Re: Deny access to copy files

[Ansgar -59cobalt- Wiechers <bugtraq () planetcobalt net>]

On 2008-06-01 Ahmed Khalid wrote:
> I am working for a software house, they are developing a software
> product and their requirement is to restrict programmers to take the
> code out of office premises due to company policy. I am trying to
> configure a windows based machine which denies access to copy files to
> external storage devices connected to USB. There is an NTFS permission
> "Read + Execute" I guess this could do the work but is there any other
> way to do it? 
>
> They also don't need programmers to take the code with them in their
> email. I can restrict SMTP and POP ports but when it comes to web
> based emails I am clueless, How can I restrict web based emails like
> hotmail, gmail, yahoo there are so many of these and if I somehow
> manage to block all web based email sites someone can write a script
> to send emails, if not a script HTTP tunneling would bypass any checks
> and bounds defined by my proxy/gateway machine. How can I block such
> thing?
>
> Any help would be highly appreciated.

If you can't trust your developers: fire them. Trying to restrict them
by enforcing policies is pointless. If they're unable to thwart whatever
measure you throw at them either their environment is too ristrictive
for them to be able to work efficiently (which is counter-productive for
the company), or they're incompetent (in which case you may want to find
someone better).

Regards
Ansgar Wiechers
-- 
"All vulnerabilities deserve a public fear period prior to patches
becoming available."
--Jason Coombs on Bugtraq