Internal Network Attacks

Internal network attacks originate from within the network due to malicious intentions or a mistake by a person authorized to access the network. In either case, such attacks should be prevented by properly safeguarding the network resources.

Though most of the internal network attacks are authorization−based (improper or unauthorized use of a privilege), most network attacks that can be launched against a network from outside can also be launched from within the network.

This means that isolating a network from external networks does not eliminate the possibility of a network attack. File servers and shared disk space, network appliances including printers and external communication systems, network application programs, and databases are often targeted by hackers and adversaries in attacks that originate from within the network.

File Servers and Disk Space Security

The network users normally share files over the network using a central computer called a file server. File servers contain hard−disk drives with capacities to address the needs of the file storage at a given network.

The space available to network users on the disk drives is known as disk space. The disk space is secured by dividing the disk into partitions called directories. Access to these directories, where users store their files, is controlled using ACLs to restrict the access to authorized users and groups.

Common rights include read, write, execute, modify, and delete. For example, file server "secretfileserver" may contain top secret files that belong to a company—only executives should be allowed access to this server. These servers are normally secured through network security and are only accessible by authorized network users.

The most commonly known attacks on the file server are originated either by viruses, which attempt to crash the hard disk by filling it up with garbage information, or by curious internal employees who want to gain information on secret documents that they are not authorized to access.

Network Appliance Security

Network login−based security can be enforced to restrict access to network appliances. Such appliances can include printers, site−entry systems, and network backup devices.

For example, only payroll should be able to print to a printer that prints checks. Typically, printers are often shared by attaching them to network servers called print servers. These print servers use network authentication to ensure that a user is authorized to use the printer.

Likewise, if a physical entry access system (for example, a building−entry system using key fobs or magnetic swipe cards) is managed using the computer network, it must also be secured.

Application Program Security

Application program security deals with the security that ensures that only designated personnel have access to an application program. For example, only employees dealing with payroll in a given company should have access to an application program that generates or manages the payroll information.

An application can work from the OS−supplied security, can implement its own security, or can rely on a database (where it stores its data) to perform security. Application programs that run on a server are specially written to run in authenticated mode because they run on a server on behalf of a remote user.

Users of network application software should be discouraged from sharing passwords with other individuals. In addition, access to network applications should be granted to a minimum number of personnel.

Database Security

Databases provide the data storage for application programs. These databases could contain sensitive information about clients or human resources records that must be kept private. Most databases come with built−in user security with their own username and password authentication schemes.

However, since the databases are normally application programs and the data is stored on the disk, the network connection security and the application level security can be applied to databases also.