Announcement

Collapse
No announcement yet.

Data Leak Prevention

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Data Leak Prevention

    I would like others input on the topic of data leak prevention. I work for a small company that has about 70 users but we deal with a lot of sensitive information. The owner of the company wants to be able to monitor the data we have and know who is accessing it, when and how as well as know if it is being downloaded to CD/DVD or USB and leaving the company office.
    I have been looking at a few DLP programs and the one thing that I am concerned about is that they make a copy of the data as an inventory to compare against the data that it is meant to protect. With that in mind, DLP programs sit on the perimeter of the network watching. Theoretically, if I were looking to get my hands on the crown jewels, malicious intent would dictate that I go straight to the queen herself, so you can see how this could be a potential security problem.
    What suggestions do you have for monitoring our data without putting something on the perimeter of our network? What ideas do you have for being able to log the movement of our data and who is accessing it?
    Any information would be a great help and I look forward to seeing your responses. Thanks.

  • #2
    Re: Data Leak Prevention

    I'm no expert but this could be a start.

    Your data should be encrypted this way if there is a leak it can minimize the impact. You will no doubt be required by law to do it soon anyway.

    http://online.wsj.com/article/SB122411532152538495.html

    If you are trying to monitor who is accessing the data on your LAN you could install keystroke loggers on all your systems. With do diligence it could prevent a data leak. It is also cheap and easy though going through all the data collected by not be.

    xor
    Just because you can doesn't mean you should. This applies to making babies, hacking, and youtube videos.

    Comment


    • #3
      Re: Data Leak Prevention

      Originally posted by ShadowCat66 View Post
      I have been looking at a few DLP programs and the one thing that I am concerned about is that they make a copy of the data as an inventory to compare against the data that it is meant to protect. With that in mind, DLP programs sit on the perimeter of the network watching. Theoretically, if I were looking to get my hands on the crown jewels, malicious intent would dictate that I go straight to the queen herself, so you can see how this could be a potential security problem.
      This isn't my area of expertise by a long shot, but according to what little I have looked on DLP, many of theses systems work by using a hash or signature of the data, rather than straight copy. If someone grabs that, all they have is a hash.
      Thorn
      "If you can't be a good example, then you'll just have to be a horrible warning." - Catherine Aird

      Comment


      • #4
        Re: Data Leak Prevention

        You could also take out Floppies & CD/DVD Burners. Honestly they shouldn't be on a systems with "sensitive data" anyway. Anything you need to do as an admin should be able to be done over the network. If someone needs a copy they should go to a supervised workstation where records are made of each transaction. I've also heard of sysadmins filling the USB ports with hot glue. Though admittedly a little extreme.

        xor
        Just because you can doesn't mean you should. This applies to making babies, hacking, and youtube videos.

        Comment


        • #5
          Re: Data Leak Prevention

          Originally posted by xor View Post
          I've also heard of sysadmins filling the USB ports with hot glue. Though admittedly a little extreme.

          xor
          Wouldn't a GPO turning off USB data devices be enough?
          Thorn
          "If you can't be a good example, then you'll just have to be a horrible warning." - Catherine Aird

          Comment


          • #6
            Re: Data Leak Prevention

            Originally posted by Thorn View Post
            Wouldn't a GPO turning off USB data devices be enough?
            http://www.theinquirer.net/en/inquir...e-up-usb-ports

            I didn't say I would do it(hides bottle of super glue ); I just stated I heard about it.

            xor
            Last edited by xor; October 17, 2008, 18:21.
            Just because you can doesn't mean you should. This applies to making babies, hacking, and youtube videos.

            Comment


            • #7
              Re: Data Leak Prevention

              Here's the thread I was looking for.

              http://www.watchyourend.com/2007/01/...curity-breach/

              Los Alamos at work protecting our Nuclear secrets.

              Actually when I first heard of the practice I thought it was kind of an IT urban myth.

              xor
              Last edited by xor; October 17, 2008, 18:15.
              Just because you can doesn't mean you should. This applies to making babies, hacking, and youtube videos.

              Comment


              • #8
                Re: Data Leak Prevention

                Originally posted by xor View Post
                You could also take out Floppies & CD/DVD Burners. Honestly they shouldn't be on a systems with "sensitive data" anyway. Anything you need to do as an admin should be able to be done over the network. If someone needs a copy they should go to a supervised workstation where records are made of each transaction. I've also heard of sysadmins filling the USB ports with hot glue. Though admittedly a little extreme.

                xor
                There's a company that actually makes a physical lock for USB ports. Just plug it in and turn the key. I looked at them for a bit, but for what I wanted them for, they were a bit pricey.

                http://www.pcguardian.com/products/data.html
                Last edited by streaker69; October 17, 2008, 19:36.
                A third party security audit is the IT equivalent of a colonoscopy. It's long, intrusive, very uncomfortable, and when it's done, you'll have seen things you really didn't want to see, and you'll never forget that you've had one.

                Comment


                • #9
                  Re: Data Leak Prevention

                  Found this, there is a free trial. I think this is what Thorn was talking about.

                  http://www.devicewall.com/

                  xor
                  Just because you can doesn't mean you should. This applies to making babies, hacking, and youtube videos.

                  Comment


                  • #10
                    Re: Data Leak Prevention

                    Originally posted by streaker69 View Post
                    There's a company that actually makes a physical lock for USB ports. Just plug it in and turn the key.
                    maybe it was an older model, but someone brought one of these to us at a TOOOL booth at a con. as i say, i can't comment on their entire product line, but the one we saw was an absolute joke. the locking mechanism was easily manipulated open, and besides that there's the fact that a USB port isn't constructed like a Kensington-style laptop lock.

                    Unlike a laptop lock (which, as i understand it, will actually break apart some of the system circuitry if forced open, provided the lock has been properly integrated into the device) a USB port has no specific "footholds" let us say that can be used to effectively retain the "lockout device"... we just ripped one clean out of the machine (without superhuman effort) and the port was totally fine and still functional. It might be hard to stick back in there (and thus be evidence that someone was using the port somehow) but it surely won't protect you much, from what we've seen thus far.
                    "I'll admit I had an OiNK account and frequented it quite often… What made OiNK a great place was that it was like the world's greatest record store… iTunes kind of feels like Sam Goody to me. I don't feel cool when I go there. I'm tired of seeing John Mayer's face pop up. I feel like I'm being hustled when I visit there, and I don't think their product is that great. DRM, low bit rate, etc... OiNK it existed because it filled a void of what people want."
                    - Trent Reznor

                    Comment


                    • #11
                      Re: Data Leak Prevention

                      Originally posted by Deviant Ollam View Post
                      maybe it was an older model, but someone brought one of these to us at a TOOOL booth at a con. as i say, i can't comment on their entire product line, but the one we saw was an absolute joke. the locking mechanism was easily manipulated open, and besides that there's the fact that a USB port isn't constructed like a Kensington-style laptop lock.

                      Unlike a laptop lock (which, as i understand it, will actually break apart some of the system circuitry if forced open, provided the lock has been properly integrated into the device) a USB port has no specific "footholds" let us say that can be used to effectively retain the "lockout device"... we just ripped one clean out of the machine (without superhuman effort) and the port was totally fine and still functional. It might be hard to stick back in there (and thus be evidence that someone was using the port somehow) but it surely won't protect you much, from what we've seen thus far.
                      When I was originally looking at them, I was wondering if you had seen on before or not. After looking at them as best as possible on their website, I kind of came to the same conclusion. It's a lot of money for something that's easily circumvented. I figured I'd just use some GPO's and tamper evident tape.
                      A third party security audit is the IT equivalent of a colonoscopy. It's long, intrusive, very uncomfortable, and when it's done, you'll have seen things you really didn't want to see, and you'll never forget that you've had one.

                      Comment


                      • #12
                        Re: Data Leak Prevention

                        What you are looking for is something along the lnes of Digital Rights Management. According to the folks at Microsoft, whose solution we are looking at due to Microsoft Products being extremely predominant in our company, DRM manages who can access the data and what they can do with that data.

                        Also there are DLP solutions that will log what data and when it is written to any removable media. Some of these we have looked at are tied to encryption products so you may want to look at what you are using for laptop or data encryption and see if it has the capability to log any accesses to removable media.

                        This is not really rocket science and a few calls to some of the "big guns" like McAfee, Microsoft, Symantec, IBM, etc. should produce a number of solutions to choose from.

                        As for super glueing USB ports, that use to be a common practice by a number of LUGA's (large un-named government agencies).
                        DaKahuna
                        ___________________
                        Will Hack for Bandwidth

                        Comment


                        • #13
                          Re: Data Leak Prevention

                          Originally posted by xor View Post
                          You could also take out Floppies & CD/DVD Burners. Honestly they shouldn't be on a systems with "sensitive data" anyway.
                          I originally misread this, but I misread it in a way that makes sense. If you have sensitive data, and you need to control access, is it feasible to not make that data available on the network? Make the data available on DVD/hard drive/USB/whatever and make employees record access to the items. If you can't trust the employees (and if you can't, you've got bigger problems out there), then make sure that employees can't access the data in a private environment. Simple and probably more effective than anything else you'll come up with.

                          Originally posted by xor View Post
                          I've also heard of sysadmins filling the USB ports with hot glue. Though admittedly a little extreme.
                          Originally posted by Thorn
                          Wouldn't a GPO turning off USB data devices be enough?
                          That's assuming that your operating system supports such a feature. For a very long time Microsoft did not allow for such a configuration, and, now that they do, it will take a while for the old processes to work their way out of the system.

                          Comment


                          • #14
                            Re: Data Leak Prevention

                            Originally posted by Deviant Ollam View Post
                            maybe it was an older model, but someone brought one of these to us at a TOOOL booth at a con. as i say, i can't comment on their entire product line, but the one we saw was an absolute joke.
                            Was that the one we died laughing at at HOPE? I think I'd rather attach a rabid creature to my laptop than have one of those.
                            ======================================
                            DJ Jackalope
                            dopest dj in the galaxy. *mwah!*

                            send in the drop bears!
                            ======================================

                            Comment


                            • #15
                              Re: Data Leak Prevention

                              Originally posted by DJ Jackalope View Post
                              Was that the one we died laughing at at HOPE? I think I'd rather attach a rabid creature to my laptop than have one of those.
                              Maybe something like this?

                              http://www.thinkgeek.com/geektoys/japanfan/9c89/

                              Someone needs to make one of those that looks like Quagmire and says Giggity.
                              Last edited by streaker69; October 19, 2008, 15:22.
                              A third party security audit is the IT equivalent of a colonoscopy. It's long, intrusive, very uncomfortable, and when it's done, you'll have seen things you really didn't want to see, and you'll never forget that you've had one.

                              Comment

                              Working...
                              X