Barrie Hall wrote:
ideally you want your data security right down to the individual
syscall level.
Various products like what Cisco offer let you specify what access
to what
data various applications have, but i don't know how useful it is
protecting
people from copy/pasting data
Sorry about coming into this discussion late in the day
Let me see if I understand your requirements.
You want to ensure that your data has been appropriately classified
and if classified at a certain level you want the system to stop
anyone sending the data out of the environment.
if
ideally you want your data security right down to the individual
syscall level.
Various products like what Cisco offer let you specify what access to
what
data various applications have, but i don't know how useful it is
protecting
people from copy/pasting data around. I know at least
On Feb 11, 2008 8:11 PM, Jamie Wilkinson [EMAIL PROTECTED] wrote:
Do things like this really exist?? Well, I imagine Lotus Scrotes could,
because the document never really leaves the database, but how would you
build a system that reliably worked in a heterogenous environment like a
On Tue, Feb 12, 2008, Barrie Hall wrote:
I've always seen this as an HR issue, not a technical issue at all.
Employee signs a contract which says don't send our documents outside
without permission, don't take sensitive stuff out of the office on a USB
stick, etc, etc, if you do and we
On Tue, Feb 12, 2008, Rev Simon Rumble wrote:
This one time, at band camp, Adrian Chadd wrote:
ideally you want your data security right down to the individual syscall
level.
Various products like what Cisco offer let you specify what access to what
data various applications have, but
Thats why you don't do it like this. Well, you do this, but only as part
of the solution.
ideally you want your data security right down to the individual syscall level.
Various products like what Cisco offer let you specify what access to what
data various applications have, but i don't know how
On Tuesday 12 February 2008 08:07:39 [EMAIL PROTECTED] wrote:
- first, you classify data Eg.engineering.doc is commercially sensitive
or customer_creditcard.xls is personal privacy
- setup rules in your DLP, likely to be an appliance box sitting behind
the firewall
- stops data from
This one time, at band camp, Martin Visser wrote:
I tend to think that such devices are probably more security theatre
as Bruce said it in his keynote, as it is hard to do reliably. If you
allow users adhoc access to mail or web browsers, while you can catch
sequences of numbers like 1234 if
On Feb 11, 2008 1:11 AM, Jamie Wilkinson [EMAIL PROTECTED] wrote:
Application-aware firewalls are time consuming to develop, but I am
concocting in my mind a tool that scans signatures out of all your
documents, then has a tcpdump running on your firewall comparing traffic
signatures -- sort
This one time, at band camp, Ricky wrote:
- first, you classify data Eg.engineering.doc is commercially sensitive or
customer_creditcard.xls is personal privacy
- setup rules in your DLP, likely to be an appliance box sitting behind the
firewall
- stops data from going out the LAN
This one time, at band camp, Barrie Hall wrote:
Employee signs a contract which says don't send our documents outside
without permission, don't take sensitive stuff out of the office on a USB
stick, etc, etc, if you do and we catch you we will dismiss/warn you.
Sue you for damages more like
This one time, at band camp, Adrian Chadd wrote:
ideally you want your data security right down to the individual syscall
level.
Various products like what Cisco offer let you specify what access to what
data various applications have, but i don't know how useful it is protecting
people
Its not a difficult problem with a real security model. You'd be able
to say stuff like USB ports are low security level; and documents in
these groups can be copied | documents in these groups can't be copied | etc.
Unfortunately operating system vendors push crap security models from
the early
On Feb 11, 2008 4:11 PM, jam [EMAIL PROTECTED] wrote:
The whole concept is an utter myth.
I zip my data
or bzip it
or bzip2 it
or steg it into a harmless picture
or encrupt it
As I said, an utter myth
Agreed :-)
[EMAIL PROTECTED]:~/code/cerulif$ cat cerulif.py
#!/usr/bin/env python
On Feb 12, 2008 12:18 PM, Rev Simon Rumble [EMAIL PROTECTED] wrote:
This one time, at band camp, Adrian Chadd wrote:
ideally you want your data security right down to the individual syscall
level.
Various products like what Cisco offer let you specify what access to what
data various
Dear SLUG List
Has anyone come across any Linux/Open Source Data Leakage Prevention (DLP)
solution ?
cheers
Ricky
--
SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/
Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
On Mon, 2008-02-11 at 10:28 +1100, Ricky wrote:
Dear SLUG List
Has anyone come across any Linux/Open Source Data Leakage Prevention (DLP)
solution ?
I thought selinux has something in this space.
-Rob
--
GPG key available at: http://www.robertcollins.net/keys.txt.
signature.asc
This one time, at band camp, Ricky wrote:
- first, you classify data Eg.engineering.doc is commercially sensitive or
customer_creditcard.xls is personal privacy
- setup rules in your DLP, likely to be an appliance box sitting behind the
firewall
- stops data from going out the LAN
sort of
of look at ports, ip
addressesetc it looks for the classification of the data (doc, xls, pdf,
email, IMetc)
- Original Message -
From: Rev Simon Rumble [EMAIL PROTECTED]
To: slug@slug.org.au
Sent: Monday, February 11, 2008 11:01 AM
Subject: Re: [SLUG] Data Leakage Prevention
This one time, at band camp, Ricky wrote:
Has anyone come across any Linux/Open Source Data Leakage Prevention (DLP)
solution ?
Care to define your term? It's not something I've ever heard of.
--
Rev Simon Rumble [EMAIL PROTECTED]
www.rumble.net
The Tourist Engineer
Because nerds travel
On Feb 10, 2008 3:28 PM, Ricky [EMAIL PROTECTED] wrote:
Has anyone come across any Linux/Open Source Data Leakage Prevention (DLP)
solution ?
Cisco Security Agent does this, but it is not F/OSS. I am biased
though, since I was on the Okena team from 2005-2007...
22 matches
Mail list logo