a discussion of the insider threat l.
Skip this Video
Loading SlideShow in 5 Seconds..
A Discussion of the Insider Threat PowerPoint Presentation
Download Presentation
A Discussion of the Insider Threat

Loading in 2 Seconds...

play fullscreen
1 / 11

A Discussion of the Insider Threat - PowerPoint PPT Presentation

  • Uploaded on

A Discussion of the Insider Threat. Outside. Inside. Jason Franklin. Example Insider Attack. Ivan the insider gets fired and Alf the administrator forgets to void Ivan’s (login) credentials.

I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
Download Presentation

PowerPoint Slideshow about 'A Discussion of the Insider Threat' - johana

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.

- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
a discussion of the insider threat

A Discussion of the Insider Threat



Jason Franklin

example insider attack
Example Insider Attack
  • Ivan the insider gets fired and Alf the administrator forgets to void Ivan’s (login) credentials.
  • Ivan goes home, logins into his work machine and takes some malicious action (introduces bugs into source, deletes files and backups, etc…)
  • Alternatively, Alf might void Ivan’s credentials, but forget that Ivan also uses a shared group account.
proposed definition

Trusted Computing Base

Proposed Definition
  • A malicious insider is an adversary who operates inside the trusted computing base, basically a trusted adversary.
  • The insider threat is an adversarial model encompassing all possible malicious insiders.


example threats
Example Threats
  • Data corruption, deletion, and modification
  • Leaking sensitive data
  • Denial of service attacks
  • Blackmail
  • Theft of corporate data
  • On and on….
  • Insider attacks account for as much as 80% of all computer and Internet related crimes [1]
  • 70% of attacks causing at least $20,000 of damage are the direct result of malicious insiders [1]
  • Majority of insiders are privileged users and majority of attacks are launched from remote machines [3]
problem discussion
Problem Discussion
  • Typical adversarial models ignore the insider threat by assuming the TCB is free of threats
  • Insider threat violates this assumption

Corporate Network


prevailing sentiments myths
Prevailing Sentiments (Myths?)
  • Current systems are capable of countering the insider threat
  • Insider threat is impossible to counter because of the insider’s resources and access permissions
  • Insider attacks are a social or organizational issue which cannot be countered by technical means (Anderson94)
remediation initial thoughts
Remediation: Initial Thoughts
  • Minimize the size of the TCB to decrease the number of possible insiders
  • Distribute trust amongst multiple parties to force collusion
    • Most insiders act alone
  • Question trust assumptions made in computing systems
    • Treat the LAN like the WAN
      • BroLAN, SANE, etc…
  • Others?
is the insider threat unavoidable
Is the insider threat unavoidable?
  • If we define an insider as an adversary inside the TCB, can we ever eliminate the insider threat?
  • Perhaps we can only reduce the number of possible insiders or the extent of possible damage?
  • Perhaps we should rely on the “lone wolf” nature of insiders and distribute trust?
  • Is the insider threat definition a good one?
  • Is the insider an actual threat or just media hype?
  • Can/do we build systems that already counter the insider threat?
  • Is this worth our time?
  • What’s the best paper you could imagine in this area?
  • [1] Jim Carr. Strategies and issues: Thwarting insider attacks, 2002.
  • [2] Nathan Einwechter. The enemy inside the gates: Preventing and detecting insider attacks, 2002.
  • [3] National Threat Assessment Center - Insider Threat Study, http://www.ustreas.gov/usss/ntac_its.shtml
  • [4] Jason Franklin, Parisa Tabriz, and Matthew Thomas. A Case Study of the Insider Threat through Modifications to Legacy Network Security Architectures, unpublished manuscript.