RE: Deny access to copy files

["Gillian Day" <gday () looptech com au>]

Hi Ahmed,

There is a product by McAfee that allows you to prevent staff from copying/sending sensitive info on the web. Its 
called something like Total Data Protection.

That said I am sure there is significant resources and cost associated with products like this... I am a believer in 
policy and procedure first... I think you should have a really good understanding of exactly what threat you are trying 
to mitigate and consider if a technical control is really the best choice for mitigation.

Hope this helps!

Kind Regards,

G.

-----Original Message-----
From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of Ahmed Khalid
Sent: Monday, 2 June 2008 4:20 AM
To: focus-ms () securityfocus com
Cc: security-basics () lists securityfocus com
Subject: Deny access to copy files

I am working for a software house, they are developing a software product
and their requirement is to restrict programmers to take the code out of
office premises due to company policy. I am trying to configure a windows
based machine which denies access to copy files to external storage devices
connected to USB. There is an NTFS permission "Read + Execute" I guess this
could do the work but is there any other way to do it? 

They also don't need programmers to take the code with them in their email.
I can restrict SMTP and POP ports but when it comes to web based emails I am
clueless,  How can I restrict web based emails like hotmail, gmail, yahoo
there are so many of these and if I somehow manage to block all web based
email sites someone can write a script to send emails, if not a script HTTP
tunneling would bypass any checks and bounds defined by my proxy/gateway
machine. How can I block such thing?

Any help would be highly appreciated.

Regards,
Ahmed Khalid