ebook img

Enemy at the Water Cooler: Real-Life Stories of Insider Threats and Enterprise Security Management Countermeasures PDF

285 Pages·2007·6.297 MB·English
Save to my drive
Quick download
Download
Most books are stored in the elastic cloud where traffic is expensive. For this reason, we have a limit on daily download.

Preview Enemy at the Water Cooler: Real-Life Stories of Insider Threats and Enterprise Security Management Countermeasures

424_Wtr_Clr_FM.qxd 7/28/06 10:56 AM Page i Praise for Enemy at the Water Cooler “Brian Contos has created what few security specialists can claim: a truly readable book about the threats to our businesses from insiders who know how to attack the critical com- ponents of modern business, the computers, applications and networks that make it all work. During the last fifteen years we have witnessed incredible strides in network centric business processes that have spawned the productivity of our workforce and the globaliza- tion of our supply chains. All of this progress is based on Information Technology advances that connect people and processes together to achieve more than our traditional approaches would have ever allowed. With these substantial changes, we have become increasingly dependent on IT systems for business success, and with that dependence we have also become increasingly vulnerable to threats to those systems. During this revolution, security has been viewed as costly, highly technical, and something that is attended to by a small cadre in the back room. It has also been largely viewed as keeping the hordes of attackers and hackers out of the corporate net- work at the perimeter. In this book we come to see that the insider poses a really significant threat, and Contos punctuates this point with compelling case studies that make the threats come alive for the reader. Brian has not only made these threats understandable for any cor- porate player in the management team, he has also made it clear that a well constructed set of defenses requires that the entire corporation or agency become involved in defining the threats and knowing how to spot them in the business processes. Enemy at the Water Cooler is a must read for CIOs and security officers everywhere, but it is also part of the literature that CEOs and government leaders should read to understand how their businesses can be threatened by lack of attention to the fundamental IT infrastructure and its vulnerabilities to the insider threat.” —William P. Crowell is the former Deputy Director of the National Security Agency (NSA), a former Silicon Valley CEO for a public security company, and an independent security consultant. “Insider threats warrant being among the top concerns of IT professionals and businesses alike. While there are a lot of books on security, very few address the growing concern over insider threats. The cyber crime overview, explanations of ESM countermeasures, and the wealth of real-life case studies contained in Contos’s book explore this difficult problem with honest lessons learned, and it also describes some best practices derived from organizations around the world. By definition the security climate is ever changing. Having up-to-date insight into the real-world of insider threats is paramount, and reading this book goes a long way to developing that understanding.” 424_Wtr_Clr_FM.qxd 7/28/06 10:56 AM Page ii —Amit Yoran is an information security expert and entrepreneur. A West Point graduate, Amit worked for the Department of Defense’s Computer Emergency Response Team responding to computer incidents affecting the U.S. military. He also served as President Bush’s National Cyber Security Director at the Department of Homeland Security. As an entrepreneur, he founded Riptech, a market leading managed security services firm, and served as its CEO until the company was acquired by Symantec. Today Amit serves as a director on the boards of several security firms and advises corporations on their security programs. “Contos has taken an in-depth look at the risks insiders can pose to their own organizations. He enlivens the book with real-world examples and offers countermeasures organizations can take to prepare themselves. This book will help both technical and non-technical execu- tives have a better understanding of the real security challenges organizations face today. While many organizations understand and adequately prepare for external threats, this book brings to light the less understood and darker concern of enemies within.” —Jim Cavalieri is Salesforce.com’s Chief Security & Risk Officer. Mr. Cavalieri was employed at Oracle Corporation where he held several technical and management positions, and he was a consultant and systems engineer for EDS. Mr. Cavalieri received a B.S. from Cornell University. “Brian Contos’s Enemy at the Water Cooler provides an excellent overview of enterprise secu- rity management. This easy to read work is enjoyable and puts you in the drivers seat as Contos rolls out ESM. This work not only provides some walking steps for the new users, but it also allows the experienced chief information security officer to walk through his footsteps as Contos reviews a number of terrific case studies. If you have considered ESM as a possible countermeasure, then this book is a must read.” —Joseph R. Concannon’s executive management experiences are as a captain and executive officer in NYPD, Deputy Director for the Mayor’s Office of Operations, Public Safety in the Giuliani Administration as well as a founding member and now CEO of the NYC Metro InfraGard Members Alliance in NYC (a public/private program of the FBI). “External threats are well understood by most organizations, the general public and the media, consequently most security resources are focused to counter them. Enemy at the Water Cooler focuses on the often-overlooked area of information security—the enemy within—and shows real-world examples coupled with mechanisms and approaches to recog- nize potential and real threats. This book delivers solid foundations for novices and great anecdotes for seasoned professionals.” —Andrew Dawson, Head of Information Security-Racing and Wagering Western Australia. Mr. Dawson has worked in the information security arena as an engineer, consultant, lec- turer, and manager for fourteen years in Australia, the UK, USA, and Brazil. He has worked for investment and retail banks, big oil, universities, and gambling organizations. 424_Wtr_Clr_FM.qxd 7/28/06 10:56 AM Page iii Enemy AT TH E Water Cooler Real-Life Stories of Insider Threats and Enterprise Security Management Countermeasures Brian T. Contos, CISSP 424_Wtr_Clr_FM.qxd 7/28/06 10:56 AM Page iv Syngress Publishing,Inc.,the author(s),and any person or firm involved in the writing,editing,or produc- tion (collectively “Makers”) of this book (“the Work”) do not guarantee or warrant the results to be obtained from the Work. There is no guarantee of any kind,expressed or implied,regarding the Work or its contents.The Work is sold AS IS and WITHOUT WARRANTY.You may have other legal rights,which vary from state to state. In no event will Makers be liable to you for damages,including any loss of profits,lost savings,or other incidental or consequential damages arising out from the Work or its contents.Because some states do not allow the exclusion or limitation of liability for consequential or incidental damages,the above limitation may not apply to you. You should always use reasonable care,including backup and other appropriate precautions,when working with computers,networks,data,and files. Syngress Media®,Syngress®,“Career Advancement Through Skill Enhancement®,”“Ask the Author UPDATE®,”and “Hack Proofing®,”are registered trademarks of Syngress Publishing,Inc.“Syngress:The Definition of a Serious Security Library”™,“Mission Critical™,”and “The Only Way to Stop a Hacker is to Think Like One™”are trademarks of Syngress Publishing,Inc.Brands and product names mentioned in this book are trademarks or service marks of their respective companies. KEY SERIAL NUMBER 001 HJIRTCV764 002 PO9873D5FG 003 829KM8NJH2 004 BPOQ48722D 005 CVPLQ6WQ23 006 VBP965T5T5 007 HJJJ863WD3E 008 2987GVTWMK 009 629MP5SDJT 010 IMWQ295T6T PUBLISHED BY Syngress Publishing,Inc. 800 Hingham Street Rockland,MA 02370 Enemy at the Water Cooler Copyright © 2006 by Syngress Publishing,Inc.All rights reserved.Except as permitted under the Copyright Act of 1976,no part of this publication may be reproduced or distributed in any form or by any means,or stored in a database or retrieval system,without the prior written permission of the pub- lisher,with the exception that the program listings may be entered,stored,and executed in a computer system,but they may not be reproduced for publication. Printed in Canada. 1 2 3 4 5 6 7 8 9 0 ISBN:1597491292 Publisher:Andrew Williams Page Layout and Art:Patricia Lupien Acquisitions Editor:Erin Heffernan Copy Editor:Eileen Fabiano Technical Reviewer:David Kleiman Indexer:Richard Carlson Cover Designer:Michael Kavish and Patricia Lupien Distributed by O’Reilly Media,Inc.in the United States and Canada. For information on rights,translations,and bulk sales,contact Matt Pedersen,Director of Sales and Rights, at Syngress Publishing;email [email protected] fax to 781-681-3585. 424_Wtr_Clr_FM.qxd 7/28/06 10:56 AM Page v Acknowledgments Syngress would like to acknowledge the following people for their kindness and support in making this book possible. Syngress books are now distributed in the United States and Canada by O’Reilly Media,Inc.The enthusiasm and work ethic at O’Reilly are incredible,and we would like to thank everyone there for their time and efforts to bring Syngress books to market:Tim O’Reilly,Laura Baldwin,Mark Brokering,Mike Leonard, Donna Selenko,Bonnie Sheehan,Cindy Davis,Grant Kikkert,Opol Matsutaro, Mark Wilson,Tim Hinton,Kyle Hart,Sara Winge,Peter Pardo,Leslie Crandell, Regina Aggio Wilkinson,Pascal Honscher,Preston Paull,Susan Thompson,Bruce Stewart,Laura Schmier,Sue Willing,Mark Jacobsen,Betsy Waliszewski,Kathryn Barrett,John Chodacki,Rob Bullington,Kerry Beck,Karen Montgomery,and Patrick Dirden. The incredibly hardworking team at Elsevier Science,including Jonathan Bunkell, Ian Seager,Duncan Enright,David Burton,Rosanna Ramacciotti,Robert Fairbrother,Miguel Sanchez,Klaus Beran,Emma Wyatt,Krista Leppiko,Marcel Koppes,Judy Chappell,Radek Janousek,Rosie Moss,David Lockley,Nicola Haden,Bill Kennedy,Martina Morris,Kai Wuerfl-Davidek,Christiane Leipersberger,Yvonne Grueneklee,Nadia Balavoine,and Chris Reinders for making certain that our vision remains worldwide in scope. David Buckland,Marie Chieng,Lucy Chong,Leslie Lim,Audrey Gan,Pang Ai Hua,Joseph Chan,June Lim,and Siti Zuraidah Ahmad of Pansing Distributors for the enthusiasm with which they receive our books. David Scott,Tricia Wilden,Marilla Burgess,Annette Scott,Andrew Swaffer,Stephen O’Donoghue, Bec Lowe, Mark Langley, and Anyo Geddes of Woodslane for dis- tributing our books throughout Australia, New Zealand, Papua New Guinea, Fiji, Tonga,Solomon Islands,and the Cook Islands. v 424_Wtr_Clr_FM.qxd 7/28/06 10:56 AM Page vi 424_Wtr_Clr_FM.qxd 7/28/06 10:56 AM Page vii About the Author Brian T. Contos, CISSP Chief Security Officer,ArcSight Inc. Mr.Contos has real-world security engineering and management expertise developed in over a decade of working in some of the most sensitive and mission-critical environments in the world.For four years as ArcSight’s CSO,he has advised government organiza- tions and Fortune 1,000s on security strategy related to Enterprise Security Management solutions and has evangelized the ESM space. He has delivered speeches,written numerous white papers,per- formed webcasts and podcasts and published countless security arti- cles for publications such as:The London Times,Computerworld,SC Magazine,Tech News World,Financial Sector Technology, and the Sarbanes-Oxley Compliance Journal.Mr.Contos has held security management and engineering positions at Riptech (a Managed Security Services Provider (MSSP) acquired by Symantec),Lucent Bell Labs,Compaq Computers,and the Defense Information Systems Agency (DISA).He has worked throughout North America,South America,Western Europe,and Asia,holds a number of industry and vendor certifications,and has a BS from the University of Arizona. vii 424_Wtr_Clr_FM.qxd 7/28/06 10:56 AM Page viii Dedication To Monica-Tiffany and Zoey Transit umbra, lux permanent Acknowledgements I still remember my first hack.Excluding videogame hacking—a right of pas- sage for many adolescent computer enthusiasts in the late 1980s and early 1990s—my first real hack involved a police scanner.This scanner enabled me to listen to CBs,police,fire,ambulance,aircraft,amateur radios,and the like. I had mowed lawns for an entire summer to afford the scanner,but I found that listening to police and fire alerts wasn’t as interesting as I had thought it would be.What did turn out to be pretty cool was listening to my older sisters talking on their 44-MHz cordless phones.The content of their conversations was of little interest to me (unless it was something like,“Wait—I think my little brother is listening in on my calls again”),but the fact that I could listen, and so covertly,was of great interest to me.Then one day it happened;my family replaced the older 44-MHz phone with a 900-MHz phone.My sister- eavesdropping days were over,because my scanner was designed with a diode that specifically blocked the 900-MHz frequency range to prevent people with scanners from listening to cordless telephone calls. After sharing my dilemma with my friends,we began to research scanner modifications.We searched several bulletin-board systems,and before the day was done,we found a schematic of the scanner and a guide to modifying it viii 424_Wtr_Clr_FM.qxd 7/28/06 10:56 AM Page ix specifically to pickup 900-MHz cordless phones.Armed with nothing but a screwdriver,a desoldering gun (which I purchased for $6.99),and some finger- nail clippers,I disassembled the scanner and clipped the blocking diode. I can still remember thinking that,once I put it back together and loaded it up with batteries,the long hours of lawn mowing would have yielded me a hi- tech paperweight.Fortunately,the modification was a success and I was able to continue performing my brotherly hobby of sister spying—at least until 2.4- GHz phones came out. The success of that hack is what planted the security seed in me,and I had no idea where it might take me.I read everything I could find—books,news groups,mailing lists,and Web sites.I joined clubs,attended conferences,set up networks,and investigated the internals of everything I could lay my hands on. With a combination of enthusiasm and naivety,I embarked on what has turned out to be an endless journey. The more I learned,the more I discovered how little I knew.Even today, I’m amazed at how much information one must possess to be effective in this ever-changing environment.A mentor told me early on that,because of the level of knowledge required,specializing in security is like jumping in the deep end of the pool and hoping you can swim.With the rate at which security is changing today,I would say a more accurate analogy is jumping in the deep end of the pool while having a fire hose turned on you.Either you’ll love it and stay,or hate it and get out.I decided to stay,and in large part,with thanks to my family. Therefore,the first group I would like to acknowledge is my family.My parents and sisters tolerated my eavesdropping shenanigans,my constant breaking and rebuilding of the family computer and various household elec- tronic experiments with more patience than any brother or son deserved. Without their support,I might still be mowing those lawns. Today,after more than a decade of my career being security-focused,I’ve had the pleasure to work with some of the brightest people in some of the most fascinating organizations I could have ever imagined.Enemy at the Water Cooler and the stories inside are a standing acknowledgment to those people and organizations.Unfortunately,security being what it is,I can’t mention any of their names specifically,but if they’re reading this—they know who they are. ix

See more

The list of books you might like

Most books are stored in the elastic cloud where traffic is expensive. For this reason, we have a limit on daily download.