News Stay informed about the latest enterprise technology news and product updates.

Profiling -- and protecting against -- network problem users: The Internet Novice

With this first entry in a new series about network problem users, looks at the Internet Novice. Though well-meaning, Internet novices can pose a significant threat to the corporate network. Education and smart policies can mitigate that risk, however, particularly if administrators are clever about it.

Problem Users, a series, will examine the different varieties of internal users who can threaten the corporate network and will offer advice on how to mitigate the unique risks each type of user represents.

Everybody knows one, and the warning signs seem clear: They gush over lunch about how a Nigerian prince has chosen them to help move millions, never met a Flash pop-up they couldn't click, and were probably the last group of users to have BonziBuddy on their computer, years after the malware was discontinued.

For networking professionals, the Internet Novice can be a scourge worse than forwarded chain letters, because by downloading spyware and other Internet dregs onto his computer, he can slow the whole network even as he exposes sensitive data to the outside world.

Security Risk: Although these users generally mean well, they are often the unwitting accomplices of malicious third parties. They are just as dangerous as any virus -- or even more so, since they already have access to your network.

"From a security perspective, an individual like that can be led down a garden path unknowingly, either by being taken to a website that has some type of malicious code on it, or they'll follow a phishing attack that offers them something neat or asks for some banking info," explained Eric Maiwald, a vice president and research director at Burton Group. "It's both a threat to the enterprise, especially if they download some malicious code, or it can be a personal risk because they can be led to divulge personal information."

The real danger arises when external malicious individuals who are looking for ways into the corporate network discover Internet novices. Here, antivirus is of little use since most typical products check only against known virus signatures, not against uniquely designed scripts or personalized social engineering hacks.

"If I concoct a specific piece of malware for your enterprise, then there are no signatures for that," said Maiwald. "Enterprises are reluctant to chat about it, but there are fairly good indications that this is a growing problem."

Sometimes the main point of entry is not even necessarily the network, even if that's how the malicious attackers hope to retrieve their illicit data payload.

Dumb mistakes ... are the No. 1 cause of security issues.
Eric Maiwald
Research DirectorBurton Group

A few years ago, Dark Reading performed an experiment, dropping Trojan-laden USB drives in a parking lot. Once plugged in, the USB drives scanned the computer for passwords and emailed them back to the researchers -- who were surprised at how many users eagerly grabbed up the drives and happily helped send along sensitive banking data.

Congestion Risk: It's not just exposed sensitive data that's causing problems. Every malicious toolbar, spybot, and pop-up chips away at bandwidth, and after a while these Internet novices chew up a lot of resources. Sure, there are worse network hogs (Internet radio, YouTube, file sharing), but having dozens of invisible programs constantly pinging the far reaches of the world means your SaaS CRM solution is running just a wee bit too slow.

Overall Threat Level: Medium. It would be low, Maiwald pointed out, except for a frightening element: Everyone, at every level of experience or training, is a potential Internet Novice.

"Even security folks leave their brains at home and click a dumb link, or see an email that is so well created, they fail to realize it's a phishing attack," he said. "Dumb mistakes, whether they are configuration errors or clicking on something you shouldn't have, I would say are the No. 1 cause of security issues."

Threat Resolution: Fortunately, the problems that plague Internet novices at home are largely protected against already in any enterprise that's taken basic network protection steps. For example, most up-to-date antivirus includes a level of protection against spyware and adware, ensuring that the next generation of BonziBuddies is not breeding on corporate computers -- and downloading needless data.

Given that, Maiwald suggested, the No. 1 defense against the Internet Novice is a comprehensive education program. Email blasts, newsletters, classes and posters can all help warn about ever-present risks.

It might even pay to get a little sneaky about the education.

"We've also created a class called 'Protecting your kids from predators on the Internet,' " he said. "Parents want to see what they need to do at home, and then you sprinkle in the things they should be doing at the enterprise at work."

Technical controls can also help protect users. While every enterprise should have antivirus at the ready, some with particularly valuable intellectual property may also use deep-packet inspection (DPI) to ensure that certain sensitive data isn't leaking out. DPI methods can even check for unexpected encrypted info to prevent the trickier malwares from escaping with their cargo undetected.

"The bottom line is that anybody can be naive at some point and cause problems," Maiwald said. "You can move people toward what they should do by education, but nothing is 100%."

Have a problem user yourself? Discovered a whole new genus of problem users? Contact news writer Michael Morisy and share your horror stories – and solutions.

Dig Deeper on Network Security Best Practices and Products