June 22nd, 2002, 01:15 AM
internal network security
Interesting internal security article
"By Mark Ward
BBC News Online technology correspondent
Despite all the stories and scares about malicious hackers, computer criminals and destructive web worms, the biggest threat to the security of a company does not come from outside.
Instead, it is employees on the inside who are most likely to cause security breaches by inadvertently spreading viruses, defrauding their employer, wasting time on the net or downloading inappropriate material.
Figures collated by computer forensics and investigation company Vogon suggest that every year one in every 500 employees will cause or trigger a major incident, be it a virus outbreak, attempted theft or accidental data deletion.
BBC News Online attended Vogon's annual Enemy Within seminar to find out the risks employees pose and the best way to manage or investigate the use and abuse of computers.
Typically, Vogon is invited in to help a company but it also regularly receives tip-offs via its whistleblower website.
The allegations sent to this site include everything from people using fast net connections at work to download pirated software, run their own web business or to look at pornography.
Systems can be compromised through ignorance as well as intent
Kathryn Own, Vogon
Such serious allegations are not rare. Many people use their work computer to look at materials of an obscene and criminal nature.
Chris Watts, a senior investigator for Vogon, said that about 95% of the hard disks that the company scans during investigations have pornography on them.
Not all of them were illegal images, he said, but the majority broke company policies on appropriate use.
To avoid employees causing such problems, companies needed to spell out the rights and wrongs of computer use as people joined, said Kathryn Owen, one of Vogon's investigators.
"It's important that people sign up to these policies. Then they know that when they come to work for you that these are the rules," she said.
It's hard to completely erase the data on a hard disk
But employees do not just cause problems by looking at images that break laws or contravene workplace policies.
A lack of common sense can also cause huge problems.
Many computer viruses travel by e-mail and conceal their malicious payload in an attached file.
The most successful viruses trick people into opening attachments by using a teasing or salacious subject line.
"Systems can be compromised through ignorance as well as intent," said Ms Owen.
Vogon investigators tell the story of one enterprising employee at one client who tried to take apart the Magistr virus to see if it could be used to spread marketing information to customers.
His programming knowledge did not match his creativity and he triggered the virus as he was dismantling it. The result was a virus outbreak and disciplinary action.
Vogon is often called in to help recover data thought to be lost when back-up files or tapes prove to be faulty or by someone deleting something they should not.
Thankfully, data on hard disks is relatively difficult to completely destroy. Vogon has developed a series of tools that help it recover supposedly lost or deleted data from hard disks.
Although virus outbreaks can cause huge disruption and be hard to clean up after, far more damage can be done by those deliberately trying to defraud their employer.
Ms Owen said that many organisations seeded their customer database with false names to ensure they knew if any rivals got hold of the list of contacts.
Vogon also investigated a company in which one employee created a duplicate set of accounts to hide evidence of embezzling and distinguished between the two using files names that differed only because one had two spaces between the words in it rather than one.
Vogon said it was relatively straightforward to recreate incriminating information that others has tried to destroy. This is done by using data from proxy or mail servers, the caches and history files of web browsers, and the slack and free space on hard disks. "
Keyboard not detected. Press F1 to continue.