> the concern is with tracking what people on the inside transfer to locations > on the outside. > We can't control the services made available outside.
You can block the port outbound. If the DLP can detect FTP in general, surely it could block FTP on other ports as well based on handshake inspection. FTP is really problematic for a number of reasons. Can it be configured securely? Yeah, but only after lots of testing and requring clients use specific software in specific configurations. I too recommend it just be blocked. If a user has a legit reason to use it, first try to convince them and the service they are using to leverage an alternative. Failing that, whitelist only that site and encourage FTPS/SFTP. tim _______________________________________________ PLUG mailing list [email protected] http://lists.pdxlinux.org/mailman/listinfo/plug
