Home page logo

basics logo Security Basics mailing list archives

RES: Deny access to copy files
From: "Gilberto Fernandes" <gilberto () gastecnologia com br>
Date: Mon, 2 Jun 2008 16:23:51 -0300

Hi man

I do not know how the structure of directories and files and who are the
creators of these, you can use more native EFS in Windows. 
Thus only managed to manipulate the files their owners. Regarding use of
PenDrive, you can use GPO's windows to deny access to PenDrive, or even use
programs that monitor the use of USB ports.



-----Mensagem original-----
De: listbounce () securityfocus com [mailto:listbounce () securityfocus com] Em
nome de Ansgar -59cobalt- Wiechers
Enviada em: segunda-feira, 2 de junho de 2008 13:44
Para: security-basics () securityfocus com
Assunto: Re: Deny access to copy files

On 2008-06-01 Ahmed Khalid wrote:
I am working for a software house, they are developing a software
product and their requirement is to restrict programmers to take the
code out of office premises due to company policy. I am trying to
configure a windows based machine which denies access to copy files to
external storage devices connected to USB. There is an NTFS permission
"Read + Execute" I guess this could do the work but is there any other
way to do it? 

They also don't need programmers to take the code with them in their
email. I can restrict SMTP and POP ports but when it comes to web
based emails I am clueless, How can I restrict web based emails like
hotmail, gmail, yahoo there are so many of these and if I somehow
manage to block all web based email sites someone can write a script
to send emails, if not a script HTTP tunneling would bypass any checks
and bounds defined by my proxy/gateway machine. How can I block such

Any help would be highly appreciated.

If you can't trust your developers: fire them. Trying to restrict them
by enforcing policies is pointless. If they're unable to thwart whatever
measure you throw at them either their environment is too ristrictive
for them to be able to work efficiently (which is counter-productive for
the company), or they're incompetent (in which case you may want to find
someone better).

Ansgar Wiechers
"All vulnerabilities deserve a public fear period prior to patches
becoming available."
--Jason Coombs on Bugtraq

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]