Questions tagged [insider-threats]

An insider threat is a malicious hacker (also called a cracker or a black hat) who is an employee or officer of a business, institution, or agency. The term can also apply to an outside person who poses as an employee or officer by obtaining false credentials. The cracker obtains access to the computer systems or networks of the enterprise, and then conducts activities intended to cause harm to the enterprise.

An insider threat is a malicious hacker (also called a cracker or a black hat) who is an employee or officer of a business, institution, or agency. The term can also apply to an outside person who poses as an employee or officer by obtaining false credentials. The cracker obtains access to the computer systems or networks of the enterprise, and then conducts activities intended to cause harm to the enterprise.

33 questions
127
votes
8 answers

Why is storing passwords in version control a bad idea?

My friend just asked me: "why is it actually that bad to put various passwords directly in program's source code, when we only store it in our private Git server?" I gave him an answer that highlighted a couple of points, but felt it wasn't…
58
votes
9 answers

What can a company do against insiders going rogue and negatively affecting essential infrastructure?

In 2013, a Citibank employee had a bad performance review that ticked him off. The results were devastating: Specifically, at approximately 6:03 p.m. that evening, Brown knowingly transmitted a code and command to 10 core Citibank Global Control…
Nzall
  • 7,313
  • 6
  • 29
  • 45
55
votes
11 answers

How to protect my code from “insider” threats when hiring my first employee?

I quit my job to start my own SaaS product. I’m now looking to hire my first employee (another developer). I will be taking appropriate legal precautions to protect my IP, but I’m wondering what other reasonable actions that I can take to further…
arao6
  • 621
  • 1
  • 5
  • 5
10
votes
2 answers

What is the procedure to follow against a security breach?

Last week, a couple of guys were fired from the company I work for; all of them had access to sensitive information. One of them erased all the e-mails from the mail server, sent a massive e-mail to most of our customers, insulting them, and…
ILikeTacos
  • 203
  • 1
  • 6
9
votes
2 answers

What security risks do unauthorized mobile hotspot (MiFi) devices on company proprerty pose?

I'm having some difficulty determining how, or if, MiFi devices on property should be regulated. Personally, I see them as having little difference from any other rogue AP in the environment - the only real distinction being that they're generally…
Iszi
  • 26,997
  • 18
  • 98
  • 163
8
votes
6 answers

How can I secure a network share from the insider threat?

We have a network share that contains thousands of files. I am concerned that anyone with access to the internet could copy that information to a CD. In addition to disabling all removable media, what else could I do to prevent someone from…
SLY
  • 387
  • 2
  • 8
5
votes
1 answer

Insider threats for Private Clouds

Any one has any information or pointers to insider threats when cloud platforms like openstack etc deployed within corporate data centers ? What are different kinds of internal threats in general for traditional corporate datacenters ( I.e when…
sashank
  • 511
  • 5
  • 17
4
votes
2 answers

Attack on Tor with stolen private keys of main nodes

What could attacker do with stolen private keys of main nodes? Tor is based on 10 main nodes: moria1, tor26, dizum, Tonga, etc. IP Addresses of this nodes hard-coded into client. ./src/or/config.c: static…
trankvilezator
  • 229
  • 2
  • 5
4
votes
1 answer

How does FireEye HX work?

Can someone please expand on how FireEye HX works, what does it do exactly? Here is the site info: https://www.fireeye.com/products/hx-endpoint-security-products.html, but it's written in such an empty language that should get a reward for saying…
costa
  • 211
  • 2
  • 4
3
votes
1 answer

How should privileged users keep each other in check?

In order to protect systems from insider attacks, companies can apply policies restricting their access. In the case of an employee's termination, the IT department can disable their account before they receive the news to prevent potential damage…
VortixDev
  • 425
  • 4
  • 10
2
votes
1 answer

Can cascaded routers protect inner network's machine from attacker from outer network?

Given: Outer Network router A wan ip 209.123.12.11 address 10.10.0.1 machine A address 10.10.0.10 gateway 10.10.0.1 Inner Network router B wan ip 10.10.0.100 address 192.168.10.1 machine B address 192.168.10.10 gateway…
developer.cyrus
  • 317
  • 1
  • 2
  • 5
2
votes
1 answer

How to prevent azure pipelines (yaml) from being used as an attack vector?

Let's say the following scenario exists: A git repository exists on Azure DevOps Repos. The repository uses yaml pipelines (azure-pipelines.yml). The repository has branch policies to ensure that changes go through pull requests. The build pipeline…
myermian
  • 121
  • 1
2
votes
2 answers

Insider's threat to a hosted server

If we buy a VPS, the admin of the enclosing server can always steal our data, right? Is using a dedicated server a solution? (We can't afford our own datacenter in any case.) But it seems that stealing from a dedicated server is harder, as one needs…
porton
  • 185
  • 7
1
vote
3 answers

What devices support the permanent addition of an ARP table entry? What tools are available to manage this?

I would like to improve wireless security and certain other on-net security scenarios with a permanent ARP table entry. The idea being that someone on the same subnet or WiFi network will have a more difficult time spoofing my access point. What…
makerofthings7
  • 50,090
  • 54
  • 250
  • 536
1
vote
2 answers

Can I find out if my employer is snooping on me?

I work at a large university and have a computer supplied by my employer. I would like to find out whether my employer is snooping or can snoop on my files or activity on my computer. Can I find that out? How would I go about? There is apparently…
trmdttr
  • 111
  • 3
1
2 3