Home page logo

fulldisclosure logo Full Disclosure mailing list archives

Re: blocking Google Desktop
From: gboyce <gboyce () badbelly com>
Date: Sat, 11 Feb 2006 18:52:08 -0500 (EST)

On Sun, 12 Feb 2006, Nick FitzGerald wrote:

Go to HR, explain that the new security policy about not running Google
Desktop is make-or-break and explain why.  To achieve this you may need
higher-level management buy-in, so hopefully you can threaten exposure
under HIPAA, Sarbanes-Oxley or some such _IF_ the policy is ever
breached.  Make it a matter of "if our IDS sees traffic from your
machine to desktop.google.com (or whatever) its an automatic HR
warning", and then let your standard (two, three, whatever strikes and
you're out) HR policy deal with enforcement.

Yes. And one of the prerequisites to this is the ability to monitor and detect this type of traffic.

Which was the reason for my response to J.A.'s e-mail.

Greg Boyce
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]