Professional Documents
Culture Documents
budgets on?
Whatever we’re spending on infosec, it isn’t working. We need to rethink the strategy
and architecture of our critical information infrastructure in the organisation, how we
are using it, and the threats, vulnerabilities and controls inherent and required by our
business and operational processes.
Let’s look at some more statistics. 82% of attacks are attributable in some way to
insider threats – employees that are either coerced, duped, or bribed into assisting (or
at least, not preventing) an inside attack. One of the key problems with employees is
the ease of access, required by the normal day-to-day tasks of the employee, that may
be abused by an unscrupulous member of staff. Although there is evidence to show
that the ratio of attacks is shifting towards the 60:40 region, this is due to a startling
increase in the number of external attacks, and not a redunction in insider activity. In
fact, insider activity is also increasing!
1
see www.gocsi.com/fbi_survey.html for more information
30
25
20
Insider
15 m isuse
10 External
intrusion
5
0
1998 1999 2000 2001
Firewalls are layers of defence in the corporate “fortress” mentality, and there is a
common belief that the more layers you have, the safer you are. This is despite the
fact that in order to use the network you are firewalled from, you need to create safe
pathways for your data across the firewall. “How do you know who and what are
using the pathways” is an interesting question!
Using the fortress model, it is also common to see that where there is a perceived
security threat, the common response is to add another layer. This is laid down as
official policy in a wide variety of organisations, including some very security-
minded ones, who ought to know better. If an attacker can bypass one layer, bypassing
two is a simple exercise in time.
Banks know a lot about physical security – they’ve been in the business for many
years now. One of the things that is observeable about a bank is its “fortress layers”.
Doors are strong, with secure locks. However, there is a recognised point at which
there is no point whatsoever strengthening the door, and this is the point where it is
easier, quicker, and quieter for an intruder to drive through the wall. To allow a rapid
response to security incidents, a number of measures are deployed to watch the
movement of customers in and out of the bank, and to warn security managers when
an unexpected attempt is made to enter without proper permission.
We need a burglar alarm for the enterprise network. Winn Schwartau said in Time
Based Security that “the fortress mentality is dead”. Certainly one of the issues
appears to be that without an effective threat monitoring system, the effectiveness of
the firewall is limited. Time to think about Intrusion Detection Systems.