The methods of protecting internal threats are largely dependent on policies set by the network administrator for different users rather than the technology. There are large number of user accounts and groups having different levels of rights/permissions spread around a network. Each time a user is granted access to a resource you create potential loopholes leaving your network vulnerable to unauthorized access, data destruction and other administrative threats. To protect the computer network from internal threats, the administrator needs to implement passwords, permissions and policies on user accounts.
Implementing passwords is the best practice to protect your network. An us account with a valid password would provide entry into a system even if the user has limited permissions. It is also essential to keep the password safe. If a user forgets his password, the network administrator should set a new password using different combination of letters and numbers and the user should be allowed to change it the next time he logs in. Also, the users should be made to change the passwords at regular intervals of time. Smart devices such as credit cards, smart cards and USB keys can be used in place of entering a password. Biometric devices like finger prints and retina scan can also be used as a replacement for passwords.
User Account Control
All the user accounts should be given the right permission to access the resources they need and nothing more. Access to the user accounts should be restricted and the accounts should have permissions to access the necessary resources. The best method of user account control is creating groups. Assigning permissions/rights to groups rather than individual user accounts make it easy to track the permissions given to a specific group of the user. Operating systems such as Netware and Windows store the entire structure including computers, groups, and users and shared resources in a single large directory.
It is essential to implement various policies so as to restrict access to the resources or to prohibit them from doing certain tasks. For e.g. the administrator does not want the users to install any software on their computer. These policies are generally applied to the user account, a computer or a group and depend upon the type of the network operating system used. The different policies that can be enabled on a windows system include prevent registry edits, log on locally, shutdown system and disable windows installer.
Fault tolerance is used in recovering data if data is lost due to disk crash. RAID technology is used for fault tolerance. In RAID, if one of the hard disk crashes, the data can be recovered from other hard disk.
It is always a good practice to install antivirus software on your computer which has latest antivirus definitions. The antivirus software should be configured according to the requirements of an organization. It is very essential to update the antivirus software regularly so that the latest virus definitions are updated and the computer gets the higher level of security from viruses. Organization should try and prevent use of any external storage medium like DVD ROM’s and USB drives. Most of the virus comes through these external storage device plugged in by the companies most trusted user. We can configure a group policy to disable the USB storage devices and DVD ROM’s. We can also disable these external storage devices through BIOS.
These are few methods of protecting your computer network from internal threats. It is always advisable to prevent a threat rather than working on it after the damage is caused.