Your Eyes Inside
Plato said, “Good people do not need laws to tell them to act responsibly, while bad people will find a way around the laws.” When it comes to protecting computers, enterprises spend large sums of money on firewalls, antivirus and intrusion detection products to defend against external attacks. While this is a positive trend, I have what may be shocking news: Studies show that attacks from the inside happen more frequently and also cause more damage.
Alarming statistics from the 2003 CSI/FBI Computer Crime and Security Survey showed that as much as 70 percent of all identity theft starts with someone stealing personal data from their workplace. If that’s not bad enough, nearly 70 percent of the companies surveyed reported some type of computer system attack from insiders. In fact, some of the largest financial losses occur as a result of theft of proprietary information. More and more, the courts hold companies responsible for what employees do on workplace computers, with enterprises held legally liable for employees’ actions, including when they try to circumvent the law. One way to lessen the chance of insiders doing harm is to install system-monitoring software. Besides acting as a great deterrent, system-monitoring software can help you zero in on what information has been taken and who removed or copied it.
When it comes to system monitoring software, one full-featured product that comes to mind is TrueActive Monitor by TrueActive Inc. This product will keep “Internet Activity Records” of every URL, Internet site and Web site visited. In addition, chat room and instant messaging (IM) are captured directly with keystroke logging and screen shots. TrueActive also records both sides of e-mail from many popular e-mail programs. Once all that data has been collected, the software can help to group or summarize the data, dramatically decreasing the amount of information your security team needs to sift through to get an idea of the activity. For additional information or to download a trial copy, visit www.winwhatwhere.com.
Spector Pro by Spectorsoft Corp. captures and organizes actual e-mails, chat conversations and IM, and includes a powerful keystroke logger. In addition to monitoring and recording, Spector Pro has an advanced warning system that will inform you when a PC being monitored has been used in an inappropriate manner. Through the use of keywords that you specify, Spector Pro will be “on alert,” e-mailing you an immediate and detailed report of when, where and how a keyword was used—every time it is typed or appears on the PC, on a Web site or in an e-mail. For additional information, visit www.spectorsoft.com.
If money is tight, another contender in this category is Perfect Keylogger Lite by Blazingtools Software. (See Figure 1.) This handy freeware program can log all keystrokes and provides an easy-to-read log viewer that allows you to select a day from a calendar and view the logged keystrokes for that particular day. You also can search the log and limit logging to specific programs or windows such as Web browser, e-mail client and IM. Perfect Keylogger Lite can run in the system tray or hidden from view. Additional features include optional password protection and stealth mode. Visit www.blazingtools.com.
Figure 1: Perfect Keylogger Lite
It has been argued that the greatest vulnerability for an organization arises from security breaches perpetrated by insiders. Whether internal or external, defending against a cyber-attack requires the integration of operational criteria, physical measures, and communications and personnel security measures. Systems administrators must be both vigilant and serious about cyber-security and not overlook the threat that comes from within. While we can never achieve absolute prevention, certain measures can nevertheless detect and deter insider threats.
Unfortunately, the legitimate use of computer monitoring software may mask its more malevolent use, the invasion of privacy. While keyloggers can be used by those with the intent to spy on others, it is important to note that it is illegal for a person to install software on another person’s computer without their permission. It is, however, perfectly legal for an employer to install it on computers they own, and it is legal to install the software on a computer with the owner’s consent. Since laws vary from state to state, you should check with local authorities or legal counsel before installing any employee monitoring software. For a more comprehensive list of computer-monitoring software, visit www.computer-monitoring.com.
Douglas Schweitzer, A+, Network+, i-Net+, CIW, is an Internet security specialist and the author of “Securing the Network From Malicious Code” and “Incident Response: Computer Forensics Toolkit.” He can be reached at firstname.lastname@example.org.