SQL Server, Electronic Arts games and more than 3000 popular software products:
www.product-key-explorer.com/