Internal security threats at the Enterprise level (page 2 of 2)

However, it can be a source of misuse if locally managed desktop Anti-virus solutions are used, as opposed to more secure centrally managed solutions. Firstly, locally managed Anti-virus allows the user to switch off the virus protection, as is sometimes requested for the install of other programs, and then forget to switch it on again. It also means users can alter the configuration settings, which could then making them in breach of your security policy and creating dangerous gaps in the virus defense. Without a centrally managed system, the role of the IT administrator is reduced to 'desktop surfing' - continuously going round each desktop with a floppy disk update. This is not only inefficient use of a highly skilled IT administrator; it is also a losing battle with the, sometimes multiple, updates a day, leaving the business exposed to attack.


WEB browsing and WEB-based Email
Browsing websites and using web-based email can seem an innocent activity to the user, but both activities can disrupt normal business activity. Viruses and malicious code can be hidden in web sites and downloads of unsigned ActiveX and Java executables can contain harmful hidden payloads. Other downloads, such as MP3s and images clog up network bandwidth causing restricted use for legitimate business activities or even causing server-crash. In addition, as gateway antivirus tools cannot detect web-based email activity, this means users can receive emails with dubious content, or damaging attachments that run onto the local desktop and server. In addition, users can attach confidential documents and send via these email accounts completely undetected, exposing the company to risk.


Instant Messaging and Chat Rooms
IM tools are typically used for personal reasons, and a large part of their day can be taken p with this type of chat, leading to reduced employee productivity.

IM has the same security issues as web-based email - users and potentially send and receive sensitive corporate data.

There are also viruses that are specifically aimed at IM systems (e.g. Choke virus). Antivirus tools at the gateway do not detect IM; so infected files can seep onto the desktop and hen into the network.

Chat rooms are another gateway for viruses as they bypass he gateway antivirus solution. Like web-based email, they also provide the means for confidential data to be transferred undetected. Add to that the new major threat that organizations need to be careful about - spyware. These are non-viral applications that can trace user behavior on the net or silently record key strokes and data transmission from personal PC's. This information can then be used by spyware creator to cause financial loss - as in capture of online userid and password for a ebanking application - or track a user activity on the net and breach privacy.


Update patches on servers
With so many applications, servers and workstations, how can company ensure they have the latest updates and most recent patches? The demand on IT time for maintaining system patches and updates is huge - each supplier website must be checked on a daily basis for the most recent updates s must the vulnerability web sites like CERT, Bugtraq, etc.

Having found vulnerabilities that may be relevant you then have to individually check each of your systems to see if it is applicable. This all adds to the resource and time needed, making it difficult to be up-to-date with the process. Even mail pushes don't relieve the issue, as these updates still need to be installed across your diverse IT environment.

This activity uses up valuable IT resource that could be used in other security areas, and becomes demoralizing for the IT administrator handling this task. This problem is compounded by the continually changing IT environment.

The result is that many organizations do not do this due to the time and expense, which is why so many of the recent viruses have been successful even though the vulnerabilities they exploit are well known and have patches available.