mailing list archives
RE: Deny access to copy files
From: "Yahsodhan Deshpande" <yahsodhan.deshpande () nevisnetworks com>
Date: Mon, 2 Jun 2008 14:28:33 -0700
How about creating a virtual machine (which is hardened enough), and
then allow the access to the code only via the virtual machine.
Hardening the VM would be a task in itself, but it would solve much
of the issues related to USB and mass storage devices.
From: listbounce () securityfocus com [mailto:listbounce () securityfocus com]
On Behalf Of Adam Pal
Sent: Monday, June 02, 2008 1:15 PM
To: Ahmed Khalid
Cc: focus-ms () securityfocus com; security-basics () lists securityfocus com
Subject: Re: Deny access to copy files
Sounds more like you try washing your hands without getting wet :)
I can hardly imagine, that the programmers should be able to read but
not to copy, so if they need to programm they need access to the code.
I think its more frustrating for programmers to know that they have to
work with "handcuffs".
I think the problem lies much deeper :
do you trust your programmers?
If not, hire another, if yes, no such measurements needed, or better
say not more than written agreements about security policy.
About blocking web access:
As i can remember that one of the core problems of security is that
you cannot protect your data efficiently from attackers within the
I can remember about agreements which contain things like:
-not connecting mobile storage devices to the workstation (this can be
-not connecting mobile devices to the internal network (this can also
-not taking parts of code out of the company (which can also be
Of course, bad-intentioned people will be able to bypass such
agreements but i preffer to assume that in your staff are good people
One more - what about using interfaces for programming? Doing so,
every one holds only a small, unusable piece of the "puzzle".
Sunday, June 1, 2008, 8:20:25 PM, you wrote:
<==============Original message text===============
AK> I am working for a software house, they are developing a software
AK> and their requirement is to restrict programmers to take the code
AK> office premises due to company policy. I am trying to configure a
AK> based machine which denies access to copy files to external storage
AK> connected to USB. There is an NTFS permission "Read + Execute" I
AK> could do the work but is there any other way to do it?
AK> They also don't need programmers to take the code with them in their
AK> I can restrict SMTP and POP ports but when it comes to web based
emails I am
AK> clueless, How can I restrict web based emails like hotmail, gmail,
AK> there are so many of these and if I somehow manage to block all web
AK> email sites someone can write a script to send emails, if not a
AK> tunneling would bypass any checks and bounds defined by my
AK> machine. How can I block such thing?
AK> Any help would be highly appreciated.
AK> Ahmed Khalid
<===========End of original message text===========
RE: Deny access to copy files Gillian Day (Jun 03)
Re: Deny access to copy files Mark Dy-Ragos (Jun 03)
RE: Deny access to copy files Mason, Samuel (Jun 09)
RE: Deny access to copy files Kevin Ortloff (Jun 13)
- Re: Deny access to copy files, (continued)