Bypassing Vontu

[allen.deryke at hushmail.com (Allen Deryke)]

Things I'de try:
  - Send it over https (SSL out ftw)
  - Common Image stego tools, embed that secret recipe right in the  
company logo
  - Change formats, does it detect the word doc but not the jpeg  
screen shot of said doc?

  Do all this using only the tools availible to your users, go out an  
download encryption tools from a production build, bypass your proxy.

   I try not to judge a tool based on it's capablity but the value it  
adds to your environment. You may find that in order for that product  
to add value you may have to implement other controls.

    Encryption, Encodeing, and Stego are my perfered DLP product  
attack vectors.

-- Allen Deryke 

On Oct 22, 2009, at 11:38 AM, Brian Schultz <theconqueror at gmail.com>  
wrote:

> Our security department is testing out Symantec's Vontu and I am  
> playing the guinea pig and have to try and get documents out of our  
> company's environment. I have a really basic understanding of how it  
> works. It has a span port sitting and listening to all outgoing web  
> traffic and there is also an agent that sits on desktops and watches  
> to see if any sensitive information leaves via USB drive or e-mail.
>
> Does anyone have any whitepapers or info regarding how it actually  
> works or any tactics I should try?
> _______________________________________________
> Pauldotcom mailing list
> Pauldotcom at mail.pauldotcom.com
> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
> Main Web Site: http://pauldotcom.com