Security Basics mailing list archives
Re: Data Theft
From: John Morrison <john.morrison101 () gmail com>
Date: Thu, 27 May 2010 12:30:31 +0100
Both McAfee and Novell have solutions that integrate with other products to reduce operational costs and that work with a range of operating systems and software (Linux, Windows, etc). These tend to work better than ones that force you to use a single supplier's view of the world. McAfee have DLP-specific products - Network DLP, endpoint DLP Novell have a range of security products - ZENworks Endpoint Security Management, Identity and Security (in particular Compliance) Search for informationweek 203101059 and see the article with this number (Time To Take Action Against Data Loss) On 26 May 2010 03:44, Sumeet Narula <sumeet.narula () gmail com> wrote:
Thanks for your help Sumeet Narula, CEO Comsquare Networks India Pvt Ltd. -----Original Message----- From: Dennis Li [mailto:dennis.li.sh () gmail com] Sent: 26 May 2010 07:18 To: Sumeet Narula Cc: security-basics () securityfocus com Subject: Re: Data Theft Hi, The full solution would be the following steps, you shall consider the management and tool both to mitigate the risk: 1. Identify what information is sensitive to your company and classify them; 2. assign responsiblities to the owner, custodian and user of the information. The example of owner's responsibilities as below: a. define the classification of the information b. define who can access those information by default c. define the application and approval procedure if others want to access infomation d. define the delivery, retention and storage requirement for those classified information. 3. And CEO/CIO shall assign the sercurity officer to be responsible for defining security pollicies, conduct security audit regularly 4. Define the access control policies based on the clause b in section 2 mentioned above. 5. Find a proper DLP tool to deploy. The best commercial tool is Symantec DLP, the best one based Garner magic quadrant (other tool vendor include EMC, Websense, RSA, etc). 6. Define the policies of the DLP tool based on the access control policy and access list generated during step 1 to 4. Please be aware, DLP tool is after-event prevention solution. It means, only somebody is trying to steal your information then DLP tool can identify, log, warn and prevent the action. The tool cannot prevent all leakage channels. The steps 1 - 4 are security policies to mitigate the risk prior to the case really happens by clarifying security responsibilities and access control policies. If you need more detailed information, don't hesitate to contact me. Dennis Li On Fri, May 21, 2010 at 3:17 PM, Sumeet Narula <sumeet.narula () gmail com> wrote:we are looking for any software/firewall solution. which prevent the user(user is not under domain) from copying the datafromPC/laptop to Pen drive/mail the data as an attachment. actually our main concern is to prevent the data theft from our office PCs(suggest if you have some other other solution). we require this for at least 5-10 PCs.--------- ------------------------------------------------------------------------ Securing Apache Web Server with thawte Digital Certificate In this guide we examine the importance of Apache-SSL and who needs an SSLcertificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727 d1------------------------------------------------------------------------------------------------------------------------------------------------ Securing Apache Web Server with thawte Digital Certificate In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates. http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1 ------------------------------------------------------------------------
------------------------------------------------------------------------ Securing Apache Web Server with thawte Digital Certificate In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates. http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1 ------------------------------------------------------------------------
Current thread:
- Data Theft, (continued)
- Data Theft Sumeet Narula (May 25)
- Re: Data Theft Ansgar Wiechers (May 25)
- RE: Data Theft Antti.Laatikainen (May 25)
- RE: Data Theft Alexander Klimov (May 26)
- Re: Data Theft Todd Haverkos (May 25)
- RE: Data Theft Sumeet Narula (May 26)
- Data Theft Sumeet Narula (May 25)
- Re: Data Theft Lal Kumar (May 26)
- Re: Data Theft Adrian J Milanoski (May 26)
- Re: Data Theft Dennis Li (May 26)
- RE: Data Theft Sumeet Narula (May 26)
- Re: Data Theft John Morrison (May 27)