Today's state-of-the-art network security appliances do a great job of keeping the cyber monsters from invading your business. But what do you do when the monster is actually inside the security perimeter? Unfortunately, all of the crosses, garlic, wooden stakes, and silver bullets in the world have little effect on today's most nefarious cyber creatures.
Here are the top 10 ways your network can be attacked from inside and what you can do to insure your business never has to perform an exorcism on your servers.
[ Windows 7 is making huge inroads into business IT. But with it comes new security threats and security methods. InfoWorld's expert contributors show you how to secure the new OS in the "Windows 7 Security Deep Dive" PDF guide. ]
1. USB thumb drives: Believe it or not, USB drives are actually one of, if not the most, common ways you can infect a network from inside a firewall. There are several reasons for this; they're inexpensive, small, hold a lot of data and can be used between multiple computer types. The ubiquity of thumb drives has driven hackers to develop targeted malware, such as the notorious Conficker worm, that can automatically execute upon connecting with a live USB port. What's worse is that default operating system configurations typically allow most programs (including malicious ones) to run automatically. That's the equivalent of everyone in your neighborhood having an electric garage door opener and being able to use it to open everyone else's garage doors.
What to do: Change the computer's default autorun policies. You can find information on how do that within Windows environments here.
2. Laptop and netbooks: Laptops are discreet, portable, include full operating systems, can operate using an internal battery and come with a handy Ethernet port for tapping directly into a network. What's more, a notebook may already have malicious code running in the background that is tasked to scour the network and find additional systems to infect. This notebook could belong to an internal employee or guest who's visiting and working from an open cube or office.
Beyond infected laptops compromising an internal network, it's important to think about the laptops themselves. All companies have some forms of sensitive information that absolutely cannot leave the walls of the building (salary information, medical records, home addresses, phone numbers and Social Security numbers are just a few obvious examples). It becomes very dangerous when that information is stored on an unsecured portable computer, as they are easy to walk off with. We've seen numerous, publicly disclosed instances of notebooks with sensitive data that have "gone missing." Unless the laptop employs a tough encryption algorithm, data is often easy to recover from any given file system.
What to do: Implement an encrypted file system for sensitive data. There are a number of off-the-shelf solutions out there to choose from, along with open source ones such as TrueCrypt. Control over endpoints that enter and exit the internal system is also important. Sensitive information, such as VPN, DV and Wi-Fi access should not be stored persistently on devices such as laptops or netbooks.