Amazines Free Article Archive
www.amazines.com - Friday, October 18, 2019
Read about the most recent changes and happenings at Amazines.com
Log into your account or register as a new author. Start submitting your articles right now!
Search our database for articles.
Subscribe to receive articles emailed straight to your email account. You may choose multiple categories.
View our newest articles submitted by our authors.
View our most top rated articles rated by our visitors.
* Please note that this is NOT the ARTICLE manager
Add a new EZINE, or manage your EZINE submission.
Add fresh, free web content to your site such as newest articles, web tools, and quotes with a single piece of code!
Home What's New? Submit/Manage Articles Latest Posts Top Rated Article Search
Google
Subscriptions Manage Ezines
CATEGORIES
 Article Archive
 Advertising (133313)
 Advice (160846)
 Affiliate Programs (34734)
 Art and Culture (73685)
 Automotive (145676)
 Blogs (75043)
 Boating (9840)
 Books (17122)
 Buddhism (4124)
 Business (1328464)
 Business News (426309)
 Business Opportunities (366262)
 Camping (10961)
 Career (72723)
 Christianity (15840)
 Collecting (11637)
 Communication (115055)
 Computers (241950)
 Construction (38995)
 Consumer (49679)
 Cooking (17061)
 Copywriting (6567)
 Crafts (18204)
 Cuisine (7538)
 Current Affairs (20384)
 Dating (45775)
 EBooks (19685)
 E-Commerce (48201)
 Education (185229)
 Electronics (83492)
 Email (6392)
 Entertainment (159829)
 Environment (28935)
 Ezine (3039)
 Ezine Publishing (5446)
 Ezine Sites (1550)
 Family & Parenting (110900)
 Fashion & Cosmetics (196387)
 Female Entrepreneurs (11842)
 Feng Shui (130)
 Finance & Investment (310266)
 Fitness (106052)
 Food & Beverages (62863)
 Free Web Resources (7938)
 Gambling (30224)
 Gardening (25103)
 Government (10512)
 Health (629457)
 Hinduism (2205)
 Hobbies (44034)
 Home Business (91553)
 Home Improvement (251338)
 Home Repair (46124)
 Humor (4819)
 Import - Export (5453)
 Insurance (45130)
 Interior Design (29545)
 International Property (3484)
 Internet (190981)
 Internet Marketing (146327)
 Investment (22824)
 Islam (1167)
 Judaism (1356)
 Law (80476)
 Link Popularity (4591)
 Manufacturing (20842)
 Marketing (98766)
 MLM (14136)
 Motivation (18213)
 Music (27001)
 New to the Internet (9479)
 Non-Profit Organizations (4048)
 Online Shopping (129614)
 Organizing (7803)
 Party Ideas (11855)
 Pets (38081)
 Poetry (2234)
 Press Release (12672)
 Public Speaking (5618)
 Publishing (7523)
 Quotes (2407)
 Real Estate (126613)
 Recreation & Leisure (95264)
 Relationships (87455)
 Research (16158)
 Sales (80317)
 Science & Technology (110203)
 Search Engines (23451)
 Self Improvement (153096)
 Seniors (6231)
 Sexuality (35942)
 Small Business (49283)
 Software (82994)
 Spiritual (23464)
 Sports (116077)
 Tax (7658)
 Telecommuting (34066)
 Travel & Tourism (307315)
 UK Property Investment (3118)
 Video Games (13427)
 Web Traffic (11726)
 Website Design (56814)
 Website Promotion (36564)
 World News (1000+)
 Writing (35764)
Author Spotlight
OLEG KOBETS

Oleg has been providing SEO, Copywriting and Content Management services for 10+ years. For the last...more
ANISH SAH

My Name is Anish Sah, I am an Internet Marketing and SEO Expert, Social Media Guru and young Entrepr...more
SHWETA SINGH

This article has been written by a verified author, Shweta Singh. She has been in the business of wr...more
WILLIAM ELSENRATH

I'm retired and help my wife with her home business. I do the work behind the scenes by writing arti...more
CACEY TAYLOR

Im just a man who likes to be happy and see others happy. Im into home business, sports, family, and...more


Security threats explained internal excessive privilege - Electronic Price Computing Scale Manufact by he ni






Article Author Biography
Security threats explained internal excessive privilege - Electronic Price Computing Scale Manufact by
Article Posted: 09/05/2015
Article Views: 582
Articles Written: 1145
Word Count: 919
Article Votes: 0
AddThis Social Bookmark Button

Security threats explained internal excessive privilege - Electronic Price Computing Scale Manufact


 
Business,Business News,Business Opportunities
In this series, Computerworld Australia examines some of the information security threats facing small businesses and larger enterprises today.

We’ve looked at

Whether it’s a system administrator with complete access to servers and data or an executive who retains excessive access rights after changing roles, these people could pose an internal threat if they turn against the company.

For example, employees could find themselves locked out of their own networks while customer data files vanish, trade secrets get stolen or company funds are siphoned out of the business.

IT admins gone wild:

The threat of internal excessive privilege

While organisations spend large amounts of money trying to defend their perimeters from being breached by external malicious actors, the defensive strategies put in place are not effective at protecting the organisation from within, according to IDC Australia senior market analyst, Vern Hue.

“When a rogue employee has access rights to various, and deep-lying parts of the business --most often due to employees being with the organisation for a long period of time and changing roles as they go along-- access to other parts of the system remains,” he says.

According to Hue, this is because many organisations do not have the right processes in place to remove access rights to that previous role.

“This allows the employee to be in a position of siphoning precious information out and hold it against the organisation for a ransom, or to sell it in the black market,” he says.

The risks of allowing staff access to certain systems can range from the employee destroying data that they should not have access to through to the entire corporate environment becoming compromised, according to Pure Hacking chief technology officer, Ty Miller. “This is a common scenario found by our security consultants where organisations are creating excessive numbers of domain administrator accounts,” says Miller.

“These accounts have complete control over every Windows workstation, laptop and server throughout the corporate environment. When these accounts are compromised, the resulting impact can have devastating consequences on the organisation.”

Extent of the threat

IDC’s Hue warns that some well-known financial institutions have taken hits to both the bottom line and reputation as a result of rogue traders with excessive privileges. For example, French bank, Sociate Generale, was thrown into turmoil in 2008 when one of their traders, who breached five levels of controls, executed a series of fictitious transactions which resulted in US$7 billion of losses.

“That said trader was reported to have worked in the risk management office, before moving into a trading role,” he says. According to Trend Micro Australia and New Zealand alliances manager, Adam Biviano, the risk is not just from intentional misuse of the company data. For example, an administrator might be in the process of repairing a server and copies a critical database to a USB drive. “Once the server is fixed and the data is no longer needed on the USB drive, is it actually deleted? Or is it thrown in the drawer as is, only to be used by someone else down the track who misplaces it in public,” he says.

Addressing internal excessive privilege

Businesses need to reassess how they look at addressing internal excessive privilege by shifting away from viewing it as a compliance and government requirement to making it more about a risk management exercise, says IDC’s Hue.

“The shift in mentality has to start with the C-level executives, and helping them understand the risks associated with not having proper access governance programmes,” he says.

Hue adds that companies can also conduct both external penetration tests [EPT] and internal penetration tests [IPT].

“These penetration tests would be deployed in order to mimic vulnerabilities which lay outside, and within the firewall,” he says.

IPT is conducted from the vantage point of an internal user and using the network access a typical users has, and from this point, the organisation is able to see how far privileges can be escalated and how much information within the network is at risk of a breach.

“This gives the team a view of their current security posture and it helps validate their security controls which are in place,” says Hue.

Pure Hacking’s Miller provided five key steps for organisations to address the issues surrounding excessive internal privileges.

Security policies, processes and system security guidelines should be developed to ensure that security is being implemented effectively and only the necessary privileges are provided to employees.

System configurations should also be locked down so that least privileges security is being used to minimise the risk of unnecessary privileges being abused.

Hackers perform privilege escalation attacks that are designed to gain unauthorised access to systems and data. Systems should be patched and hardened on a monthly basis to ensure that these types of attacks are not possible.

Penetration tests should be performed to identify insecure access controls, privilege levels, and privilege escalation vulnerabilities within systems and applications.

Organisations should review all users’ privileges on a regular basis to ensure that accounts only have access to the functionality and data that they require access to.

Follow Hamish Barwick on Twitter:

Follow Computerworld Australia on Twitter:

I am an expert from electronicbalancescale.com, while we provides the quality product, such as Electronic Price Computing Scale Manufacturer , Plastic Measuring Cup, Electronic Precision Balance,and more.

Related Articles - Electronic Price Computing Scale Manufacturer, Plastic Measuring Cup,







Email this Article to a Friend!

Receive Articles like this one direct to your email box!
Subscribe for free today!

 Rate This Article  
Completely useless, should be removed from directory.
Minimal useful information.
Decent and informative.
Great article, very informative and helpful.
A 'Must Read'.

 

Do you Agree or Disagree? Have a Comment? POST IT!

 Reader Opinions 
Submit your comments and they will be posted here.
Make this comment or to the Author only:
Name:
Email:
*Your email will NOT be posted. This is for administrative purposes only.
Comments: *Your Comments WILL be posted to the AUTHOR ONLY if you select PRIVATE and to this PUBLIC PAGE if you select PUBLIC, so write accordingly.
 
Please enter the code in the image:



 Author Login 
LOGIN
Register for Author Account

 

Advertiser Login

 

ADVERTISE HERE NOW!
   Limited Time $60 Offer!
   90  Days-1.5 Million Views  

 

Great Paranormal Romance


STEPHEN BYE

Steve Bye is currently a fiction writer, who published his first novel, ‘Looking Forward Through The...more
LAURA JEEVES

At LeadGenerators, we specialise in content-led Online Marketing Strategies for our clients in the t...more
SUSAN FRIESEN

Susan Friesen, founder of the award-winning web development and digital marketing firm eVision Media...more
STEVERT MCKENZIE

Stevert Mckenzie, Travel Enthusiast. ...more
GENE MYERS

Author of four books and two screenplays; frequent magazine contributor. I have four other books "in...more
TIM FAY

I am not a writer nor am I trying to become a writer. I am an average person with average intelligen...more
JOANNA MORGAN

Joanna Morgan has a huge passion for making money online from home and enjoys traveling around the w...more
JAMES OLEANDER

James Oleander is a professional writer on business and financial topics. He has published many arti...more
JASON NG

Jason Ng has a huge passion for the health and fitness industry as he strongly believes that having ...more
LANCE CHAPMAN

An experienced, resourceful and highly motivated IT professional, with a proven record of success in...more

HomeLinksAbout UsContact UsTerms of UsePrivacy PolicyFAQResources
Copyright © 2019, All rights reserved.
Some pages may contain portions of text relating to certain topics obtained from wikipedia.org under the GNU FDL license