The development of technology has brought Internet to become the mass communication media between people or companies. Through Internet, people can communicate with other people in various places. Companies can get many advantages by using Internet network to support their business. Therefore, companies are trying as hard as they can, and give high effort in protecting their network from attack and make sure that they have the best network security. Most people think that the threat of security attack is only come from outside the company. In fact, the attack from inside the company network is more harmful with high frequency to be happened. As written by Cryptek (2001), which based the argument from some articles, that threats from inside are far more dangerous than attacks from outside, and even FBI also stated that the average cost of an insider breach is $ 2.4 million while the average cost of a break-in from the Internet is $ 27,000. All the facts above show that company must also think how to defend their network security from inside intruders, and not only concern about put firewall to protect their network security from outside. Companies must find way how to protect their information assets from attack, and make their network security is effective to block the threats either from outside or inside company.
The Importance of Internal Security
There are some reasons why inside intruders are as harmful and dangerous with outside intruder. It is because, for some organizations, especially big one, to support their company’ business, their facilitated their partners, customers, relations with the easiness technology can offer such as remote offices, mobile customers. All of the facilities boost up the use of corporate LAN increase, which resulted the increase of internal security threats, vulnerabilities to be attack by either outside or inside intruders. As written in Cryptek (2001), there are some problems make the inside network security is vulnerable from attack such as: the server operating systems and the password protection on most corporate network is sometimes do not work well. Moreover, the router access controls are often not enough secure and many the network systems are not perfect configured, which enable illegal outsiders enter the company network. It means that the main cause of inside attack is the ineffective network security. They only focus with developing firewall, and they forget that firewall can’t effectively protect the network, if the intruders are come from inside the network, such as employee or other authorized users. As explained in the article written by NetMaster (2000), in the Ciscoworld Magazine: “Firewall are not a protection against everything, but generally they will protect against unauthenticated interactive access from the “outside” “. From the description, we know that the function of the firewall is more to protect the company network from outside attack. Firewall are not capable to block attack that is not coming through the firewall, such as viruses, and other attack from inside the network. That’s why firewalls are not effective to protect the corporate network from inside intrusion and company must develop some way to protect their corporate network from inside. Moreover, the percentage of internal vulnerabilities are increase, since nowadays, companies are more depend their business process on Internet. Such as the use of a remote access email gateway, where employee are enable to access their email away from their office. It means that company opens the hole of their computer network. The using of E-Commerce as Company media to promote and widen their customer base also indirectly create such ass “electronic tunnel to no-public corporate data (Sun Microsystems, 2002). The use of Electronic Data Interchange (EDI) also make the criminal able to access company internal document. Above explanation shown that the threats are not coming from outside only,...
Please join StudyMode to read the full document