Important Notice: Our web hosting provider recently started charging us for additional visits, which was unexpected. In response, we're seeking donations. Depending on the situation, we may explore different monetization options for our Community and Expert Contributors. It's crucial to provide more returns for their expertise and offer more Expert Validated Answers or AI Validated Answers. Learn more about our hosting issue here.

How can traditional security management tools be used to counter the insider threat?

counter Insider Management security Threat tools traditional Used
0
Posted

How can traditional security management tools be used to counter the insider threat?

0 CommentsAdd a Comment

1 Answer

0

Let’s look at the minimum tools that you might have at hand: firewall policy management, IDS, and some sort of way to control configurations and anti-virus on the desktop. You might also have a Security Information management system in place to handle the millions of alerts from your Intrusion Detection System. Some quick first steps. First make sure that your remote access VPN server is in a firewalled segment of your network, a DMZ. Then tighten up your firewall rules. When I say deny all except that which is explicitly allowed I mean it! In particular deny carte blanche access to your remote users. Second, turn on logging at the firewall for connections such as ftp or telnet if you absolutely need those services. Now, the next step is to get your IDS to help you. What you need is to alert on types of behavior and applications that indicate insider abuse. File transfers, use of scanning tools, unusual behavior at odd times of day. If you have a Security Information System that can fi

0 CommentsAdd a Comment

Related Questions

What is your question?

*Sadly, we had to bring back ads too. Hopefully more targeted.

Experts123