Home page logo
/

basics logo Security Basics mailing list archives

Re: Data Theft
From: John Morrison <john.morrison101 () gmail com>
Date: Thu, 27 May 2010 12:30:31 +0100

Both McAfee and Novell have solutions that integrate with other
products to reduce operational costs and that work with a range of
operating systems and software (Linux, Windows, etc). These tend to
work better than ones that force you to use a single supplier's view
of the world.

McAfee have DLP-specific products - Network DLP, endpoint DLP

Novell have a range of security products - ZENworks Endpoint Security
Management, Identity and Security (in particular Compliance)

Search for
        informationweek 203101059 and see the article with this number
(Time To Take Action Against Data Loss)



On 26 May 2010 03:44, Sumeet Narula <sumeet.narula () gmail com> wrote:
Thanks for your help

Sumeet Narula, CEO
Comsquare Networks India Pvt Ltd.

-----Original Message-----
From: Dennis Li [mailto:dennis.li.sh () gmail com]
Sent: 26 May 2010 07:18
To: Sumeet Narula
Cc: security-basics () securityfocus com
Subject: Re: Data Theft

Hi,

The full solution would be the following steps, you shall consider the
management and tool both to mitigate the risk:

1. Identify what information is sensitive to your company and classify them;
2. assign responsiblities to the owner, custodian and user of the
information. The example of owner's responsibilities as below:
a. define the classification of the information
b. define who can access those information by default
c. define the application and approval procedure if others want to
access infomation
d. define the delivery, retention and storage requirement for those
classified information.

3. And CEO/CIO shall assign the sercurity officer to be responsible
for defining security pollicies, conduct security audit regularly

4. Define the access control policies based on the clause b in section
2 mentioned above.

5. Find a proper DLP tool to deploy. The best commercial tool is
Symantec DLP, the best one based Garner magic quadrant (other tool
vendor include EMC, Websense, RSA, etc).

6. Define the policies of the DLP tool based on the access control
policy and access list generated during step 1 to 4.


Please be aware,  DLP tool is after-event prevention solution. It
means, only somebody is trying to steal your information then DLP tool
can identify, log, warn and prevent the action. The tool cannot
prevent all leakage channels. The steps 1 - 4 are security policies to
mitigate the risk prior to the case really happens by clarifying
security responsibilities and access control policies.

If you need more detailed information, don't hesitate to contact me.

Dennis Li


On Fri, May 21, 2010 at 3:17 PM, Sumeet Narula <sumeet.narula () gmail com>
wrote:
we are looking for any software/firewall solution.

which  prevent the user(user is not under domain) from copying the data
from
PC/laptop to Pen drive/mail the data as an attachment.

actually our main concern is to prevent the data theft from our office
PCs(suggest if you have some other other solution).

we require this for at least 5-10 PCs.---------


------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL
certificate.  We look at how SSL works, how it benefits your company and how
your customers can tell if a site is secure. You will find out how to test,
purchase, install and use a thawte Digital Certificate on your Apache web
server. Throughout, best practices for set-up are highlighted to help you
ensure efficient ongoing management of your encryption keys and digital
certificates.


http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727
d1
------------------------------------------------------------------------




------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate.  We look at how SSL works, 
how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, 
purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for 
set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital 
certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------



------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate.  We look at how SSL works, how 
it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, 
install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are 
highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]