Security Basics mailing list archives

Re: Re: security products

From: dan.crowley () gmail com
Date: 19 Feb 2009 14:22:35 -0000

I'd like to reiterate and stress the point that was made earlier.

If you can read it, EVER, YOU CAN COPY IT. Doesn't matter what technical measures you use if an employee opens the file 
with the right computer from inside the network, and then takes a picture of their screen with a digital camera.

You NEED to be able to trust your employees, but supplement that trust with auditing features.

The only possible solution I can think of is to add custom fake data for each user viewing the data (indistinguishable 
from the rest of the data) which would be identifiable in the event of a leak. However, I don't know any way to do this 
that's really feasible.

In the digicam scenario, only the data is being copied, not any metadata, no files, and your employees SHOULD be 
accessing that data, so there's no access controls you can put on it, and the only place to put identifying information 
(to determine the source of a leak) would be in the data itself.

Current thread:

Re: security products, (continued)
- Re: security products Isaac Perez Moncho (Feb 18)
- Re: security products Javier Reyna (Feb 18)
- Re: security products Shreyas Zare (Feb 18)
  - Re: security products Juan Pablo Macias (Feb 18)
- RE: security products darin.franklin (Feb 18)
- Re: security products Francesc Vila (Feb 18)
- Re: security products Rainer Giedat (Feb 18)
  - Re: security products Melvin (Feb 19)
- RE: security products Rajagopalan Raman (Feb 19)
- Re: security products Meenal Mukadam (Feb 19)
- Re: Re: security products dan . crowley (Feb 19)
- Re: security products rohnskii (Feb 19)
- Re: security products praveen_recker (Feb 19)
  - Re: security products Juan Pablo Macias (Feb 19)
- Re: Re: Re: security products chmod1777 (Feb 19)