Pure as the driven snow? Not!

&PureYesterday we starting discussing the insider threat. Yes, those wily individuals who smile in our faces while engaging in some type of behavior that we&d find shocking, incredible, unconscionable, unforgivable – okay, you get my point.

Interestingly enough, in the book, Insider Threat, the authors outline 4 types of insiders: pure insider, insider associate, insider affiliate and outside affiliate. Yes, can you believe that there are actually names for these folks? Not sure if that&s good or bad. Nevertheless, today, we&ll focus on the pure insider.

According to the authors, the pure insider can access all that s/he needs as an employee of the company. Yes, this means access to the building, network, etc. So imagine someone in your company, with access to perhaps some of the same (if not more) information as yourself working against the company? Just think of the damage that s/he might inflict on the company, the shareholders, the public and even you. Now don't got gettin& any ideas the next time your boss makes you mad.

There&s also the elevated pure insider. This person might be a system administrator, who has all the privileges on the company&s network. I'm sure you can imagine the damage that this person can do. Or, in the words of one law firm system administrator ““I can take these guys out of business anytime I want.” YIKES! And to think that this guy has the keys to the kingdom. Wonder if those lawyers know it?

And you&d better believe that some of these administrators have made good on their threats. At a company called Omega Engineering, a network engineer caused $10 million in losses, 80 layoffs and the loss of several clients when he detonated a software time bomb that he had planted in the network he helped to build.When the bomb went off, over 1000 programs were erased and purged from the network.

In addition, proprietary software was lost. Oh, and by the way, why did he do it you ask? Because he was mad about his termination from the company and sought revenge.

So, let's be sure that we understand that there are indeed threats to the company and that they&re not always outside its doors.

Insider Threats

Insider ThreatsWhen I first started my career in information technology, I was rather shocked to find out that one of the likeliest threats to an organization wasn't external, but internal. Yes, that a trusted employee could in fact be the one carrying out some of the attacks that we mentioned previously. Just imagine Fred (not you, if your name is Fred, or I hope not), who comes to work on time everyday, even working overtime on weekends, is the one committing malicious acts on the company&s network. Who knew?

Well, this shouldn't seem to far fetched. Ponder this: According to the National Threat Assessment Center of the United States Secret Service and the CERT Coordination Center (yes, a mouthful), in 70 percent of the cases studied in a survey conducted by these organizations, insiders, yes those working in the company, exploited weaknesses in applications, processes and procedures to carry out their nefarious deeds. And according to the Gartner Group, 70% of security incidents are actually insider jobs. Can you beweave that? Those dirty rats!

But who would do such a thing? What&s wrong with Fred you ask? Well, under those smiles, Fred might be one of the following: disgruntled, careless, or even angry. Since oftentimes we don't know people as well as we might think, their ability to operate under the radar can wreak havoc on a company&s network, which can ultimately impact everyone in the company. Therefore, this brings me back to my original point that security is everyone&s business. But more on that later.

So, this week we&re going to mix a little technical jargon with the human element behind the machine. We&ll take a look at how inside attackers use their knowledge in service of the dark side and we&ll see how networks are targets.

Networks Revisited

&NetworksWelcome back!

Well, since we&re on the topic of networks, it's important to note that these networks are getting more and more complex. And this complexity affects our lives in many ways.

Today, we have all kinds of appliances and devices that are connected to networks. Our cell phones allow us to do a lot more than just talk. And our cars allow us to do a lot more than just drive…even though I find myself yelling “hang up and drive” a lot more these days.

Interestingly enough, while these networks allow us to do a lot of different tasks, these networks aren&t without risks. Unfortunately we can fall victim to those nasty computer viruses, which can wreak havoc on our systems and ultimately our lives.

In addition, thanks to networks, we&re also held hostage to that annoying SPAM. While certainly more annoying that its original namesake, this annoyance is often a daily occurrence.

Unfortunately other unauthorized actions on telecommunication networks include eavesdropping and session hijacking, which we reviewed a few weeks ago.

So as we ponder the increase of neat gadgets that are hitting the market everyday, let's keep in mind the good, bad and ugly of today&s networks.


&Networks&Last week we learned a little about TCP/IP. This week we&ll take a closer look at how all of our computers, and other devices, talk to each other. In other words, how they communicate via networks.

One of my fav movies of all times is Terminator 3 – Rise of the Machines. Okay, so even if you're not an Arnold fan like myself, the fact that the machines communicated with each other shouldn't be too far-fetched for you to grasp. However, as for them trying to terminate us humans, well, hopefully our machines will be kinder and gentler to us (oh please be gentle).

Just as humans network, so do computers. And just how do they do that? You guessed correctly – TCP/IP, which is a popular protocol that provides this connectivity. Just think Internet. Computers and other devices, such as printers, cell phones, PDAs, and the upcoming hot item iPhone, all communicate via a network.These days, one can find lots of devices on a slew of networks. And as you probably know, the devices that can connect to a network get more and more interesting each day. (Yes, we&ll take a look at some of these neat devices).

For us humans, these networks allow us to share printers, send email, text message, telecommute, get an education and even date online. Who knows, TCP/IP just might be the ticket to help you find your soulmate. Or, the worst creep you&ve ever met. But let's think positive. Today, we can do many things online that within my lifetime (won&t date myself here) we couldn&t do when I was growing up. So life is indeed getting more and more interesting.

So ponder all of the devices that you use that you believe are connected to a network. I'm sure your list will get quite long.

Tomorrow we&ll discuss the drawbacks of networks. And yes, as you know, with good comes the not-so-good.

What…hitchhikers along the information superhighway?

&Hitchhikers&Yesterday, we focused our attention on the rules of the road for the information superhighway. Today, let's focus on who might be trying to hitch a ride along the way.

Now, drive along any highway and you're likely to see at least one hitchhiker. While you might be tempted to lend a helping hand, I&ll bet you recall the words your momma told you about not picking up hitchhikers. Interestingly enough, there are also hitchhikers along our information superhighway. However, they tend to be a little sneakier and hitch rides without us knowing it. A particular nasty activity that they engage in is called session hijacking.

As we mentioned, TCP/IP is the “rules of the road” that our computers use when communicating with each other. A session hijacker will block a session (think conversation) between two users and replace the legitimate information with his/her own. How nasty!

In other words, for example, session hijacking allows the hitchhiker to take over a web user&s session and then masquerade as the authorized user. Once the masquerade works, guess what – the hitchhiker can do anything that the authorized user can do. So, imagine you're on the computer with your BFF. In this example, someone else would take over the conversation, posing as your BFF, without you knowing it. And that person would be privy to all the information that you and your BFF shared in what you thought was information only between the two of you.

So, how can you tell if a hitchhiker is trying to catch a ride? Well, if a website starts acting in a weird fashion or in a fashion which you&ve never experienced before, this could be the problem. Or, worse yet, if the website isn't accessible at all, it's possible that a hitchhiker might be up to no good. This isn't always the case, but could be a possibility.

Just note that while our information superhighway is awesome, the wisdom that your momma bestowed upon you about not picking up strangers is still valid today…even in cyberspace.

TCP/IP Revisited

&TCP/IP& Yesterday we briefly outlined TCP/IP. Today, let's delve a little deeper into its meaning.

As we learned, TCP/IP is the language that facilitates communication between computers. TCP/IP is a set of protocols that connect computers on the Internet. By protocols, I'm referring to a collection of policies, procedures and practices. In other words, when referring to the Information Superhighway, think of TCP/IP as the rules of the road.

When you email, surf the web or transfer files, you're using TCP/IP. As the most popular protocol, whenever you buy a computer TCP/IP is at your disposal. You don't need to do anything to get it. In addition, it doesn't matter which computer you buy. TCP/IPdoesn't care if you buy a Dell or HP, it's compatible with all types of computers.

So, rest assured that just as you abide by the rules of your interstate, there are rules in our interconnected world. And just as there are those who choose to disregard the rules on the road, there are those who seek to avoid those rules on the Internet. Tomorrow, we&ll see what happens when hitchhikers takes to the roads.

IP, TCP/IP, oh my!

&Acronyms&Over the past few weeks, we&ve taken a high-level overview of some of the important concepts in computer security. And while we needed to establish a foundation, now it's time to get our hands a little dirty to see what computer security is all about.

This week, we&ll spend some time on our own computers. Doing so, we&ll be able to identify how our computers talk to each other. We will learn new terms. And in case you didn&t know, the world of computer security is loaded with acronyms. If you're a texter, then you&ll love these acronyms. If you're not, then get your pen/pad, PDA or whatever tool you use handy for a long list of these fun new abbreviations.

On our information superhighway, via a TCP/IP network, computers chat away. TCP/IP means Transmission Control Protocol/Internet Protocol. This is the language that computers use to communicate with each other. All computers know this language.

In order for computers to talk with one another, they must each have a unique IP address. IP means Internet Protocol and it has what's called four octets. For example, an IP address might look like: We&ll take a closer look at these octets tomorrow. For now, to see your computer&s IP address, just do the following:

1. Go to the Start menu and click Run.

2. Type cmd and click Enter.

3. Then type ipconfig and press Enter.

Do you see it? If so, Ya-hoo! You have now identified your computer&s unique address. Good for you. If not, just review the steps above. It's there. Just take a closer look.

See ya& tomorrow.

Oh buggers!

&Bugs& By now, you're probably like, worm, viruses and now bugs, oh my! While we&re aware of the problems that worms and viruses can cause for us humans, this week, we&ve glimpsed at some of the problems that they can cause for our computers.

In continuing with our study of (hu)man&s sometimes destructive nature, right now we&ll take a closer look at bugs, but again, not of Mother Nature&s doing, but those created by humans, the ones lurking in the shadows of our computers waiting to do something evil, nasty and downright dirty. Ok, maybe I exaggerate a little…or maybe not. Remember, I report, you decide.

I&ll admit, I fear bugs (however, I do find their role in helping forensics investigators solve a crime fascinating, but that&s another story). While I do have an healthy respect for Mother Nature&s gifts to the world, I'd prefer that her little critters stay far away from me. This also applies to (hu)Man&s creation of those critters that can cause many technical problems.

Just as Mother Nature&s bugs tend to share our space (or is it vice-versa?), bugs on the web tend to violate our privacy. These bugs are very popular with spammers as they can determine whether their spam has been read when they send out random email addresses. Interestingly enough, in case you didn&t know, these little buggers can also determine when the message is read as well as the recipient of the message should it get forwarded.

Unfortunately there are some nasty critters out there in cyberspace. but luckily for us there are ways to combat them. As we move forward, we&ll analyze more of these problems in detail and discuss ways to defend ourselves against these buggers.

Good Security Starts at the Perimeter

I&ve been meaning to write a post about personal firewalls, such as the one built into Windows, and why it's important to use them, but I came across an issue this weekend that strikes me as a more important use of firewalls that not everyone may be aware of.

If you're like most internet users, you have some sort of broadband connection. Dial-up connections are rapidly being replaced by “always-on” services like DSL and Cable. Along with the convenience of these services comes a serious risk. Being attached to the internet 24×7 vastly increases the chance that someone may try to find their way into your computer, often for less than honorable purposes.

What to do about this? Well, the personal firewalls I will be writing about soon will certainly help, but a more immediate (and easier to implement) solution is to use a router between your DSL or Cable modem and your computer.

Aren&t routers for connecting multiple computers to your internet connection? Yes, that is their main purpose, but they also server as a basic firewall for your internet connection, since you will be able to communicate out with the internet, but not much will be able to come back in and find you. Many of them have more advanced functions for things like running a web site from your home connection (if allowed by your ISP).

In the next post, I&ll discuss some of the common routers to use as a firewall, and how best to configure them.