Firewall Wizards mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Screening Outgoing Mail for Content

From: "Perry E. Metzger" <perry () piermont com>
Date: Wed, 05 Aug 1998 16:35:31 -0400

Wilson Roberto Afonso writes:


The screening problem is "AI complete". That is, it requires full AI
to detect sufficiently evil violators -- if even that would work.
[...]
If the user is sophisticated, forget having even hand screening
work. If hand screening won't work, what will?


On the other hand, if you are paranoid/determined enough, you might just
block whatever you cannot screen.  So, binary attachments are out, just
as uuencoded files etc.  If you're not sure it's safe to go, it does not
go.  Might still not be a 100% safe without hand screening, though.


It won't be 100% safe WITH hand screening. How will your screening
program, or person, even notice that a steganography program was run
over some innocuous looking text, subtly encoding a message in the
formatting in some way that you might find difficult to impossible to
detect?

Sufficiently determined people can *always* get by.

More importantly, though, is the question of whether caring is even
sufficiently important. For many firms, employees can leave the
building carrying all the confidential material they want in their
bag.

.pm
Previous By Date Next
Previous By Thread Next

Current thread: