Digital Common Sense

I post news clips from a variety of sources here. Typically I post them with no or little comment, simply sharing information I get with those of you who might not see it in a timely manner. I get a lot of news from a lot of different places. Sometimes the stories warrant comments.

July 21, Information Week — UBS trial aftermath: Even great security can’t protect you from the insider. The recent UBS PaineWebber computer sabotage trial is a perfect example of the damage that can be caused by a knowledgeable insider with high−level access and an axe to grind. A company employee is already inside the perimeter, where the vast majority of the protective technologies sit. That same employee also knows what information is most vital to the company’s ability to make money and sustain itself. He has knowledge of passwords, and he also probably knows what kind of machines and operating systems the company is running. An IT professional has all this information, plus he has access to the inner workings of the infrastructure. He has high−level privileges that allow him access to key servers and databases, and possibly even root−level access, which would give him all−encompassing power over the system. UBS PaineWebber’s network was hit by a logic bomb in March of 2004. A jury last week found Roger Duronio of Bogota, NJ, guilty of two crimes: computer sabotage for building, planting and distributing the malicious code that brought down nearly 2,000 servers on the company’s nation−wide trading network; and securities fraud.
Source

The single greatest threat to any network is a trusted insider. Let me repeat that - The single greatest threat to any network is a trusted insider. This story demonstrates a perfect example, but there are many variations on the theme. This story plays out the worst possible example, a malicious, trusted user. Someone with an axe to grind.

Trusted insiders can also be naive. They can install applications that evade or violate corporate security policies. (See Skype thread here). Naivete is a common cause of problems and network security breaches. Naivete is often driven but lack of understanding of corporate policies. It’s also common among users who just want to do things they see as helpful to them in their job. They’re looking for productivity gains in some way.

And yes, trusted insiders can sometimes just do something boneheaded. It happens. Shit happens.

Education and awareness are the most effective tools Top level managers need to drive a corporate culture and creat a set of behaviors whereby every employee in a company feels a sense of stewardship toward protecting copmany information. This is an element of corporate culture and it can only be built over time, and only succeed when managers, all managers, lead by example.

I’m reminded of a time when I was working on military systems and was lectured by a Navy admiral on how crucial security was and how strong his units policies were. And how he was a strong leader who insisted everyone from the top down take ownership for their actions. I confess, I set him up for this both purposely and purposefully. Ocne he finished lecturing me, I reached into my pocket and retrieved the key to his STU-II encrypted phone which he had left in the telephone. I’d removed it two days earlier. I tactfully suggested he revisit those policies wih his team. And all he could do was grin sheepishly and try to give me a bullshit excuse. And we both knew it. But I’d bet he hasn’t walked off leaving open access to a secure phone since.

I say again, because this is important - The single greatest threat to any network is a trusted insider

Technorati Tags: Infosec, network security, trusted insider, The single greatest threat to any network is a trusted insider

Filed by Ken at 1:49 pm under InfoSec