PaulDotCom mailing list archives
Bypassing Vontu
From: cmerkel at gmail.com (Chris Merkel)
Date: Thu, 22 Oct 2009 17:41:20 -0500
No, wasn't being sarcastic - don't assume that the DLP box will catch even all of the normal end user ways of exfiltrating data. Skype, encrypted for example. Proving all the ways DLP can fail is the easy part. The only challenge is that you run into there is that the failure modes are near infinate. On 10/22/09, johnemiller at gmail.com <johnemiller at gmail.com> wrote:
I am notoriously bad at picking up on sarcasm over email, especially lacking the appropriate <sarcasm> tag, but are you seriously suggesting tailoring the testing to only highlight the features that you know work? I can understand wanting to demonstrate what would get caught, but the real value of testing this system is to find out where the weakness exist so that appropriate controls can be added to reduce those risks. The testing methodology should be expansive enough to use as education for the idiots. On Oct 22, 2009 2:14pm, Chris Merkel <cmerkel at gmail.com> wrote:I agree with Ron - DLP is an "idiot screen" and is useful for littlemore. Therefore, your testing methodology should be to emulate idiotsand nothing more. (and educate any idiot who thinks it will solve yourleakage issues.)On 10/22/09, xgermx xgermx at gmail.com> wrote:Create a small TrueCrypt container, copy sensitive files to container,copycontainer to usb or email container.On Thu, Oct 22, 2009 at 10:38 AM, Brian Schultztheconqueror at gmail.com>wrote:Our security department is testing out Symantec's Vontu and I amplayingthe guinea pig and have to try and get documents out of our company'senvironment. I have a really basic understanding of how it works. Ithas aspan port sitting and listening to all outgoing web traffic and thereisalso an agent that sits on desktops and watches to see if any sensitiveinformation leaves via USB drive or e-mail.Does anyone have any whitepapers or info regarding how it actuallyworksorany tactics I should try?_______________________________________________Pauldotcom mailing listPauldotcom at mail.pauldotcom.comhttp://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcomMain Web Site: http://pauldotcom.com--Sent from my mobile device- Chris Merkel_______________________________________________Pauldotcom mailing listPauldotcom at mail.pauldotcom.comhttp://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcomMain Web Site: http://pauldotcom.com
-- Sent from my mobile device - Chris Merkel
Current thread:
- Bypassing Vontu, (continued)
- Bypassing Vontu Chris Merkel (Oct 22)
- Bypassing Vontu Jim Halfpenny (Oct 22)
- Bypassing Vontu Ron Gula (Oct 22)
- Bypassing Vontu Raffi Jamgotchian (Oct 22)
- Bypassing Vontu Allen Deryke (Oct 22)
- Bypassing Vontu John Strand (Oct 22)
- Bypassing Vontu xgermx (Oct 22)
- Bypassing Vontu Chris Merkel (Oct 22)
- Bypassing Vontu johnemiller at gmail.com (Oct 22)
- Bypassing Vontu John Strand (Oct 22)
- Bypassing Vontu Chris Merkel (Oct 22)
- Bypassing Vontu Justin Andrusk (Oct 22)
- Bypassing Vontu Chris Merkel (Oct 22)
- Bypassing Vontu Dan McGinn-Combs (Oct 22)
- Bypassing Vontu Duncan Alderson (Oct 23)
- Bypassing Vontu Shawn Bernard (Oct 23)
- Bypassing Vontu Ron Gula (Oct 23)
- Bypassing Vontu Shane Kelly (Oct 24)