SLUG Mailing List Archives
Re: [SLUG] Data Leakage Prevention and Detection
- To: slug@xxxxxxxxxxx
- Subject: Re: [SLUG] Data Leakage Prevention and Detection
- From: "Kristian Erik Hermansen" <kristian.hermansen@xxxxxxxxx>
- Date: Mon, 11 Feb 2008 01:20:12 -0800
- Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:message-id:date:from:to:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; bh=HmNOZayZZXrZPAjvoMa82XDAonNd5LP+fw0KX3lAMbM=; b=qwVBGzhCvE98Y/uA6LwJNoAwL2bw2/Ozx8H8iTsY9W888EcCMf6jGBjWLt38Kn0O6O6SEu5e1DiD0maeVIJra+YgtC1MOyRMniQ5s6ZZZQzY/jg8koLQ0sjhi8mjkeH8oV90VPQias8I3Pkec7dLF03xCHOZhgUzt4yDLM27aPY=
- Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=message-id:date:from:to:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=r8uHu9jT5WN9SJzZWdLQ5JVQjVz94Dkjg4Ag6ritvywwW0hPP+SfDxuRhhbAaWP+rTenTtxo3X2Ff7u+fLEdka7StkRUIIdITwFpFM4cX9lPi7FnZfsGGnENX36jpkqmF2hxzCmZ2myVhLweGAolfoFgXEo8PodHmFbiYZdfOMU=
On Feb 11, 2008 1:11 AM, Jamie Wilkinson <jaq@xxxxxxxxxxxxxx> wrote:
> Application-aware firewalls are time consuming to develop, but I am
> concocting in my mind a tool that scans signatures out of all your
> documents, then has a tcpdump running on your firewall comparing traffic
> signatures -- sort of like snort, but in reverse -- and sending TCP RST to
> the sender if a violation was detected.
> I can also think of ways around it (SSL, for example, is a trivial
> workaround, so you'll need to also MITM all your users... a wildcard
> certificate ought to fool the client browsers).
> Do things like this really exist?? Well, I imagine Lotus Scrotes could,
> because the document never really leaves the database, but how would you
> build a system that reliably worked in a heterogenous environment like a
> small-medium office, that actually worked, and you could sell to people and
> still retain your soul?
Palo Alto Networks, a startup from ex-netscreen guys, seems to do
almost what you say. I almost worked for them...hrmm...maybe I should
have taken the job! The guy who wrote Linux Intrusion Detection
System (LIDS) works for them...
Kristian Erik Hermansen
"Know something about everything and everything about something."