> ideally you want your data security right down to the individual
> syscall level.
> Various products like what Cisco offer let you specify what access to
> what
> data various applications have, but i don't know how useful it is
> protecting
> people from copy/pasting data around. I know at least the "secure"
> versions
> of IRIX and Digital UNIX were doing useful things like tagging
> individual IPC
> data with security ACLs, preventing you from copy/pasting between
> high->low
> security contexts. That was fun to work inside. :)
But the nice security vendor man installed a box on our network and gave
me a certificate that promised we were secure!
I've always seen this as an HR issue, not a technical issue at all.
Employee signs a contract which says "don't send our documents outside
without permission, don't take sensitive stuff out of the office on a USB
stick, etc, etc, if you do and we catch you we will dismiss/warn you".
Catch someone, make an example of them, problem solved!!
Cheers,
Barrie
--
SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/
Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
