By Keith Wilson
We all have them on our network – that user who is constantly utilizing the help desk. The one who can’t seem to ever get his/her computer to work. The employee who has “broken the Internet” once again. Although they may seem harmless, these individuals could easily turn into a major security problem.
You might ask yourself, “How is this user who can just barely type 20 words per minute going to be the biggest gaping hole in my security strategy?” The answer is simple – passwords. It’s fairly easy to assume that someone who is less tech savvy probably uses the same password across every website and application they use. I mean, even those of us with a background in security are guilty of it.
What’s more, that strong password policy you have in place is probably doing nothing more than forcing users to add a number or two to the end of their overly used simple password. Make the policy too stringent, and users are just bound to write their password on a handy sticky note and discreetly leave it under their keyboard.
The Danger of Weak Passwords
With news of data breaches occurring weekly (i.e., eBay, Heartbleed, and countless healthcare providers), the odds are that someone already owns your users’ passwords. If they are using different passwords for various sites and applications, and proper password management, this makes the job of a security administrator much easier. However, let’s be realistic – how many users actually care about making the endless to-do list of a security admin shorter?
“But it’s okay because they don’t have rights to anything important anyway,” you may be thinking. Although this statement might be true, the real goal of compromising an end user machine isn’t instant data access. This might be a nice bonus, but most attackers will use a compromised host as a pivot point in the kill chain.
How do we combat this?
Of course, I’m going to tell you that anomaly detection is the answer. However, a strong user education program is going to be your first line of defense here. If you are willing, and have the budget, a good enterprise password management program is also a huge bonus. Even with password management, educating the user is still extremely important. But, we all know that sometimes training just doesn’t stick, and as humans we will tend to take the path of least resistance.
This is where anomaly detection comes in. Once we notice that a host is behaving outside of normal parameters, we can cut off an attack before data exfiltration occurs. We can even use the data collected to forensically analyze what happened. Was it caused by an overused password? Or, was it a malware infection? Utilizing the information gathered from our network behavior anomaly detection devices, we can prepare ourselves for future attacks and further strengthen our enterprise security program.
Click here for further information on network behavior anomaly detection. Additional details on password security can be found at: http://www.lancope.com/blog/tom-cross-password-security/.
TAGS network security, anomaly detection