To protect your systems completely, you must first recognize who or what you’re protecting them from. What typically comes to mind when discussing network security is protecting the network from mysterious hackers operating from a dark room full of sophisticated computer systems. This is rarely the case. According to the FBI, up to 80 percent (1999) of all security breaches reported are from internal sources. Internal security threats range from a novice server administrator or user who unknowingly installs software or opens an e-mail attachment to a disgruntled employee who attempts to delete source code from a development server.
To prepare for and defend against threats properly, you must first understand the types of threats to your network security. Four basic network security threats exist.
The term “internal attack” is used to describe an attack being implemented from a person or organization with some level of authorized access on your network. Internal attacks are performed from within the trusted area of the network. This type of threat can be more difficult to defend against because employees already have access to the network and private company data. To compound the internal threat further, most companies only have firewalls at the edge of their networks, and they rely strictly on access control lists (ACL) and server permission to regulate internal security. Server permissions typically protect resources located on the local servers, but provide little or no protection for the network. Internal threats are typically executed by disgruntled employee(s) who want to “get back” at the company.
Many, if not all, of the security measures are logically connected to the perimeter of the network, protecting the inside networks from the external connections, such as the Internet. While the perimeter of the network is secured, the inside or trusted portion of the network tends to be soft. Once an intruder has made it through the hard outer shell of the network, compromising one system after another is usually simple.
Wireless networks introduce a new area of concern for Security Administrators. Unlike cabled networks, wireless networks create a realm of coverage that can be intercepted and used by anyone with the right software and a wireless network adapter. Not only can all network data be viewed and recorded, but network attacks can also be launched from inside the network where the infrastructure is much more vulnerable. Because of the severe security implications, strong encryption should always be used with wireless networks.
External threats are posed by any organization, government, or individual that attempts to gain access from outside the company’s network and includes anyone that doesn’t have authorized access to the internal network. Typically, external attackers attempt to gain access from dialup servers or Internet connections. External threats are what companies spend the most time and money trying to prevent.
External threats are from anyone that doesn’t have authorized access on the internal network.
Unstructured threats are the most prevalent threats to a company’s system infrastructure. Novice hackers, commonly called script kiddies, download software developed by more advanced hackers and use this software to gain information, access, or perform a DoS attack against a target system or company. Script kiddies rely on the software and experience of the more advanced hackers.
While script kiddies don’t have much experience or knowledge, they can wreak havoc on an unsuspecting and/or unprepared company. What kiddies lack in sophistication, they make up for in shear numbers. While this might seem like a game to the kiddies, the companies that fall prey to these basic attacks stand to lose millions of dollars, as well as the public’s trust. If a company’s web server is broken into and defaced, the public believes hackers have successfully broken through the companies’ security, when hackers have only hacked into one vulnerable server. Web, FTP, SMTP, and any other servers offering services on the Internet are all much more vulnerable to attack, while more important and mission-critical servers reside behind multiple levels of security. The general public doesn’t understand that breaking into a company web site is much easier than cracking the company’s credit card database. The public has to trust that a company is competent in securing its private information.
Structured threats are the hardest to prevent and defend against because they come from organizations or individuals that use some sort of methodology to gain unauthorized access. Intelligence organizations, organized crime, and governments are the potential backers of a structured threat. Hackers with advanced knowledge, experience, and equipment make up structured threats.
Experienced hackers understand how packets are formed and can develop code to exploit vulnerabilities within the protocol structure. Organizations or individuals that perform structured attacks are also aware of the countermeasures used to prevent unauthorized access, as well as the IDS systems and how they detect intruders. They know methods of evading those protective measures. These highly motivated and technically competent intruders can create customized code, use existing tools, or even modify existing applications to perform according to their methodology.
In some cases, a structured attack is performed by or with the assistance of someone on the inside. This is referred to as a structured internal threat. Structured and unstructured threats can be either internal threats or external threats.