Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie
Hi there,
There is an issue with role permissions that is being worked on at the moment.
If you are having trouble with access or permissions on regional forums please post here to get access: https://www.boards.ie/discussion/2058365403/you-do-not-have-permission-for-that#latest

physical network security

  • 25-08-2003 10:55pm
    #1
    evilhomer
    Registered Users, Registered Users 2 Posts: 1,464 ✭✭✭


    I'm writing this Thread to ask any security professionals out there a few questions about the security of a network from the inside, i.e. employees with a certain level of access to the network on a physical level. wether this means actual contact with the networks hardware or access to terminals and/or passwords inside the organisation.

    How do you assess the risks of an internal breach?

    How does this differ from remote attempts on a system (besides the assailant actually being outside the organisation and trying to access the system through it's internet connection)?

    What should you look for in logs etc that might perhaps indicate someone snooping around where they dont belong?

    From a physical security point-of-view, what would be the best courses of action to secure your hardware (servers/workstations) from unwanted attention?

    Are there other aspects (i'm sure there are) of internal security to be considered?

    Evilhomer

    "I am evilhomer, I am evilhomer"


Comments

  • #2
    conor-mr2
    Registered Users, Registered Users 2 Posts: 655 ✭✭✭conor-mr2


    All this is IMO....
    And encyclopedias could be written about this so here my few thoughts at the moment.


    assess the risk of internal breach..
    well how important is each system from a confidentiality, integrity and availability of data point of view?? If that system goes down how damaging is that to the organisation? These questions need to be answered and really a proper risk register/matrix would need to be drawn up through discussions with the business owner of the system.


    How does this differ from remote...
    IMO it doesnt. However it is usually alot easier for an internal user. They are already on your network and will more than likely have no more firewalls/IDS's/ routers to go through to access your important systems.

    Users playing around on a system to see what they can get away with are just as dangerous as the users intentionally trying to penetrate the system.

    Physical security perspective..
    Servers should be locked in secure locations. The keys should be held by the appropriate personnel designated in the relevant procedures.
    Workstations/desktop: Good luck. anyone with physical access to the machine and really its just to bad. They could just take the thing away. However things like BIOS passwords can prevent users from accessing BIOS and booting up floppy disks. For example if you have NT you can use a win98 bootdisk with ntfsdos to boot up and access the ntfs filesystem, copy down the security files and take them away for cracking.



    As for logs..
    well its too generic to answer that question im afraid. Determine what users should not be doing and then you are halfway there!


    I would suggest having proper and complete set of standards and procedures that should be followed and adhered to.

    Rgds


  • #3
    marrakesh
    Closed Accounts Posts: 132 ✭✭marrakesh


    Most hacks now a days are from internal employees.

    One should apply a security model towards the policies and procedures within a company.

    IE: Bell & LaPadula with a Clark-Wilson mix if using it in a large enironment.

    Internal policies and acceptable usage policies should be written and signed by every employee starting in a company / present in a company. These policies should state that the user effectively can have his mail read / effectively can have his / her internet access logged etc etc.

    If a user is in the accounts department then they shouldnt be allowed access to the source code in a department. The CFO shouldnt be allowed to modify data that is written by the accounts department. A policy of no write down and no read up. If i am granted access to files i should be granted based on my role within a company and i should not be allowed to change files in another division / change files of someone who has a lower privilege. Logs of access to all objects should be logged sent to a main central storage and archived for a period deemed necessary.

    Consider implement an IDS / IPS (IPS more preferable as some say IDS is dead) system within your corporate network. Note if the resource is not there do not add in a IPS system as it will require a lot of work updating signatures and detecting anomalies and false positives that occur. Use a role based model that is applied to individual groups within a corporation dependendant on there role within a company.

    Scan all systems on the network for extra software that is installed as a company is liable if additional software is installed on there employees systems.

    Risks a of an internal breach are more likely to occur than an outside breach as disgruntled employees can wreak havoc within a company.

    Servers should be in a seperate room with either access by only the sysadmins and protected by key swab facility. All one needs is 5 minutes beside a server to break into it a reboot so depends how long that takes on your internal systems.

    When an employee leaves a building scrub there disk clean not just with a format but use a low level disk wiping software program that writes the entire disk than wipes it. This is imperative as the amount of residual data left on systems is astonishing..


Advertisement