Externally facing networks receive the most attention from existing security approaches in the industry while internal networks receive little to no attention. This is so because administrators believe the true threat is with external intruders, such that the focus is placed on preventing access to the internal networks and encrypting and authenticating traffic that leaves or enters the internal network.
Two good examples of this are Virtual Private Networks (VPN's) and Secure Socket Layer (SSL) proxies. VPN's and SSL proxies encrypt all traffic external to an internal network (Local Area Network (LAN)) so that external access is secured. Yet, once an attacker (such as an external hacker or even a disgruntled employee of an enterprise) successfully penetrates the internal network (LAN) everything is in the clear and is now easy to attack. Such attacks include passive observation of network traffic to learn user-names, passwords, employee identifiers (ids), or other sensitive information or even active spoofing of World-Wide Web (WWW) resources or identities.
It appears that enterprises believe that access to internal networks are sufficiently secure so as to prevent external hackers in the first instance and that manual procedures are sufficiently robust as to prevent internal abuses from existing employees. This is naïve and unduly exposes enterprises to security breaches that can be catastrophic to those enterprises.
Thus, what is needed is a mechanism, which allows for improved security within internal networks.