Print

Comment

Email

Digg

Del.icio.us

Reddit

Any transaction being executed-be it voice, data or other information-over a network is vulnerable to tapping and interception. The risk increases further once the information crosses the private domain and logs on to public networks. The security risks over a network cannot be removed, however, the quantum of threats and damage can be assessed, and reduced or prevented.

"Whether the threat is internal or external is a subjective issue and is very vertical dependent. A software company can have an offsite employee and still face a security breach during his usage of the corporate network. Similarly, if an FMCG company gives network access to its dealer, the dealer is now an internal user but the access is external," says Ambarish Deshpande, head (channels and consumer sales), Symantec.

Till the turn of this century, there was a perception that a network and the information being accessed over it face maximum threat from within the organization. Almost 70 percent of the security breaches were taking place from internal sources.

During the last four to five years, the industry has been witnessing a change in this equation. The number of external threats and attacks are on the rise. This change has taken place not because the enterprises put more security solutions and checks internally; rather the conversion of employees into mobile workers has been a major factor.

There is another school of thought that does not differentiate between internal and external threat. For them the periphery of a network has vanished with multiple access points being opened to the network. More and more outsiders - employees, partners and dealers etc - are now using the corporate network, both from within and outside the organization. The remote access mechanism has raised issues pertaining to restricting and controlling the access. It has also raised the bar on the security awareness level of the users.

"Four years back, there was more threat from internal sources. Now the network has become a business enabler, and employees more mobile. There is nothing internal or external, as the boundaries are gone. Multiple people come and go in a network and hence it should be able to protect itself," says Jagdish Mahapatra, business development manager, Cisco Systems (India and Saarc).

Identifying the Culprit
A recent report by PriceWaterhouseCoopers indicates that 62 percent of Indian enterprises were unable to identify the source of the attack or breach in 2003-04. This figure is alarming when compared with the global figure of 12 percent. This figure was as low as 25 percent in 2002-03. On the other side, 15 percent of the enterprises said security breach was due to their employees. This was down from 26 percent in 2002-03. However, 13 percent attributed it to former employees, which was 9 percent higher than the pervious year.

"Rise in breaches by former employees is due to high churn rate being witnessed across verticals, specially the IT and ITeS companies. A decade ago, the job market was limited and movement of people was less. This meant less chances of information getting into wrong hands through former employees," says Sivarama Krishnan, associate director, business solutions, PriceWaterhouseCoopers.

Though the unknown breaches are nightmares for security mangers, the good news is that the internal breaches can be both identified and contained. "Though the external sources pose greater threats, internal threats can not be ignored. However, internal threats and breaches can be controlled," says Ajit Pillai, country manager, Watchgaurd Technologies.

Reducing the Damage
With the enterprises growing their business area, it is a daunting task for them to monitor individual employees. The first step for any CIO or network manager is to identify the potential areas of threat and guard critical applications on priority basis.

Education and awareness among employees is as important as installing security tools over the networks. Even if all measures have been taken, but workers do not restrain themselves from downloading unknown mails and applications, the whole purpose gets defeated.

Moreover, all internal breaches are not necessarily malicious in nature. "Often the employees breach the network unintentionally and in the process compromise the security of the whole network. This happens mostly due to low level of security education of workers," says Rajesh Sahore, country manager, Allied Telesyn.

A regular checkup of all the systems over the network helps in identifying the weak links. A desktop might contain dormant applications, which get launched when someone unknowingly uses the machine. Regular security audits save the embarrassment of reactionary steps.

Another common mistake by large enterprises is to retain or let the user name of former workers exist on the network. This makes it easier for those who have left the organization to access the corporate network and information flowing over it. So as soon as the worker leaves the organization, his presence on the network should be erased. His access devices should be isolated and used only after proper security checks.

Access control and user authentication are other steps taken to reduce the risks. "The approach should be to authenticate each connection to the network as well as authorize each transaction that the user performs," says Sanjeev Nikore, chief operating officer, HCL Comnet.

The complexity of the networks has grown, so have the applications and the complexity of access. It is essential to restrict usage of applications to those users who need them. As applications and information are on the network servers, they are the most threatened part in the network. A granular level control over them and those accessing the servers reduces the risk level.

Identities are important in the virtual world and so identity and access management acquires prime importance in securing the network. "Provisioning tools over the network ensure provisioning access to the users depending on their role. Even the remote access to employees has to be provisioned," says Rajendra P. Dhavale, consulting director, Computer Associates.

While user interfaces for the applications have to be simple and easy to use, log in names and passwords have to be different and complex for each user. However, having multiple log-ons and passwords are proving difficult to be managed. So the concept of single user ID and password accounts is gaining attention. Biometrics and PKI with external or internal certificate authority is also used.

With external-internal boundaries getting diluted, CIOs and security managers are considering relocating their firewall installations to effectively provide security cordon with less capex. Traditionally anti-viruses are installed at the server as well as the desktop level. Tools like intrusion detection system and firewalls have been on the periphery of the network to prevent external attacks. But as the awareness to manage internal threats is rising, focus is shifting from security tools at the periphery to something more internal. Installing SSL VPN at the application level would ensure secure connectivity even for mobile users.

Today enterprises have been able to identify sources of internal threat, but there are still several unknown threats that can be both internal and external. The malicious minds are always working to find ways out and attackers are one step ahead in posing newer threats.

Managing internal threats of enterprises is like handling a nation's internal security. You have to have the confidence and support of your people to effectively ward off the attacks. Merely policing and framing new policies would not work unless people abide by the rule book. They must remain alert, aware and commit themselves to making the network secure and safe.

Anurag Prasad