Slashdot Mirror
Enemy At The Water Cooler
Trent Lucier writes "On most networks diagrams I've seen, the internet looks like a cloud. Sometimes it's a fluffy white cloud. Other times it's a dark ominous cloud. Regardless of the artistic style, the depiction usually conveys the mystery and danger of putting your company's network on a global information grid next to a billion users, kind of like those old maps with dragons drawn at strategic places in the ocean. Not surprisingly, corporations spend much time and energy protecting themselves from The Outside World. In Enemy at the Water Cooler, Brian Contos argues that just as many resources should be spent on defending against insider threats. Will this book help you detect the enemies at your water cooler?" Read below for the rest of Trent's review.
Enemy at the Water Cooler: True Stories of Insider Threats and Enterprise Security Management
author
Brian T. Contos
pages
302
publisher
Syngress Publishing
rating
8
reviewer
Trent Lucier
ISBN
1597491292
summary
A thorough introduction to insider threats and the countermeasures that can be used against them
Contos, a Chief Security Officer himself, has written a primer on insider threats and the counter-measures that can be deployed against them. The book is written for a wide audience, so don't expect low-level details about encryption algorithms and security protocols. However, if you have to deal with a large company's IT infrastructure, you may benefit from Contos' descriptions of enterprise security concepts and anecdotes.
According to the book's terminology, an insider is someone who has more privileges than the common person and uses those privileges to abuse the system. It's important to understand the full scope of the term "privileges". In addition to computer privileges, Contos is also talking about physical access to hardware, paperwork, and even other employees that can be exploited in social engineering attacks. Even if a piece of information is useless to the insider, it may be something that a competitor would be willing to buy for the right price.
The early chapters provide background on all the standard attacks that are in the news these days: phishing, denial of service, keylogging, etc... What makes these sections interesting are the statistics that are sprinkled throughout the text. In a survey conducted by CERT examining known attacks, 49% were committed by insiders that were married. This goes against the profile of the insider being someone who has less personal risk (such as a family) at stake. In fact, the prevailing image of the last 30 years depicting a computer criminal as a socially awkward young male has started to become less accurate as organized crime has turned into the biggest threat.
Enemy At The Water Cooler does a great job of putting statistics in context. The book is always careful to mention that the crime statistics represent only the known incidents. Contos often explains why certain numbers matter. Near a chart showing that 59% of discovered crimes were committed by former employees, the author explains that recently fired employees can be highly motivated to commit revenge and still have access to accounts and passwords, which is a dangerous combination.
How does the book propose that businesses deal with threats? At the end of Part I, Contos introduces a technology called Enterprise Security Management (ESM). This is a blanket term used to describe a collection of enterprise-level tools that can perform information analysis, display event feeds, manage policies, and do everything else in the world besides make toast. The remainder of the book constantly mentions this technology, so if you are not interested in learning about ESM, this book may not be for you.
At this point, it should be noted that Brian Contos is the Chief Security Officer of a company that sells ESM products. The book is neutral on which product you should use, although some screenshots show Contos' program for illustrative purposes. I did not feel that the book was biased or trying to sell me something. Regardless of who the author works for, he makes a compelling argument that ESM systems are necessary for big companies that need to manage their IT security.
Case studies comprise Part II of the book. This is the entertaining stuff, and probably the type of thing most people want to read when they pick up a book called Enemy At The Water Cooler. There are 8 main case studies, each running about 5 pages in length. Contos puts the "study" in "case study" as he illustrates how tools (ESM) and training could prevent many of the scenarios he describes. Those expecting light reading in the form of amusing anecdotes about IT security will be disappointed. However, if you're looking for a detailed analysis of insider crime, these chapters provide it.
Many times, greed and hubris are the ultimate undoing of the insider. In one example, a company discovered that their servers were hosting pirated software. Little did the company know that the employee that was asked to clean up the server was actually the one who put the software there to begin with. The insider would have gotten away with it if only he hadn't bragged to a co-worker about how dim-witted his company was.
In other situations, employees can be blackmailed into committing crimes. In the case of a Spanish company, an employee was forced into planting a wireless access point in one of the development labs. The employee had lied about his educational background on his resume, and criminals threatened to expose him if he didn't cooperate by planting the device.
The final portion of the book discusses further capabilities of ESM. The main point is that ESMs should be able to monitor everything. Contos explains a scenario where an employee pulls financial information from a proprietary system and then uploads it to a P2P network. Most companies do not have the technology to detect such an action. Not that Contos claims technology is the only answer. It is just a tool, and it is useless when not supported by trained employees and policies. At the end of the book, the reader gets information about "soft skill" topics like incident management, hiring processes, and some legal case history regarding insiders.
The book's viewpoint is very top-down with regards to the corporate hierarchy. Executives will no doubt love all the capabilities that Contos claims can be at their fingertips, but individual employees might feel it is slightly Orwellian. Can all this information that the ESM vacuums up be used for evil? The book's implicit answer seems to be "yes", since it is repeatedly made clear that no one can be trusted. But there is never any explicit information given on how the ESM itself can be protected from abuse.
Enemy at the Water Cooler provides a thorough introduction to insider threats and the countermeasures that can be used against them. If you are just interested in stories about insider security crimes, then you may want to pass. (The section on case studies is only about a third of the book's content). However, if you are interested in learning about technology that can help defend against these threats, then this book provides a comprehensive overview.
Trent Lucier is a software engineer. His latest experiment is localhost80.com"
You can purchase Enemy at the Water Cooler: True Stories of Insider Threats and Enterprise Security Management from bn.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.
Contos, a Chief Security Officer himself, has written a primer on insider threats and the counter-measures that can be deployed against them. The book is written for a wide audience, so don't expect low-level details about encryption algorithms and security protocols. However, if you have to deal with a large company's IT infrastructure, you may benefit from Contos' descriptions of enterprise security concepts and anecdotes.
According to the book's terminology, an insider is someone who has more privileges than the common person and uses those privileges to abuse the system. It's important to understand the full scope of the term "privileges". In addition to computer privileges, Contos is also talking about physical access to hardware, paperwork, and even other employees that can be exploited in social engineering attacks. Even if a piece of information is useless to the insider, it may be something that a competitor would be willing to buy for the right price.
The early chapters provide background on all the standard attacks that are in the news these days: phishing, denial of service, keylogging, etc... What makes these sections interesting are the statistics that are sprinkled throughout the text. In a survey conducted by CERT examining known attacks, 49% were committed by insiders that were married. This goes against the profile of the insider being someone who has less personal risk (such as a family) at stake. In fact, the prevailing image of the last 30 years depicting a computer criminal as a socially awkward young male has started to become less accurate as organized crime has turned into the biggest threat.
Enemy At The Water Cooler does a great job of putting statistics in context. The book is always careful to mention that the crime statistics represent only the known incidents. Contos often explains why certain numbers matter. Near a chart showing that 59% of discovered crimes were committed by former employees, the author explains that recently fired employees can be highly motivated to commit revenge and still have access to accounts and passwords, which is a dangerous combination.
How does the book propose that businesses deal with threats? At the end of Part I, Contos introduces a technology called Enterprise Security Management (ESM). This is a blanket term used to describe a collection of enterprise-level tools that can perform information analysis, display event feeds, manage policies, and do everything else in the world besides make toast. The remainder of the book constantly mentions this technology, so if you are not interested in learning about ESM, this book may not be for you.
At this point, it should be noted that Brian Contos is the Chief Security Officer of a company that sells ESM products. The book is neutral on which product you should use, although some screenshots show Contos' program for illustrative purposes. I did not feel that the book was biased or trying to sell me something. Regardless of who the author works for, he makes a compelling argument that ESM systems are necessary for big companies that need to manage their IT security.
Case studies comprise Part II of the book. This is the entertaining stuff, and probably the type of thing most people want to read when they pick up a book called Enemy At The Water Cooler. There are 8 main case studies, each running about 5 pages in length. Contos puts the "study" in "case study" as he illustrates how tools (ESM) and training could prevent many of the scenarios he describes. Those expecting light reading in the form of amusing anecdotes about IT security will be disappointed. However, if you're looking for a detailed analysis of insider crime, these chapters provide it.
Many times, greed and hubris are the ultimate undoing of the insider. In one example, a company discovered that their servers were hosting pirated software. Little did the company know that the employee that was asked to clean up the server was actually the one who put the software there to begin with. The insider would have gotten away with it if only he hadn't bragged to a co-worker about how dim-witted his company was.
In other situations, employees can be blackmailed into committing crimes. In the case of a Spanish company, an employee was forced into planting a wireless access point in one of the development labs. The employee had lied about his educational background on his resume, and criminals threatened to expose him if he didn't cooperate by planting the device.
The final portion of the book discusses further capabilities of ESM. The main point is that ESMs should be able to monitor everything. Contos explains a scenario where an employee pulls financial information from a proprietary system and then uploads it to a P2P network. Most companies do not have the technology to detect such an action. Not that Contos claims technology is the only answer. It is just a tool, and it is useless when not supported by trained employees and policies. At the end of the book, the reader gets information about "soft skill" topics like incident management, hiring processes, and some legal case history regarding insiders.
The book's viewpoint is very top-down with regards to the corporate hierarchy. Executives will no doubt love all the capabilities that Contos claims can be at their fingertips, but individual employees might feel it is slightly Orwellian. Can all this information that the ESM vacuums up be used for evil? The book's implicit answer seems to be "yes", since it is repeatedly made clear that no one can be trusted. But there is never any explicit information given on how the ESM itself can be protected from abuse.
Enemy at the Water Cooler provides a thorough introduction to insider threats and the countermeasures that can be used against them. If you are just interested in stories about insider security crimes, then you may want to pass. (The section on case studies is only about a third of the book's content). However, if you are interested in learning about technology that can help defend against these threats, then this book provides a comprehensive overview.
Trent Lucier is a software engineer. His latest experiment is localhost80.com"
You can purchase Enemy at the Water Cooler: True Stories of Insider Threats and Enterprise Security Management from bn.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.
I have no idea why Slashdot linked to B & N here, when Amazon has it considerably cheaper (see the "Used and new from..." listings).
It may surprise you to learn that PHP can be run on a Windows system using Microsoft's IIS as its web server.
http://alternatives.rzero.com/
it happens all the time... but i'll bet it doesn't often make the papers.
the word sabotage comes from the french word "sabot" which is a kind of wooden shoe or clog. during the industrial revolution, angry workers would kick the machines they worked on or throw the shoes into them, resulting in a "clog" in the output.
in the intelligence community, disgruntled soldiers and public servants make some if the best moles or double agents. in government, many whistleblowers act not out of a sense of duty or responsability but as a means of exacting revenge.
sarcasm:
-noun
1. harsh or bitter derision or irony.
List of countries by GDP (PPP) per capita per hour