Three steps for defending against internal threats

Computerworld - Mydoom and its variants demonstrate the threats that worms and viruses pose to internal corporate networks. They have crawled their way into enterprise networks across the globe, propagating, wreaking havoc and forcing IT administrators to work overtime to rid their systems of the pests.
For years, computer security experts and analysts have been talking about internal threats to enterprise information, yet no elegant solutions have presented themselves. Risks from internal threats are the most difficult to defend against and are generally more damaging than better-known external threats.
Companies today face a delicate balance between empowering employees and protecting corporate resources. Today's firewalls go well beyond traditional packet-header inspection; instead they examine packet contents and reassemble traffic to investigate the data in its intended formats. This progress comes as shifts in the market have reduced costs. It's time to rethink internal enterprise security options.
First let's look at some of these key threats -- worms and internal hackers.

Disruptive worms
Worms such as Mydoom and Sobig are among the latest internal threats. A worm will typically be launched externally, but once inside a network, the IT administrator and staff must stop the worm and minimize the internal damage from the infestation. Blended threats are extremely disruptive, consuming corporate and IT resources to stop their effects and repair damaged systems. Each new worm is more complicated and destructive than the last.

Internal hackers
Once a hacker has access to a network, his work is generally three quarters complete. An internal hacker might be a strong technical resource within an organization. With a keycard to enter the building, the hacker might have all the authorizations needed within a typical enterprise to access just about any information needed. This employee level of access is the main reason internal threats are so detrimental. Further, the introduction of wireless technology into the workplace and the general acceptance of telecommuting have all but made physical security obsolete.


Technology advances, markets shift
Advanced threats combined with market and technology shifts are encouraging businesses of all sizes to deploy enhanced internal threat protection. Meanwhile, the cost of security technology has dropped considerably over the past few years as technologies like firewalls and VPNs have become commodities. As these traditional technologies mature, efforts are made to extend the life of existing security and networking equipment as with complementary departmental gateway antivirus devices.
Below are three simple and relatively inexpensive steps your company can take to better defend against internal threats.

1. Deploy 'intrawalls' (firewalls between departments)
Firewalls are commonplace and