Bypassing Vontu

[jandrusk at gmail.com (Justin Andrusk)]

Chris Merkel wrote:
> No,  wasn't being sarcastic - don't assume that the DLP box will catch
> even all of the normal end user ways of exfiltrating data. Skype,
> encrypted for example.
>
> Proving all the ways DLP can fail is the easy part. The only challenge
> is that you run into there is that the failure modes are near
> infinate.
>
>
> On 10/22/09, johnemiller at gmail.com <johnemiller at gmail.com> wrote:
>   
> > I am notoriously bad at picking up on sarcasm over email, especially
> > lacking the appropriate <sarcasm> tag, but are you seriously suggesting
> > tailoring the testing to only highlight the features that you know work? I
> > can understand wanting to demonstrate what would get caught, but the real
> > value of testing this system is to find out where the weakness exist so
> > that appropriate controls can be added to reduce those risks. The testing
> > methodology should be expansive enough to use as education for the idiots.
> >
> > On Oct 22, 2009 2:14pm, Chris Merkel <cmerkel at gmail.com> wrote:
> >     
> > > I agree with Ron - DLP is an "idiot screen" and is useful for little
> > >       
> > > more. Therefore, your testing methodology should be to emulate idiots
> > >       
> > > and nothing more. (and educate any idiot who thinks it will solve your
> > >       
> > > leakage issues.)
> > >       
> >
> >
> >
> >
> >
> >     
> > > On 10/22/09, xgermx xgermx at gmail.com> wrote:
> > >       
> > > > Create a small TrueCrypt container, copy sensitive files to container,
> > > >         
> > > copy
> > >       
> > > > container to usb or email container.
> > > >         
> > > > On Thu, Oct 22, 2009 at 10:38 AM, Brian Schultz
> > > >         
> > > > theconqueror at gmail.com>wrote:
> > > >         
> > > > > Our security department is testing out Symantec's Vontu and I am
> > > > >           
> > > playing
> > >       
> > > > > the guinea pig and have to try and get documents out of our company's
> > > > >           
> > > > > environment. I have a really basic understanding of how it works. It
> > > > >           
> > > has a
> > >       
> > > > > span port sitting and listening to all outgoing web traffic and there
> > > > >           
> > > is
> > >       
> > > > > also an agent that sits on desktops and watches to see if any sensitive
> > > > >           
> > > > > information leaves via USB drive or e-mail.
> > > > >           
> > > > > Does anyone have any whitepapers or info regarding how it actually
> > > > >           
> > > works
> > >       
> > > > > or
> > > > >           
> > > > > any tactics I should try?
> > > > >           
> > > > > _______________________________________________
> > > > >           
> > > > > Pauldotcom mailing list
> > > > >           
> > > > > Pauldotcom at mail.pauldotcom.com
> > > > >           
> > > > > http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
> > > > >           
> > > > > Main Web Site: http://pauldotcom.com
> > > > >           
> >
> >     
> > > --
> > >       
> > > Sent from my mobile device
> > >       
> >
> >     
> > > - Chris Merkel
> > >       
> > > _______________________________________________
> > >       
> > > Pauldotcom mailing list
> > >       
> > > Pauldotcom at mail.pauldotcom.com
> > >       
> > > http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
> > >       
> > > Main Web Site: http://pauldotcom.com
> > >       
> >     
>
>   
Make the file > 30 MB and it won't scan it.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mail.pauldotcom.com/pipermail/pauldotcom/attachments/20091022/8c9b1aa0/attachment.htm