Security Basics mailing list archives
RE: Deny access to copy files
From: "Yahsodhan Deshpande" <yahsodhan.deshpande () nevisnetworks com>
Date: Mon, 2 Jun 2008 14:28:33 -0700
Hi Ahmed, How about creating a virtual machine (which is hardened enough), and then allow the access to the code only via the virtual machine. Hardening the VM would be a task in itself, but it would solve much of the issues related to USB and mass storage devices. Regards, Yashodhan -----Original Message----- From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of Adam Pal Sent: Monday, June 02, 2008 1:15 PM To: Ahmed Khalid Cc: focus-ms () securityfocus com; security-basics () lists securityfocus com Subject: Re: Deny access to copy files Hello Ahmed, Sounds more like you try washing your hands without getting wet :) I can hardly imagine, that the programmers should be able to read but not to copy, so if they need to programm they need access to the code. I think its more frustrating for programmers to know that they have to work with "handcuffs". I think the problem lies much deeper : do you trust your programmers? If not, hire another, if yes, no such measurements needed, or better say not more than written agreements about security policy. About blocking web access: As i can remember that one of the core problems of security is that you cannot protect your data efficiently from attackers within the company. I can remember about agreements which contain things like: -not connecting mobile storage devices to the workstation (this can be monitored) -not connecting mobile devices to the internal network (this can also be monitored) -not taking parts of code out of the company (which can also be monitored) Of course, bad-intentioned people will be able to bypass such agreements but i preffer to assume that in your staff are good people only. One more - what about using interfaces for programming? Doing so, every one holds only a small, unusable piece of the "puzzle". -- Best regards, Adam Pal Sunday, June 1, 2008, 8:20:25 PM, you wrote: <==============Original message text=============== AK> I am working for a software house, they are developing a software product AK> and their requirement is to restrict programmers to take the code out of AK> office premises due to company policy. I am trying to configure a windows AK> based machine which denies access to copy files to external storage devices AK> connected to USB. There is an NTFS permission "Read + Execute" I guess this AK> could do the work but is there any other way to do it? AK> They also don't need programmers to take the code with them in their email. AK> I can restrict SMTP and POP ports but when it comes to web based emails I am AK> clueless, How can I restrict web based emails like hotmail, gmail, yahoo AK> there are so many of these and if I somehow manage to block all web based AK> email sites someone can write a script to send emails, if not a script HTTP AK> tunneling would bypass any checks and bounds defined by my proxy/gateway AK> machine. How can I block such thing? AK> Any help would be highly appreciated. AK> Regards, AK> Ahmed Khalid <===========End of original message text===========
Current thread:
- Re: Deny access to copy files, (continued)
- Re: Deny access to copy files Jon Kibler (Jun 02)
- Re: Deny access to copy files MaddHatter (Jun 03)
- Re: Deny access to copy files Aaron Howell (Jun 03)
- Re: Deny access to copy files Andrew Becherer (Jun 02)
- Re: Deny access to copy files Shreyas Zare (Jun 02)
- Re: Deny access to copy files Kim Johnsson (Jun 02)
- RE: Deny access to copy files Jeff Dinger (Jun 02)
- Re: Deny access to copy files Ali, Saqib (Jun 02)
- RE: Deny access to copy files Fielder, Kevin (GE Money) (Jun 02)
- Re: Deny access to copy files Adam Pal (Jun 02)
- RE: Deny access to copy files Yahsodhan Deshpande (Jun 02)
- Re: Deny access to copy files Liam Jewell (Jun 03)
- RE: Deny access to copy files Craig Wright (Jun 03)
- RE: Deny access to copy files Yahsodhan Deshpande (Jun 03)
- RE: Deny access to copy files Craig Wright (Jun 03)
- RE: Deny access to copy files Yahsodhan Deshpande (Jun 03)
- RE: Deny access to copy files Craig Wright (Jun 03)
- RE: Deny access to copy files Yahsodhan Deshpande (Jun 02)
- Re: Deny access to copy files Jon Kibler (Jun 02)