Chris Merkel wrote:
No, wasn't being sarcastic - don't assume that the DLP box will catch
even all of the normal end user ways of exfiltrating data. Skype,
encrypted for example.
Proving all the ways DLP can fail is the easy part. The only challenge
is that you run into there is that the failure modes are near
infinate.
On 10/22/09, [email protected] <[email protected]> wrote:
I am notoriously bad at picking up on sarcasm over email, especially
lacking the appropriate <sarcasm> tag, but are you seriously suggesting
tailoring the testing to only highlight the features that you know work? I
can understand wanting to demonstrate what would get caught, but the real
value of testing this system is to find out where the weakness exist so
that appropriate controls can be added to reduce those risks. The testing
methodology should be expansive enough to use as education for the idiots.
On Oct 22, 2009 2:14pm, Chris Merkel <[email protected]> wrote:
I agree with Ron - DLP is an "idiot screen" and is useful for little
more. Therefore, your testing methodology should be to emulate idiots
and nothing more. (and educate any idiot who thinks it will solve your
leakage issues.)
On 10/22/09, xgermx [email protected]> wrote:
Create a small TrueCrypt container, copy sensitive files to container,
copy
container to usb or email container.
On Thu, Oct 22, 2009 at 10:38 AM, Brian Schultz
[email protected]>wrote:
Our security department is testing out Symantec's Vontu and I am
playing
the guinea pig and have to try and get documents out of our company's
environment. I have a really basic understanding of how it works. It
has a
span port sitting and listening to all outgoing web traffic and there
is
also an agent that sits on desktops and watches to see if any sensitive
information leaves via USB drive or e-mail.
Does anyone have any whitepapers or info regarding how it actually
works
or
any tactics I should try?
_______________________________________________
Pauldotcom mailing list
[email protected]
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com
--
Sent from my mobile device
- Chris Merkel
_______________________________________________
Pauldotcom mailing list
[email protected]
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com
Make the file > 30 MB and it won't scan it.
_______________________________________________
Pauldotcom mailing list
[email protected]
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com
