Thursday, November 1, 2012

Mitigating an insider threat

Topic - One of the biggest risks that companies face is advanced persistent threats. Discuss the most effective way to implement policies that mitigate the chance of an insider either taking part in or facilitating an advanced persistent threat. Integrate the concept of separation of duties into your discussion.

Separation of duties requires that there be limits on access and checks on actions. When one person is responsible for overseeing their own work then there is not any oversight. A failure to sufficiently implement this principle fails to prevent a situation such that “a single individual cannot subvert a critical process”(Swanson & Guttman, 1996, p 27).

In the event that an inside actor has the ability to avoid or compromise procedural safeguards, they have a great deal of power to impact any of the three major security traits: confidentiality, integrity, or availability. Kabay and Robertson tell about a disgruntled system administrator that resigned from UBS Paine Webber, but before he left he released a malicious logic bomb of his creation (2002). Since the malicious code deleted files and generally caused chaos in the network, it damaged both the integrity of the data on the network and interfered with the availability of the systems it disrupted.

Such an attack could have been entirely prevented if the saboteur had his accesses properly compartmentalized with mandatory oversight. Disallowing him the ability to both generate code and to release it onto the production systems would have forced an accomplice to be involved, or stolen credentials. Gregg et al recommend not even having compilers available on production systems, which prevent the creation of low level malware on them. (2012) This is not a perfect protection by a long stretch because interpreted scripting languages, like Python, Perl, or Bash, can be used to create malicious scripts directly on the live systems.

Gregg, J., Nam, M., Northcutt, S. & Pokladnik, M. (May 5th, 2012) Separation of Duties in Information Technology. Sans Security Laboratory. Retrieved from

Kabay, M. E. & Robertson, B. (2002). Employment Practices and Policies. In Bosworth et al (Eds.), Computer security handbook. New York, NY: John Wiley & Sons, Inc.

Swanson, M., & Guttman, B. (1996). Generally accepted principles and practices for securing information technology systems (pp. 800-14).

No comments:

Post a Comment