Menu
Menu
The 10 Most Common Internal Security Threats

The 10 Most Common Internal Security Threats

Who’s gaining access to your internal network? New criminal tactics and new kinds of malware are probing networks for vulnerabilities — and increasingly, finding them. We identify the top candidates for security breaches inside your own company

7.Media Files. Unauthorized media files are dangerous both because of their content and what can be hidden in them. Video and music files are an increasingly popular method of sneaking malware into an organization, including spyware, Trojans, viruses and just about any other kind of bad stuff you can think of.

One popular method is to include code in a media file that exploits security flaws in the media player. For example, the infected media file can open a malicious Web page on the user's computer and use that to automatically infect the system - and from there the network. Since these attacks require minimal interaction from the user, often he or she isn't even aware of what has happened.

Even the recording industry has got in on the game. In 2004, a company working for the record companies started seeding file-sharing sites with media files containing a Trojan that downloaded adware and opened multiple pop-up windows on the user's computer.

Even if the files don't contain hidden nasties, the files themselves can be problems, with copyright violations and pornography the most obvious example.

8.Unnecessary Modems. A lot of computers, especially older ones, included built-in modems whether or not they were needed. In other cases, servers have modems connected directly to outside lines for purposes of monitoring and maintenance. In either case, unneeded modems provide another path into your network, an unnecessary path that brings with it a host of potential problems.

War dialling isn't as popular an attack as it once was, but some bad guys still use it, and an unprotected modem attached to your network is just as dangerous as ever.

Join the CIO Australia group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.

Join the newsletter!

Or

Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

More about BillCentennial SoftwareEndPointsExposureGartnerGartnerKasperskyMicrosoftSophosYankee Group

Show Comments
Computerworld
ARN
Techworld
CMO