问题描述:
英文翻印
Insider attacks
It's not a happy thing to contemplate,but trusted employees prowl through information that they shouldn't be able to access.Their motivation may be fuelled by anger and be purely destructive,or they may desire to access specific data in order to make use of it somehow.They may be competing for promotions or accounts,or be fighting a rearguard action against planned redundancies,or they could be probing through simple curiosity.In some cases data ends up in the wrong hands due to a mistake.
It should be obvious by now that protecting the network perimeter isn't enough anymore – in fact it was never enough.But a recent study by the Ponemon Institute found that nearly 60% of US businesses and government agencies still can't adequately deal with insider threats to their network,and 58% rely on manual controls to audit and manage user access to critical systems and databases.
Table 1.
Primary methods of insider attacks
Method Defence
Privilege escalation Role-based access/system audits
Privilege abuse Access control/system audits
Privileges too broad More granular controls
Privacy/security policies not enforced Automated enforcement
Setting carefully considered database privileges is the most obvious way to control who sees what information.Each database should have its own authenticated group of users whose access to information is regulated by a role-based permission system.Many abuses and accidents occur because people have access to data that they don't need to see,or do need to see but shouldn't be able to alter or delete.Permissions should enable a user to do exactly what he or she needs to do to get their work done,no more and no less.This helps protect against insider compromises,and if an account is compromised by an outsider the attacker is more likely to have limited access to the database.
Insider attacks
It's not a happy thing to contemplate,but trusted employees prowl through information that they shouldn't be able to access.Their motivation may be fuelled by anger and be purely destructive,or they may desire to access specific data in order to make use of it somehow.They may be competing for promotions or accounts,or be fighting a rearguard action against planned redundancies,or they could be probing through simple curiosity.In some cases data ends up in the wrong hands due to a mistake.
It should be obvious by now that protecting the network perimeter isn't enough anymore – in fact it was never enough.But a recent study by the Ponemon Institute found that nearly 60% of US businesses and government agencies still can't adequately deal with insider threats to their network,and 58% rely on manual controls to audit and manage user access to critical systems and databases.
Table 1.
Primary methods of insider attacks
Method Defence
Privilege escalation Role-based access/system audits
Privilege abuse Access control/system audits
Privileges too broad More granular controls
Privacy/security policies not enforced Automated enforcement
Setting carefully considered database privileges is the most obvious way to control who sees what information.Each database should have its own authenticated group of users whose access to information is regulated by a role-based permission system.Many abuses and accidents occur because people have access to data that they don't need to see,or do need to see but shouldn't be able to alter or delete.Permissions should enable a user to do exactly what he or she needs to do to get their work done,no more and no less.This helps protect against insider compromises,and if an account is compromised by an outsider the attacker is more likely to have limited access to the database.
问题解答:
我来补答展开全文阅读