The Wikileaks debacle has highlighted the fact that the biggest threat facing network security is often the insider threat. Most security is focused on keeping the bad guys out, but all too often the bad guy is sitting in a cubicle inside the building and inside your firewall. What can you do to prevent your data from walking out and ending up on a Wikileak-type site?1. Implement security policies and network rules of behavior.
Make sure you have a solid security policy in place for your company or organization. Develop a Network Rules of Behavior document that provides users with the do's and don'ts on topics such as information protection, password construction, and e-mail encryption requirements. Make everyone sign it so they understand the consequences of non-compliance. Of course, the bad guys don't care about your policies, but at least they can't plead ignorance, and the fact that they signed the acknowledgment form should help if you need to prosecute them later.
Furthermore, don't use group accounts or accounts named "administrator". Make sure all users, including administrators, have their own named accounts. This helps to ensure accountability for an individual's actions.2. Don't give users admin rights to their PCs.
If you take away their PC admin rights, users may whine and complain and ask for your help to install things but you are greatly increasing your security by taking these rights away. Admin rights should be entrusted to admins only, not users. If users have the ability to install software on their own, then they can run virus codes as privileged users, which could do a lot more harm than if it had been limited by non-privileged, user-level assigned rights. The bad guys love having admin rights because it allows them to load software to create covert channels on your network that they can use to leak data without anyone being able to detect what they are doing.3. Implement and enforce access control policies.
If you have sensitive data, protect it by encrypting it when it's in transit and when it's at rest (on a tape, disk, or removable media). Adopt a least-privilege, role-based access control policy that gives a user only enough access to the things they need to do their job functions (i.e. a DB administrator doesn't need network administrator privileges on his server).4. Ask management to cross-train and rotate employeess' job assignments often.
If a bad guy has a process in place that sends data to one of his bad guy friends at a certain time each day, then he won't like the fact that you are going to rotate someone into his job position. He might get nervous when the new guy asks, "What does this LeakData script do?"
Random task rotation can throw a major wrench into a steady flow of data leakage. Make sure logging is turned on for all systems containing sensitive data. Have admins review each other's s log files, rather than the ones for systems that they manage.
Another great side effect of cross-training and job rotation is that it helps prevent boredom and helps foster operational continuity. If someone leaves, a cross-trained person can be easily moved into place more easily than bringing on someone brand new.5. Tighten your network perimeter security and physical security.
Add intrusion detection capabilities and application layer firewalls to your network if feasible. Implement physical security controls such as entry control points and visitor badges. Restrict use of removable media through network policy and only allow organization-approved methods and devices that use strong encryption.
Ask yourself and your leadership questions such as "What data is the most sensitive data in our organization? How is it being protected? Who needs access to it? Who has access to it?" It's also important to think like the bad guy and look for holes in the logic of your organization's business rules. You can't always prevent a determined insider from leaking data even with a lot of safeguards in place, but you can make it as hard as possible for him so that maybe he'll slip up and get caught or become frustrated and choose a new line of work.