Tugger the SLUGger!SLUG Mailing List Archives

Re: [SLUG] Data Leakage Prevention and Detection

On Feb 11, 2008 1:11 AM, Jamie Wilkinson <jaq@xxxxxxxxxxxxxx> wrote:
> Application-aware firewalls are time consuming to develop, but I am
> concocting in my mind a tool that scans signatures out of all your
> documents, then has a tcpdump running on your firewall comparing traffic
> signatures -- sort of like snort, but in reverse -- and sending TCP RST to
> the sender if a violation was detected.
> I can also think of ways around it (SSL, for example, is a trivial
> workaround, so you'll need to also MITM all your users... a wildcard
> certificate ought to fool the client browsers).
> Do things like this really exist??  Well, I imagine Lotus Scrotes could,
> because the document never really leaves the database, but how would you
> build a system that reliably worked in a heterogenous environment like a
> small-medium office, that actually worked, and you could sell to people and
> still retain your soul?

Palo Alto Networks, a startup from ex-netscreen guys, seems to do
almost what you say.  I almost worked for them...hrmm...maybe I should
have taken the job!  The guy who wrote Linux Intrusion Detection
System (LIDS) works for them...
Kristian Erik Hermansen
"Know something about everything and everything about something."