According to a survey which we did last year in the month of J an, it was found that internal security threats can sometimes be more deadly than external ones. This is a very crucial point to remember. A disgruntled employee could give strategic information to you com¬petition. It could even be done by an innocent employee 'unknowingly'. Such cases are equally dangerous and need to be tackled differently. Just imagine, if an employee turns hostile and passes strategic business informa¬tion to competition? This is a spine chilling thought, but can become a reality at some point of time.

To learn about how you can protect your IT infrastructure from such threats the first thing to do is to understand the difference between an internal and an exter¬nal attack. There are essentially two types of attacks which some¬one sitting inside the network can perform and which rarely occur through an outsider. These at¬tacks are Ethernet sniffing and spoofing. The former is used to promiscuously listen to the flow¬ing traffic on the network and gath¬ering data from such activities, while the latter means faking the identity of some other machine to access data intended for that machine. Both are very serious sce¬narios that could result in loss of precious data.

The solutions for such issues are twofold. Either you secure the data or you secure the medium. For securing data, you have to en¬crypt each and every piece of sen¬sitive data travelling across the network. For example your mail, passwords, files, etc all have to be encrypted; whenever they are copied or transferred over the network.

And to secure the medium, you have to replace your network switches with the once that is more secure. Yes! There are net¬work switches which are secure and others which are not. To un¬derstand this, first you have to un¬derstand how data is switched in¬side a network switch. For switch¬ing data all switches have a cache table called the arp cache table, keeps a log of all the ma¬chines connected to it, and keeps a pair of the machine's IP and MAC addresses. For spoofing data, a hacker manipulates this entry and changes the IP MAC pair which is called the ARP FlipFlop.

To protect against such kinds of attacks we do have switches which provide an encrypted arp cache table and hence can't be ma¬nipulated or read by hacking ma¬chines. These secure switches are easily available through most of the switch vendors but are slightly heavy on your pocket.

You obviously can't change your complete IT infrastructure by deploying new switches and at the same time it may not be feasible to even encrypt all data traveling on your network. In such a case, you can deploy an inward facing IPS solution with alerts. This IPS is es¬sentially an intrusion detection and prevention system which checks for all types of spoofing, sniffing or other attacks on the net¬work, and alerts you in case of a problem. It also tells you the source and destination of the at¬tack. Once you get the source of such an attack, you can catch the attacker red handed. You can get an IPS solution as a part of a UTM solution or you can opt for a stand alone IPS system. Snort is one of the most famous IPS system for wired networks and Kismet is a renowned solution in the wireless domain.

However, while deploying an IPS solution you should always configure alerts in such a way that there is minimal delay between generation and delivery of the alert. So, for instance an SMS alert will be the quickest amongst the lot.