November 18th, 2004 06:22 AM
Hardening info.sec countermeasure
about info security -- employees can leak confidential information by copying them on their own laptop connected corporate LAN, or on removable media (CD-R, USB Ram, ext.HD etc...) Is there any kind of solution to avoid this? Something like, preventing unauthorized copy to external media so that they can't sneak it out and sell these confidential information..
November 18th, 2004 07:01 AM
What the @#!$ are you talking about?
November 18th, 2004 09:46 AM
or sniffer dogs trained to sense people with USB drives
November 18th, 2004 11:59 AM
I could probably write a 300 page book on this one...............
You do not give us much information so I shall have to make assumptions:
1. Reasonably democratic society
2. Commercial environment
So what do you do..............................?
1. Fire your entire HR Department.............if they did their jobs properly this would not even be a question. You need some stateful, effective personnel vetting and selection process. Let's be realistic, if you don't let them in through the gate, you don't have a problem.
2. You need a clear AUP (authorised usage policy)..........get it signed very regularly, or just stop the pay cheque
3. Don't outsource...............write your letter of resignation instead.............you are useless, and cannot do your job. Let's face it, what is the point of #1 if you let any hophead empty your trash cans and wander round the building when it is empty. You cannot control the outsourcing provider, or their hiring processes?
4. Overpay and overbenefit your employees so they become "jobsworths" and would not dare infringe.
NOW you are about ready to start............you need a "secure" environment and a general one. The secure environment does NOT connect to the internet or run on the same internal network.
I will stop now, as I am not being paid for my consultancy work.............just a tip:
Look at a totally locked down thin client environment..........use something like Citrix Metaserver. The desktop should not have device ports to use or connect to..............it should be a dumb terminal.............
just a few thoughts
If you cannot do someone any good: don't do them any harm....
As long as you did this to one of these, the least of my little ones............you did it unto Me.
What profiteth a man if he gains the entire World at the expense of his immortal soul?
November 18th, 2004 10:09 PM
Sorry for lack of information, your assumption is just right... and I appreciate your voluntary consulting I'd get that book if you write it!
I was trying to get some idea of it.. I was also thinking of Citrix - then I thought there should be some way to prevent copying to removable media. Sneaking confidential information for misuse could harm company, many of them prevent these activities by setting sec.policy but this works only if he/she is morally sound.
As you said thin client without removable device capability could be dumb terminal (I won't use it too but I guess if it can filter files based on its confidenciality when copying on removable media, it could be something useful. But still, the last resort could be burning down the department~~
November 19th, 2004 12:00 AM
May be ....
you can set policies for each share and as big organisations have indivdual logins, you can trace them to who has viewed a folder and who has copied.
Make them work in the organisation through logins you provide using DHCP and enforce strong policies to ensure security of the information you have in servers.
Your problem can be very much solved using DHCP servers and strong policy enforcements.
November 20th, 2004 02:11 AM
logging and tracing could be good forewarning for the employees..
after all >using DHCP servers and strong policy enforcements< can be more efficient once these environment is all set..