Chapter 2. Inside-Out Attacks: The Attacker Is the Insider

Not only does the popular perimeter-based approach to security provide little risk reduction today, it is in fact contributing to the increased attack surface criminals are using to launch potentially devastating attacks. In general, the perimeter-based approach assumes two types of agents: insiders and outsiders. The outsiders are considered to be untrusted while the insiders are assumed to be extremely trustworthy. This type of approach promotes the development of architectures where networks are segregated into clearly delineated “trusted” zones and “untrusted” zones. The obvious flaw with the perimeter approach is that all the insiders—that is, the employees of a business—are assumed to be fully trustworthy. This chapter will go beyond the obvious and expose how the emerging breed of attackers are able to leverage application and browser flaws to launch “inside-out” attacks, allowing them to assume the role of the trusted insider.

The impact of the attacks illustrated in this chapter can be extremely devastating to businesses that approach security with a perimeter mindset where the insiders are generally trusted with information that is confidential and critical to the organization. Each of these employees in turn becomes a guard to the business’s secrets; it is their vigilance and efforts that will ultimately mean the difference between avoiding an incident and allowing an attacker to steal the organization’s secrets. ...

Get Hacking: The Next Generation now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.