英文翻印Insider attacksIt's not a happy thing to contemplate,but trusted employees prowl through information that they shouldn't be able to access.Their motivation may be fuelled by anger and be purely destructive,or they may desire to access spe
来源:学生作业帮助网 编辑:六六作业网 时间:2024/11/15 19:59:12
英文翻印Insider attacksIt's not a happy thing to contemplate,but trusted employees prowl through information that they shouldn't be able to access.Their motivation may be fuelled by anger and be purely destructive,or they may desire to access spe
英文翻印
Insider attacks
It's not a happy thing to contemplate,but trusted employees prowl through information that they shouldn't be able to access.Their motivation may be fuelled by anger and be purely destructive,or they may desire to access specific data in order to make use of it somehow.They may be competing for promotions or accounts,or be fighting a rearguard action against planned redundancies,or they could be probing through simple curiosity.In some cases data ends up in the wrong hands due to a mistake.
It should be obvious by now that protecting the network perimeter isn't enough anymore – in fact it was never enough.But a recent study by the Ponemon Institute found that nearly 60% of US businesses and government agencies still can't adequately deal with insider threats to their network,and 58% rely on manual controls to audit and manage user access to critical systems and databases.
Table 1.
Primary methods of insider attacks
Method Defence
Privilege escalation Role-based access/system audits
Privilege abuse Access control/system audits
Privileges too broad More granular controls
Privacy/security policies not enforced Automated enforcement
Setting carefully considered database privileges is the most obvious way to control who sees what information.Each database should have its own authenticated group of users whose access to information is regulated by a role-based permission system.Many abuses and accidents occur because people have access to data that they don't need to see,or do need to see but shouldn't be able to alter or delete.Permissions should enable a user to do exactly what he or she needs to do to get their work done,no more and no less.This helps protect against insider compromises,and if an account is compromised by an outsider the attacker is more likely to have limited access to the database.
英文翻印Insider attacksIt's not a happy thing to contemplate,but trusted employees prowl through information that they shouldn't be able to access.Their motivation may be fuelled by anger and be purely destructive,or they may desire to access spe
内幕的袭击
这不是一个快乐的事,但是信任员工通过信息,它们觅食都不能访问.他们的动机可能是由愤怒和纯粹的破坏性,或者他们可能想访问的具体数据,为了充分利用它.他们可以争取晋升或帐号,或者打后卫行动计划,否则他们会裁员探讨通过简单的好奇心.在某些情况下,数据的错误的手由于错误.
很明显的,我们现在应该保护网络周边不够用了,实际上它是永远都不够.但最近的一项研究结果后发现,近60% Ponemon学院的美国公司和政府机构还不能充分地处理内部威胁到他们的网络,58%依靠手工控制审计和管理用户访问临界系统和数据库.
表1.
基本方法是内线进攻
方法防御
基于角色访问/系统升级的特权的审计工作
滥用特权的访问控制/系统审核
特权太宽更颗粒的控制
隐私/安全政策不能实施自动执行
仔细考虑数据库权限的设置是最直接的方式来控制看到哪些信息.每一个数据库,应该有自己的验证用户组的存取信息是由一个基于许可制度.很多虐待和事故发生,因为人们对数据的访问,他们不需要去看,还是需要看看,但也不能改变或删除.应该让用户权限,做他或她需要做的是为了完成他们的工作,没有.这有助于防止内幕的妥协,如果一个帐户会遭受外人攻击者更有可能拥有有限的存取数据库