Results 1 to 7 of 7

Thread: Hardening info.sec countermeasure

  1. #1
    Junior Member
    Join Date
    Nov 2004
    Posts
    3

    Lightbulb Hardening info.sec countermeasure

    about info security -- employees can leak confidential information by copying them on their own laptop connected corporate LAN, or on removable media (CD-R, USB Ram, ext.HD etc...) Is there any kind of solution to avoid this? Something like, preventing unauthorized copy to external media so that they can't sneak it out and sell these confidential information..
    segnodal

  2. #2
    Senior Member
    Join Date
    Mar 2004
    Location
    Colorado
    Posts
    421
    What the @#!$ are you talking about?

  3. #3
    file permissions?

    or sniffer dogs trained to sense people with USB drives

  4. #4
    Senior Member nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,188
    Hmmmmm,

    I could probably write a 300 page book on this one...............

    You do not give us much information so I shall have to make assumptions:

    1. Reasonably democratic society
    2. Commercial environment

    So what do you do..............................?

    1. Fire your entire HR Department.............if they did their jobs properly this would not even be a question. You need some stateful, effective personnel vetting and selection process. Let's be realistic, if you don't let them in through the gate, you don't have a problem.

    2. You need a clear AUP (authorised usage policy)..........get it signed very regularly, or just stop the pay cheque

    3. Don't outsource...............write your letter of resignation instead.............you are useless, and cannot do your job. Let's face it, what is the point of #1 if you let any hophead empty your trash cans and wander round the building when it is empty. You cannot control the outsourcing provider, or their hiring processes?

    4. Overpay and overbenefit your employees so they become "jobsworths" and would not dare infringe.

    NOW you are about ready to start............you need a "secure" environment and a general one. The secure environment does NOT connect to the internet or run on the same internal network.

    I will stop now, as I am not being paid for my consultancy work.............just a tip:

    Look at a totally locked down thin client environment..........use something like Citrix Metaserver. The desktop should not have device ports to use or connect to..............it should be a dumb terminal.............

    just a few thoughts

  5. #5
    Junior Member
    Join Date
    Nov 2004
    Posts
    3
    Sorry for lack of information, your assumption is just right... and I appreciate your voluntary consulting I'd get that book if you write it!

    I was trying to get some idea of it.. I was also thinking of Citrix - then I thought there should be some way to prevent copying to removable media. Sneaking confidential information for misuse could harm company, many of them prevent these activities by setting sec.policy but this works only if he/she is morally sound.

    As you said thin client without removable device capability could be dumb terminal (I won't use it too but I guess if it can filter files based on its confidenciality when copying on removable media, it could be something useful. But still, the last resort could be burning down the department~~
    segnodal

  6. #6
    Member
    Join Date
    Aug 2004
    Posts
    95
    May be ....

    you can set policies for each share and as big organisations have indivdual logins, you can trace them to who has viewed a folder and who has copied.

    Make them work in the organisation through logins you provide using DHCP and enforce strong policies to ensure security of the information you have in servers.

    Your problem can be very much solved using DHCP servers and strong policy enforcements.

  7. #7
    Junior Member
    Join Date
    Nov 2004
    Posts
    3
    thanks...

    logging and tracing could be good forewarning for the employees..
    after all >using DHCP servers and strong policy enforcements< can be more efficient once these environment is all set..
    segnodal

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •