The Deep Queue – Episode #6: The Myth of the Trusted Internal Network

In this episode of The Deep Queue I explain why I believe the “trusted internal network” is a myth.  Many of the problems that I see on consulting assignments would have been prevented by the same security measures I recommend to protect against malicious attacks.  Except the incidents in question are not usually malicious, they are just human error.  In most of these cases the fact that there are no secondary firewalls around Production assets, no defense in depth and no checks and balances allows a simple mistake to blossom into a full-scale incident with serious financial, and often reputational, damage.

But if companies don’t want to implement security to protect against honest mistakes, perhaps they will if there is a credible outsider threat.  In this episode I argue that such a threat is real and to back that up I cite six US DOJ press releases from just the last two months describing malicious corporate network intrusions.  The press releases also give us some insight into the state of tools available for cybercriminals and the degree to which the tools have been weaponized.

Links for this episode:

SAN JOSE WOMAN CHARGED WITH FRAUD IN CONNECTION WITH A PROTECTED COMPUTER

http://www.usdoj.gov/criminal/cybercrime/leotiotaIndict.pdf

FORMER IT MANAGER SENTENCED TO PRISON FOR HACKING INTO PREVIOUS EMPLOYER’S COMPUTER SYSTEM AND CAUSING DAMAGE

http://www.usdoj.gov/criminal/cybercrime/barnesSent.pdf

JUVENILE COMPUTER HACKER PLEADS GUILTY

http://www.usdoj.gov/criminal/cybercrime/dshockerPlea.pdf

Multi-Million Dollar Home Equity Line of Credit, Identity Theft and Computer Intrusion Ring Busted

http://www.usdoj.gov/criminal/cybercrime/polkCharge.pdf

HACKER CHARGED WITH PROVIDING DATA THEFT TOOL IN NATIONAL IDENTITY THEFT CASE

http://www.usdoj.gov/criminal/cybercrime/wattCharge.pdf

FORMER MASSACHUSETTS INMATE ARRESTED FOR HACKING PRISON COMPUTER TO ACCESS PRISON MANAGEMENT PROGRAM

http://www.usdoj.gov/criminal/cybercrime/janoskoIndict.pdf

Boffins bust web authentication with game consoles

http://www.theregister.co.uk/2008/12/30/ssl_spoofing/

This entry was posted in DeepQueue, Podcast, WMQ, WMQ Security and tagged , , , , , , , . Bookmark the permalink.

One Response to The Deep Queue – Episode #6: The Myth of the Trusted Internal Network

  1. Rob Lewis says:

    Hi T.Rob,

    This post is bang-on! People don’t realize that what one has with fully patched systems, are systems designed to share information, nothing more. In the network, there is no authorization component post-authentication, and people naively believe that authentication can somehow act as some kind of proxy for authorization. This is why protecting data ‘in use’ is so difficult.

    This is what we do though. Trustifier technology is counter-espionage technology that adds internal authorizationto existing IT networks in the form of access and audit control at the data file level, for all authorized users.

    You should drop me a line, because there is a Websense/IBM angle to our story.

Leave a Reply