You’ve read the reports, seen the stats, and probably heard the hype: XX% of Security Breaches are done by insider threats.

Insider threat boils down to a problem of trust. Employees are implicitly trusted, in most organizations, to perform the duties they are assigned, in the manner they were instructed. The consequences for not doing so, are theoretically termination, which happens to be one of the more prevalent sources of insider incidents according to several sources. The Insider Threat Study research concluded:

[I]nsider attacks have occurred across all organizational sectors, often causing significant damage to the affected organizations. These acts have ranged from low-tech attacks, such as fraud or theft of proprietary information, to technically sophisticated crimes that sabotage the organization’s data, systems, or network. Damages are not only financial; widespread public reporting of the event can also severely damage the organization’s reputation.

I would argue that insiders have ALWAYS been more likely to create, cause, or influence a security incident than outsiders by a comfortable majority. The reasoning being, back in the “good ole days” when there were 56K frame relay lines tying offices to branch offices and the Internet was just catching on, most security incidents occurred because someone brought in an infected floppy disk from home or take home a zip drive full of company information. It was practically impossible, short of a physical break-in, to have an outsider security threat for most organizations. There was no email server to send spam to or Internet-facing web server to hijack and there certainly wasn’t some outsourcing effort in India to be concerned with.

CERT has an entire section devoted to understanding Insider Threats from the behavioral aspects to implications for various industries obtained through joint research with the US Secret Service. They also clarified insider, for purposes of their research and case investigations: 

The definition of an insider for this study includes current, former, or contract employees of an organization. USSS NTAC. 

Their research suggests that most insider incidents were performed by less technical personnel, it wasn’t always an administrator level individual. The research also suggests that most of the insider incidents “did not rely on extremely sophisticated attacks“. This might be comforting to companies with multiple highly talented network, system, or security administrators that have detailed knowledge of key systems. There are a number of websites that discuss prevention and detection methods for dealing with and responding to insider threats / incidents, in addition to the CERT/USSS research:

• US Security Awareness
• Mike Chapple distills the USSS/CERT Research
• InfoWorld: Fear of Insider Threats Hit Home
• eWeek: Inside the Insider Threat
• Reprint of DOD Security Awareness Bulletin

It is also important to note this threat is not limited to organizations but extends to government agencies as well. Here is an interesting article, entitled Losing Secrets I came across that emphasises the relevance of insider threats and national security.

I know this is dated, but I found it too funny given other recent articles like the article suggesting Israel hacked Syrian Air Defenses. I watched Wired Science’s report on the Estonia attacks this week, as well.

Command and Control systems are definitely lacking in user-friendliness, but my concern here is the unlikeliness of a more secure, robust version of Windows available for Warships. I get nervous at the thought of combat systems on destroyers and submarines running Windows and suffering from the same fate as my desktop when something goes awry.

The notion of hacking Command & Control systems gets a lot more plausible when one considers the Operating System on the other side of the radar array or sensor grid. The news story on the radar hack gets a little more plausible, when you consider an aircraft spewing electronic garbage at a radar array or sensor grid running Windows. It even makes for a great cartoon, given that Syrian air defenses are suggested to have been supplied by Russia and Russia is alleged to be awash with software piracy. It amounts to an electronic equivalent of a DOS attack or fuzzing at the least, on these nodes.

In fact, it is down right scary to think that an information attack can be more destructive than a conventional attack with no notice, little cost, and possible anonymity. Consider the Internet attacks on Estonia that practically cut off the country from the outside world: warfare in the 21st Century has evolved to include the Internet. It makes perfect sense, it can be taken right out of SunTzu’s Art of War or Clausewitz’s Principles of War.

There are similarities in the radar hacking and the attacks on Estonia. Estoniawas blanketed by a remote controlled army of PC’s set to cripple servers and services over the Internet by overwhelming Estonia’s servers and communications links. The Israeli aircraft are reported to have potentially used erroneous RF signals and commands to overwhelm the Syrian Air Defenses from the outside of their perimeter. In effect, these attacks are making use of Internet-based attack techniques from the late 1990’s and early 2000. Warships running Windows software, would make these warships vulnerable to similar threats my home PC is vulnerable to. I pray that the Windows Firewall is enabled by default!!!

Alas, these DoS-style attacks are nothing new. I’m inclined to agree with Kevin Poulsen’s blog on the Estonia attacks, these attacks are nothing like what other nations have done in the past. The Isreali aircraft story is more interesting because of the notion of specialized hardware attempting to subvert the defenses by use of hacking techniques purposely deployed on the aircraft. I imagine, if the story is true, Russia, China, or North Korea are all hardening their systems as we speak.

As for the Warships and Windows, counter-intelligence agencies can just start creating 0-Day Windows exploits and hacking warships instead of having spies conduct clandestine operations to steal technology. It could even be the makings of a new installment in the Wang/No Starch Press Steal This book series, with: Steal This Warship.

I recently built a server for a client who required server performance and reliability without the roar associated with popular rack-mounted servers of today; of course there was a price restriction of $1000.

 The server needed to provide basic file serving and run FileMaker(cringe) for 5 users and some factory automation devices, we agreed to tackle web hosting and email another day. I thought it would be a great opportunity to find a good looking HTPC-style case and turn it into a server. The problem I foresaw was cooling; could I get ample cooling for a server in an HTPC-style case? The major heat producers would be the CPU and hard drives, since I expected to use onboard video. Airflow would end up being the key design consideration because the airflow must be sufficient enough to remove heat but not be so forceful as to produce the roaring accompanying most servers available on the market today.

After building a number of custom PCs over the years, including some water-based gaming rigs, I knew I was looking for something with large fans, plenty of vents, and reasonable airflow. One of my favorite online retailers is Directon; they have always done me right. I also like NewEgg because ZipZoomFly did me wrong several times in their prior incarnation. eWizhas also had some amazing deals in the past and great response to questions and support issues. I began my search by looking at the top selling chassis from each of these online retailers and by reading reviews at HardOCP and Anand Tech for available products.

I opted for a vertical style desktop / HTPC-like chassis after reading about the design details of the Antec NSK-2400. I have been around rack-mount servers for a long time and the initial pictures of the NSK-2400 reminded me of a rack-mounted server chassis’ cooling pattern. I was very impressed with the vent hole location, partitioning of the airflow, and location of the two 120mm fans. I then came across this article at SilentPCReview and knew I’d found THE chassis, complete with an adjustable partition for directing airflow!

The SilentPCReview article discusses the design details that went into the NSK-2400. The chassis is black with a silver front-bezel with sound dampening mountings. The chassis looks very sleek and measures almost 18″ wide and 3U tall, so this opened new options for mounting the server with the networking equipment as opposed to locating the server under someone’s desk. The NSK-2400 is exceptionally quiet and offers solid cable management options to maintain airflow. The chassis not only runs quietly, it also looks good - which is often a boost when working with small and medium sized customers who want to show off their “flashy, quiet” server to clients and friends.

The only downside at this point is the form-factor, I would need a server-grade micro-ATX motherboard. Back to the review sites and forums I go!

I ended up placing the NSK-2400 underneath the Cabletron LAN switch we purchased, along with the firewall. The server looks great and moves plenty of air to ensure even the Cabletron switch is getting cooled.

Stay tuned for pictures, components, and testing.