Re: Deny access to copy files

[Adam Pal <pal_adam () gmx net>]

Hello Ahmed,

Sounds more like you try washing your hands without getting wet :)
I can hardly imagine, that the programmers should be able to read but
not to copy, so if they need to programm they need access to the code.
I think its more frustrating for programmers to know that they have to
work with "handcuffs".
I think the problem lies much deeper :
do you trust your programmers?
If not, hire another, if yes, no such measurements needed, or better
say not more than written agreements about security policy.
About blocking web access:
As i can remember that one of the core problems of security is that
you cannot protect your data efficiently from attackers within the
company.
I can remember about agreements which contain things like:
-not connecting mobile storage devices to the workstation (this can be
monitored)
-not connecting mobile devices to the internal network (this can also
be monitored)
-not taking parts of code out of the company (which can also be
monitored)

Of course, bad-intentioned people will be able to bypass such
agreements but i preffer to assume that in your staff are good people
only.
One more - what about using interfaces for programming? Doing so,
every one holds only a small, unusable piece of the "puzzle".


-- 
Best regards,
 Adam Pal   

Sunday, June 1, 2008, 8:20:25 PM, you wrote:

<==============Original message text===============
AK> I am working for a software house, they are developing a software product
AK> and their requirement is to restrict programmers to take the code out of
AK> office premises due to company policy. I am trying to configure a windows
AK> based machine which denies access to copy files to external storage devices
AK> connected to USB. There is an NTFS permission “Read + Execute” I guess this
AK> could do the work but is there any other way to do it? 

AK> They also don’t need programmers to take the code with them in their email.
AK> I can restrict SMTP and POP ports but when it comes to web based emails I am
AK> clueless,  How can I restrict web based emails like hotmail, gmail, yahoo
AK> there are so many of these and if I somehow manage to block all web based
AK> email sites someone can write a script to send emails, if not a script HTTP
AK> tunneling would bypass any checks and bounds defined by my proxy/gateway
AK> machine. How can I block such thing?

AK> Any help would be highly appreciated.

AK> Regards,
AK> Ahmed Khalid 

<===========End of original message text===========

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature