An internal attack occurs when an individual or a group within an organization seeks to disrupt operations or exploit organizational assets. In many cases, the attacker employs a significant amount of resources, tools and skill to launch a sophisticated computer attack and potentially remove any evidence of that attack as well. Highly-skilled and disgruntled employees (such as system administrators and programmers) or technical users who could benefit from disrupting operations may choose to initiate an internal attack against a company through its computer systems.
One of the best ways to protect against internal attacks is to implement an intrusion detection system and to configure it to scan for both external and internal attacks. All forms of attacks should be logged, and the logs should be reviewed regularly. Most of the security measures should be logically connected to the network perimeter, which protects the internal networks from external connections such as the Internet. While the perimeter of the network is secured, the inside or trusted portion of the network tends to be soft. Once an intruder has made it through the hard outer shell of the network, compromising one system after another is usually simple. Following some simple security principles - such as segregating duties and access levels among employees - will go a long way toward providing overall security for company assets.
Read More »