The Insider, Naivety, and Hostility: Security Perfect Storm?: Keeping nasties out if only half the battle.
Abstract
Every year corporations and government installations spend millions of dollars fortifying their network infrastructures. Firewalls, intrusion detection systems, and antivirus products stand guard at network boundaries, and individuals monitor countless logs and sensors for even the subtlest hints of network penetration. Vendors and IT managers have focused on keeping the wily hacker outside the network perimeter, but very few technological measures exist to guard against insiders - those entities that operate inside the fortified network boundary. The 2002 CSI/FBI survey estimates that 70 percent of successful attacks come from the inside. Several other estimates place those numbers even higher.
References
[1]
1. Power, R. 2002 CSI/FBI computer crime and security survey. Computer Security Issues and Trends VIII, 1 (Spring 2002).
[2]
2. Hayden, M. V. The Insider Threat to U. S. Government Information Systems. Report from NSTISSAM INFOSEC /1-99, July 1999.
[3]
3. Ferrie, P., and Lee, T. Analysis of W32.Mydoom.A@mm; http://securityresponse.symantec.com/avcenter/venc/ data/[email protected].
[4]
4. Bridwell, L., and Tippett, P. ICSA Labs 7th Annual Computer Virus Prevalence Survey 2001. ICSA Labs, 2001.
[5]
5. See, for example, Microsoft Security Bulletin MS03- 050, Vulnerability in Microsoft Word and Microsoft Excel Could Allow Arbitrary Code To Run: http: //www.microsoft.com/technet/security/bulletin/MS03- 050.mspx; or MS03-035, Flaws in Microsoft Word Could Enable Macros To Run Automatically: http://www.microsoft.com/technet/security/bulletin/ MS03-035.mspx.
[6]
6. Dos Santos, A., Vigna, G., and Kemmerer, R. Security testing of the online banking service of a large international bank. Proceedings of the First Workshop on Security and Privacy in E-Commerce (Nov. 2000).
[7]
7. Sophos Corporation. Top ten viruses reported to Sophos in 2003; http://www.sophos.com/virusinfo/ topten/200312summary.html.
Index Terms
- The Insider, Naivety, and Hostility: Security Perfect Storm?: Keeping nasties out if only half the battle.
Recommendations
Towards Countermeasure of Insider Threat in Network Security
INCOS '11: Proceedings of the 2011 Third International Conference on Intelligent Networking and Collaborative SystemsWe discuss countermeasure against insider threats in network security aspect. In the context of countermeasure against insider threats, there is no perimeter for access control in a network. A traditional access control process by using a firewall on a ...
Trust Enhanced Security Architecture for Detecting Insider Threats
TRUSTCOM '13: Proceedings of the 2013 12th IEEE International Conference on Trust, Security and Privacy in Computing and CommunicationsAttacks on the organization networks can be classified as external and internal attacks. For the purpose of this paper we consider that external attacks are generated by the attackers or from hosts outside the organization, and internal attacks are ...
Comments
Please enable JavaScript to view thecomments powered by Disqus.Information & Contributors
Information
Published In
Copyright © 2004 ACM.
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
Published: 01 June 2004
Published in QUEUE Volume 2, Issue 4
Check for updates
Qualifiers
- Research-article
- Popular
- Editor picked
Contributors
Other Metrics
Bibliometrics & Citations
Bibliometrics
Article Metrics
- 0Total Citations
- 13,733Total Downloads
- Downloads (Last 12 months)2,241
- Downloads (Last 6 weeks)226
Reflects downloads up to 22 Feb 2025
Other Metrics
Citations
View Options
View options
View or Download as a PDF file.
PDFeReader
View online with eReader.
eReaderMagazine Site
View this article on the magazine site (external)
Magazine SiteLogin options
Check if you have access through your login credentials or your institution to get full access on this article.
Sign in