[go: up one dir, main page]
More Web Proxy on the site http://driver.im/ skip to main content
research-article
Open access

The Insider, Naivety, and Hostility: Security Perfect Storm?: Keeping nasties out if only half the battle.

Published: 01 June 2004 Publication History

Abstract

Every year corporations and government installations spend millions of dollars fortifying their network infrastructures. Firewalls, intrusion detection systems, and antivirus products stand guard at network boundaries, and individuals monitor countless logs and sensors for even the subtlest hints of network penetration. Vendors and IT managers have focused on keeping the wily hacker outside the network perimeter, but very few technological measures exist to guard against insiders - those entities that operate inside the fortified network boundary. The 2002 CSI/FBI survey estimates that 70 percent of successful attacks come from the inside. Several other estimates place those numbers even higher.

References

[1]
1. Power, R. 2002 CSI/FBI computer crime and security survey. Computer Security Issues and Trends VIII, 1 (Spring 2002).
[2]
2. Hayden, M. V. The Insider Threat to U. S. Government Information Systems. Report from NSTISSAM INFOSEC /1-99, July 1999.
[3]
3. Ferrie, P., and Lee, T. Analysis of W32.Mydoom.A@mm; http://securityresponse.symantec.com/avcenter/venc/ data/[email protected].
[4]
4. Bridwell, L., and Tippett, P. ICSA Labs 7th Annual Computer Virus Prevalence Survey 2001. ICSA Labs, 2001.
[5]
5. See, for example, Microsoft Security Bulletin MS03- 050, Vulnerability in Microsoft Word and Microsoft Excel Could Allow Arbitrary Code To Run: http: //www.microsoft.com/technet/security/bulletin/MS03- 050.mspx; or MS03-035, Flaws in Microsoft Word Could Enable Macros To Run Automatically: http://www.microsoft.com/technet/security/bulletin/ MS03-035.mspx.
[6]
6. Dos Santos, A., Vigna, G., and Kemmerer, R. Security testing of the online banking service of a large international bank. Proceedings of the First Workshop on Security and Privacy in E-Commerce (Nov. 2000).
[7]
7. Sophos Corporation. Top ten viruses reported to Sophos in 2003; http://www.sophos.com/virusinfo/ topten/200312summary.html.

Recommendations

Reviews

George Michael White

Troy was taken from the inside. The story of the Trojan horse, known to us for more then two millennia, has endured for a long time. It tells of a universal threat, that of attack from inside the walls. Network administrators have long been exposed to threats to their networks from viruses, Trojan horses and the like. These attacks can cripple networks, and, in their most virulent forms, can destroy files, databases, programs, and other computer resources, causing many millions of dollars worth of damage while damaging corporate reputations and compromising confidential customer data. The brief report discussed here examines the threat of internal attack on a corporation's computer resources from internal sources, mostly those sources that have been allowed to pass through the corporation's firewall defenses. "The issue is trust," as it says in the opening paragraph, trust that is either explicitly granted or which has been naively not withheld. The authors quote a report that states that some 70 percent of successful attacks come from the inside. This is not to say that the problem lies with inside collaborators, but, rather, that the attacks are launched by intruders who have been extended trust, and who have used this trust to launch their attacks. Integrated systems, such as those based on component object model (COM) or common object request broker architecture (CORBA), explicitly create trust relationships with components that reside on different computers. If one of these components is accessible to modification by a hostile agent, the component can be altered to wreak havoc on the entire system of which it is a part. Email can be designed to look trustworthy by using the address of a trusted correspondent, and can be embedded with a malicious attachment. The opening of this attachment by the unsuspecting recipient will cause the damage. The incorporation of unwanted actions in Microsoft Word, automatically launched through a macro incorporated into a document, is another example. Defense against this type of insider attack is difficult. The attacker may have a different objective than the one being used by the defender. Thus, attackers may not be attacking a specific online bank account. They may be attacking any bank account they can gain access to, or, perhaps, be attacking the bank itself. Thus, a defense that works against a brute force targeted at a specific account is unlikely to succeed against an attack on any random account for which the attacker can guess the personal identification number (PIN). If the goal was to deny access to any account at a bank, the defense may be completely counter-effective. After identification of an attack and an analysis of its nature, security mechanisms can often be cobbled together after the fact. The concepts of complete trust and mitigated trust are subtle, however, and are not easily added on if the system was not designed with these distinctions in mind. Some specifications for the implementation of specific actions in software have been published by interested parties, notably in the US Department of Defense Trusted Computer System Evaluation Criteria (the so-called orange book). These recommendations are a start, but work remains to be done. This paper's authors have done a good job of introducing these concepts in remarkably few pages. Those interested in an overview on the subject of trust, and its pervasiveness in information technology (IT) systems, would benefit from reading this paper. Specialists will have to do a lot more reading if they wish to master the subject. Online Computing Reviews Service

Access critical reviews of Computing literature here

Become a reviewer for Computing Reviews.

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

cover image Queue
Queue  Volume 2, Issue 4
Surviving Network Attacks
June 2004
63 pages
ISSN:1542-7730
EISSN:1542-7749
DOI:10.1145/1016978
Issue’s Table of Contents
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 01 June 2004
Published in QUEUE Volume 2, Issue 4

Permissions

Request permissions for this article.

Check for updates

Qualifiers

  • Research-article
  • Popular
  • Editor picked

Contributors

Other Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

  • 0
    Total Citations
  • 13,429
    Total Downloads
  • Downloads (Last 12 months)2,185
  • Downloads (Last 6 weeks)212
Reflects downloads up to 21 Dec 2024

Other Metrics

Citations

View Options

View options

PDF

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

Magazine Site

View this article on the magazine site (external)

Magazine Site

Login options

Full Access

Media

Figures

Other

Tables

Share

Share

Share this Publication link

Share on social media