Preventing and Detecting Insider Attacks Using IDS

by Nathan Einwechter
Sept. 24, 2017 0 comments Symantec attacks insider

Shortly after lunch break, an employee angrily strides out of his supervisor’s office, down two rows of desks, and into a single cubicle. He slumps down into his chair and releases an exasperated sigh, as he runs his hands through his hair in disappointment. The raise he thought he was in for has been turned down. He slowly stands up, peering over the cubicle walls to survey the area for other employees. But the area is deserted as most people are out enjoying lunch. Sitting back down, he turns to his computer console, goes to the command line and brings nmap to life against the company’s accounting systems. The console displays accounting’s SQL server. A few keystrokes later, the employee has edited a few columns in the database, giving himself the raise he had longed for.

https://www.symantec.com/connect/articles/preventing-and-detecting-insider-attacks-using-ids