Home page logo

basics logo Security Basics mailing list archives

Re: Deny access to copy files
From: Ansgar -59cobalt- Wiechers <bugtraq () planetcobalt net>
Date: Mon, 2 Jun 2008 18:44:28 +0200

On 2008-06-01 Ahmed Khalid wrote:
I am working for a software house, they are developing a software
product and their requirement is to restrict programmers to take the
code out of office premises due to company policy. I am trying to
configure a windows based machine which denies access to copy files to
external storage devices connected to USB. There is an NTFS permission
"Read + Execute" I guess this could do the work but is there any other
way to do it? 

They also don't need programmers to take the code with them in their
email. I can restrict SMTP and POP ports but when it comes to web
based emails I am clueless, How can I restrict web based emails like
hotmail, gmail, yahoo there are so many of these and if I somehow
manage to block all web based email sites someone can write a script
to send emails, if not a script HTTP tunneling would bypass any checks
and bounds defined by my proxy/gateway machine. How can I block such

Any help would be highly appreciated.

If you can't trust your developers: fire them. Trying to restrict them
by enforcing policies is pointless. If they're unable to thwart whatever
measure you throw at them either their environment is too ristrictive
for them to be able to work efficiently (which is counter-productive for
the company), or they're incompetent (in which case you may want to find
someone better).

Ansgar Wiechers
"All vulnerabilities deserve a public fear period prior to patches
becoming available."
--Jason Coombs on Bugtraq

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]