On Feb 11, 2008 8:11 PM, Jamie Wilkinson <[EMAIL PROTECTED]> wrote: > Do things like this really exist?? Well, I imagine Lotus Scrotes could, > because the document never really leaves the database, but how would you > build a system that reliably worked in a heterogenous environment like a > small-medium office, that actually worked, and you could sell to people and > still retain your soul? > > --
I tend to think that such devices are probably more "security theatre" as Bruce said it in his keynote, as it is hard to do reliably. If you allow users adhoc access to mail or web browsers, while you can catch sequences of numbers like 1234 if you are watching for credit card numbers, are you watching for one two three four, onetwothreefour, eentweedrievier and I,II,III,IV as well? This is simple encryption that people can easily detect, but with modest obfuscation are possibly hard for automated systems to correctly detect. In order to effectively limit data leakage I think you need :- 1. Limit user access to the data on a "need to know basis". For instance,credit card numbers are probably best stored securely once, and never presented back to users (with transactions being done with no direct user intervention). As long as administrative access to the data is very limited (or even nigh on impossible is using end-to-end hardware encryptors) then the possibilities for stuff getting out are limited. In fact, in this case the DLP systems mentioned become useful, in that leakage is likely to be only the result of inadvertant configuration errors, rather than adhoc and wanton transmission. When system users do need read access to sensitive data then it is useful to have unreputable auditing, so that people know they are being watched. (I understand this approach in police databases is now employed and has reduced inside abuse of data access substantially - as least that is what they tell us :-) ) You often don't need all the data on a customer to be presented to a customer service consultant, only that for the particular part of the transaction at hand. 2. Have totally separate systems that handle very private and sensitive data. Ideally this goes all the way to networks and workstations. If you do need to save having totally redundant systems you could employ techniques like data diode (http://en.wikipedia.org/wiki/Unidirectional_network) or Nettop (http://en.wikipedia.org/wiki/NetTop - yes, my employer sells a product based on the latter ). None of these prevent the "pencil and paper" leakage of data, but at least they limit the wholesale transfer of data between sensitive and public environments. If the data is contained behind the glass screen only they you are much more likely to keep tabs on it. (In fact one of the premises behind the idea of "blade PCs" with very thin desktop clients is trying to keep the data in the data centre and not on the desktop (apart from on the screen). That being said, a reverse-snort like appliance sounds like a cool idea! Regards, Martin -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
