O'Reilly logo

Enemy at the Water Cooler by Brian T Contos

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

would write down the key information and pass it along to her boyfriend
who would then try to blackmail the patients into paying them.
The first time they tried the scam, the person they called agreed to pay.
Their victim immediately called the police, who in turn set up an old fash-
ioned sting, and the boyfriend and his insider accomplice were arrested.
This event was a wake-up call for the healthcare organization, which has
since made a complete turnaround.Today they have a strong security posture
with excellent security analysts, security awareness programs, and an ESM
deployment that monitors all network access points, critical servers, and access
control systems. In addition, the security director receives an ESM automated
report every morning outlining all instances of patient record access.
Hosting Pirated Software
This next organization had several Internet-facing servers, plenty of storage
space, and fast Internet links.They also had a malicious insider who decided
to use the server for storing pirated software, mostly video games. On each
server, the insider configured services to allow people to upload and down-
load the software.
This organization was using ESM for network and server monitoring
related to FCAP (Fault, Configuration, Accounting, and Performance.) They
had not yet begun to leverage their ESM for monitoring security events.They
detected spikes in utilization during off-peak hours on the Internet-facing
servers and the Internet routers.This information was from operating system
logs, router logs, and system health monitoring software such as Nagios,
which is an open source-monitoring tool.
Based on these anomalies, they started investigating the cause.They
reviewed their router configurations, and everything seemed to check out.
Then they reviewed the servers and discovered that they were filled with
pirated software.This was a huge liability for the organization, and they
needed to get it removed.
The engineer assigned to clean up the mess was the insider who set the
entire thing up. Not knowing this, the organization assigned him to fix the
problem. He removed the pirated software and brought down the file-sharing
service that was running on all the servers. A few weeks later he bragged to a
www.syngress.com
Insiders Abridged • Chapter 12 163
424_Wtr_Clr_12.qxd 7/27/06 1:47 PM Page 163

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required