This one time, at band camp, Ricky wrote: >- first, you classify data Eg.engineering.doc is commercially sensitive or >customer_creditcard.xls is personal privacy >- setup rules in your DLP, likely to be an appliance box sitting behind the >firewall >- stops data from going out the LAN
Application-aware firewalls are time consuming to develop, but I am concocting in my mind a tool that scans signatures out of all your documents, then has a tcpdump running on your firewall comparing traffic signatures -- sort of like snort, but in reverse -- and sending TCP RST to the sender if a violation was detected. I can also think of ways around it (SSL, for example, is a trivial workaround, so you'll need to also MITM all your users... a wildcard certificate ought to fool the client browsers). Do things like this really exist?? Well, I imagine Lotus Scrotes could, because the document never really leaves the database, but how would you build a system that reliably worked in a heterogenous environment like a small-medium office, that actually worked, and you could sell to people and still retain your soul? -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
