In the first of this two-part series, below, Tony Bradley identifies three internal controls you must have in place to prevent internal hacking. In part two, he'll offer step-by-step advice on how to configure Windows file and folder security.
A tremendous amount of attention is paid to hackers who launch Windows attacks from outside the network. The dark and elusive hacker evokes images of both horror and fascination as vast sums of time and money are spent securing the network from such evildoers. But what will those resources do to address the fact that up to 80% of attacks and data compromises occur inside the network?
External attackers present a very real concern to your network security, demanding company time, money and equipment. But internal security processes and controls rarely protect sensitive or confidential data from your company's casual snoops or dedicated attackers, whose security breaches are far more common than those launched by external hackers. You must be sure internal employees are unable to access files or resources they should not have access to.
Here are three ways to guard against internal hacking threats. You'll also find several checklists below to help you put some of these controls in place.
1. Clearly define policies
Before you can effectively enforce restrictions on employees who access data they should not be, you need to clearly explain the rules and expectations. Make sure they know which resources they are allowed to access and which ones they are not, and clearly define and enforce the consequences of violating that policy.
2. Employ file and folder security
It would be ideal for all employees to simply follow the security policies and procedures in place -- but that's a fantasy for most Windows administrators. You must guard against mischievous curiosity or blatant disregard for the rules. Make sure file and folder security is properly configured, and only authorized users or groups are able to access system resources.
Watch for Tony's upcoming tip on how to properly configure file and folder security in Windows.
3. Monitor high-risk roles
High-risk assets, or those with a greater impact on network security or company revenue, should always receive greater protection. In determining which resources get enhanced security, you must assess all internal employee roles and responsibilities, then determine which roles need closer monitoring for internal security breaches; some users will have access to more sensitive information than others. Audit your security to make sure users with greater privileges only access the appropriate files and no suspicious activity goes on.
Click for part two on how to protect desktop files and folders from internal attacks.
About the author: Tony Bradley is a consultant and writer with a focus on network security, antivirus and incident response. He compiles the About.com Guide for Internet/Network Security, providing a broad range of information security tips, advice, reviews and information. Tony also contributes frequently to other industry publications. For a complete list of his freelance contributions you can visit Essential Computer Security.
More information from SearchWindowsSecurity.com
This was first published in May 2005