In this document, I wanted to discuss about a problematic in computer security that is often overlooked, either for technical or financial reasons: the security of the internal network. More than half (and even near 80% according to certain sources) of reported computer security incidents are done from the inside of the network, which is at least partially in contradiction with the measures traditionally implemented to secure a network, habitually against outside attacks (firewalls, IDS, content filters, ...). Although these measures are necessary, they are for the most part useless in the scenario of an attack coming from the inside. They become useless as well if an outside intruder finds a way to circumvent them. The biggest challenge while securing a Windows-based internal network remains the complexity of the task and the volume of machines affected. For these reasons, the cost associated with this kind of project if often judged prohibitive, and are left aside as a result.
I have shown with this document that with the different tools available and with a little imagination, it is possible to obtain an appreciable increase in security on the internal network, for only a fraction of the price normally associated with this kind of work, which makes it affordable enough to interest companies who would like to protect their data assets.
Even more, the installation of such an infrastructure reduce considerably the volume of "noise traffic", which should help increase the efficiency of intrusion detection systems (IDS) by reducing the number of false alarms. This aspect has not been tested, and I would like to have the opinion of IDS experts on this.
9. Integrated commercial solutions vs. independent products
Appendix A. Resources