28-09-2010, 09:34 AM
Honey nets Detecting Insider Threats.ppt (Size: 405 KB / Downloads: 314)
INTRODUCTION
in·sid·er n.
An accepted member of a group.
One who has special knowledge or access to confidential information.
Network, System, and Database Administrators
Employees and Contractors
Business Partners
How can being an accepted member of the group be used by an insider?
Leverage existing credentials on valuable systems.
Sniff clear text protocols to obtain valid credentials.
Use valid accounts to exploit unpatched local vulnerabilities to escalate privileges.
System Administrators can obviously access any sensitive information on the machines.
Companies typically focus on external threats.
Less secure intranet web applications and databases.
Ability to share internal data easily often more important that to share data securely.
An accepted member of a group.
One who has special knowledge or access to confidential information.
Network, System, and Database Administrators
Employees and Contractors
Business Partners
How can being an accepted member of the group be used by an insider?
Leverage existing credentials on valuable systems.
Sniff clear text protocols to obtain valid credentials.
Use valid accounts to exploit unpatched local vulnerabilities to escalate privileges.
System Administrators can obviously access any sensitive information on the machines.
Companies typically focus on external threats.
Less secure intranet web applications and databases.
Ability to share internal data easily often more important that to share data securely.