Re: [SLUG] Data Leakage Prevention and Detection

[Jamie Wilkinson <jaq@xxxxxxxxxxxxxx>]

This one time, at band camp, Ricky wrote:
>- first, you classify data Eg.engineering.doc is commercially sensitive or
>customer_creditcard.xls is personal privacy
>- setup rules in your DLP, likely to be an appliance box sitting behind the
>firewall
>- stops data from going out the LAN

Application-aware firewalls are time consuming to develop, but I am
concocting in my mind a tool that scans signatures out of all your
documents, then has a tcpdump running on your firewall comparing traffic
signatures -- sort of like snort, but in reverse -- and sending TCP RST to
the sender if a violation was detected.

I can also think of ways around it (SSL, for example, is a trivial
workaround, so you'll need to also MITM all your users... a wildcard
certificate ought to fool the client browsers).

Do things like this really exist??  Well, I imagine Lotus Scrotes could,
because the document never really leaves the database, but how would you
build a system that reliably worked in a heterogenous environment like a
small-medium office, that actually worked, and you could sell to people and
still retain your soul?