DLP is way more than just restricting access to removable devices. http://code.google.com/p/opendlp/
VPN access restrictions such as you mentioned are a good thing. There are open source two factor auth solutions. Exchange doesn't go in a DMZ On Fri, Jan 27, 2012 at 06:46, [email protected] <[email protected]> wrote: > > > Ok, so we have had a NCUA IT audit and some of the recommendations are as > follows: > > > > Data Loss Prevention (DLP) > > The Credit Union should have the the ability to use USB storage devices, > DVD, and CD drives turned off unless required. With some for of alerting if > a user is trying to use those devices without permission. > > > > Security Information and Event Management (SIEM) system > > The Credit Union should have a SIEM system in place to consolidate logs from > all devices and applications, encrypt those logs, have real time alerting, > and compliance reporting. > > > > VPN access > > The Credit Union should have Network Access Controls such as scanning the > connecting machine for correct configuration prior to allowing access to the > network, some kind of multi factor token or device, and a more detailed > access list on the VPN client area of the firewall. > > > > DMZ > > The Credit Union should move the Microsoft Exchange server into a DMZ of the > firewall or industry best practice for proxing email traffic into and out of > the DMZ to protect the Credit Union's internal network if a breach occurs on > the email system. > > > > With all of this being said, can you get me some vendor information about > about each of these areas. It can be freeware, it can be appliances, it can > be anything that is easily managable. > > And Management is looking for a quick turn around on this so whitepapers and > recommendations first. > > > > This is what I sent my software vendors. Did I ask the right questions? > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to [email protected] > with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin
