Focus on internal security

In their annual joint security survey, the CSI (Computer Security Institute) and the US Federal Bureau of Investigation (FBI) reported that during the year 2000, almost 80% of network abuse and security breaches occurred within the companies surveyed, rather than through external hackers. eTech Securities' Steve Crutchley discusses straightforward methods to tackling internal network security.

  • E-Mail
By  Jon Tullett Published  July 7, 2001

Internal Security|~||~||~|Focus on internal security

eTech Securities' Steve Crutchley discusses straightforward methods to tackling internal network security.

In their annual joint security survey, the CSI (Computer Security Institute) and the US Federal Bureau of Investigation (FBI) reported that during the year 2000, almost 80% of network abuse and security breaches occurred within the companies surveyed, rather than through external hackers.

Of the participating companies that could quantify a financial loss due to security breaches, a total of more than $265 million dollars was reported. Almost 90% of the companies surveyed admitted to being hacked, yet only 25% of those reported that they had been hacked externally.

These figures point to the growing need around the world, and especially here in the Middle East, for a greater awareness of the importance of internal network security strategies.

One of the very common security breaches that we observe in the Middle East is the internal sharing of e-mail and network passwords. Executives may ask their assistants or colleagues to access e-mails or other information for them without realizing the inherent security risk they are taking. Many IT companies in the US have deemed such password sharing to be grounds for dismissal after confidential company information has been lost or stolen this way.

A combination of common sense and security technology can be combined to develop a strategy to safeguard your internal network. Before investing in internal network security technology, an important first step is gaining a comprehensive view of exactly what your internal network contains.

Security professionals can assist you with scanning your entire TCP/IP network, and list all active hosts, identify types of systems attached to the network, show the services being offered and uncover routes to external networks and users.

Once you have a clear idea of your network contents, it's a good idea to then conduct an internal intrusion test and analysis to identify both your security vulnerabilities and strengths of your internal network. This type of testing and analysis points to holes in your security that could be exploited by internal users. Simulated attacks can demonstrate how a disgruntled employee or an authorized visitor with standard access privileges can navigate your internal network.

To enable a thorough review of your internal network security strategy, it's a good idea to seek out the following:


  • Server operating system and application vulnerabilities

  • Protocol and network infrastructure vulnerabilities

  • Excessive or inappropriate user privileges

  • Internal controls and procedures

  • Internal "intra-walls" separating sub-networks

  • Configuration errors and outdated software versions with widely known vulnerabilities.

Protecting your organization from internal network security breaches is, as with all security strategies, an ongoing task. Some of the safeguards that you can implement are:


  • Create a security policy manual that encompasses your internal network.

  • Implement access controls, keeping the following in mind:

    • Users should only be given rights to directories they need to do their jobs. If a user needs temporary access to a directory, the access rights should be removed when the job is completed.

    • Files containing confidential or sensitive information should be restricted to a minimum number of users.

    • The network administrator should review system accounts on regularly and delete any accounts that are no longer required.

    • Users authorized to enter sensitive transactions or who perform sensitive and/or confidential work should be restricted to a specific workstation, preferably located in a restricted area.

    • Restrict user access to business hours only, especially for those users who are authorized to access and use sensitive and/or confidential data.


  • Develop sign-out procedures for notebooks and other collateral including network drives and repair disks.

  • Create strict password policies, and put measures in place to prevent employees from sharing passwords, even for the sake of convenience. Require periodic password changes, and limit the number of unsuccessful log-in attempts.

  • Implement intrusion detection software that alerts you when your internal network has been breached.

  • Secure your network server in locked premises and equip it with an uninterruptible power source (UPS).

While all of these methods are not foolproof, they can reduce the risk of intrusion and abuse of your internal network.

||**||

Add a Comment

Your display name This field is mandatory

Your e-mail address This field is mandatory (Your e-mail address won't be published)

Security code