RE: Data Theft



Thanks for your help

Sumeet Narula, CEO
Comsquare Networks India Pvt Ltd.

-----Original Message-----
From: Dennis Li [mailto:dennis.li.sh@xxxxxxxxx]
Sent: 26 May 2010 07:18
To: Sumeet Narula
Cc: security-basics@xxxxxxxxxxxxxxxxx
Subject: Re: Data Theft

Hi,

The full solution would be the following steps, you shall consider the
management and tool both to mitigate the risk:

1. Identify what information is sensitive to your company and classify them;
2. assign responsiblities to the owner, custodian and user of the
information. The example of owner's responsibilities as below:
a. define the classification of the information
b. define who can access those information by default
c. define the application and approval procedure if others want to
access infomation
d. define the delivery, retention and storage requirement for those
classified information.

3. And CEO/CIO shall assign the sercurity officer to be responsible
for defining security pollicies, conduct security audit regularly

4. Define the access control policies based on the clause b in section
2 mentioned above.

5. Find a proper DLP tool to deploy. The best commercial tool is
Symantec DLP, the best one based Garner magic quadrant (other tool
vendor include EMC, Websense, RSA, etc).

6. Define the policies of the DLP tool based on the access control
policy and access list generated during step 1 to 4.


Please be aware, DLP tool is after-event prevention solution. It
means, only somebody is trying to steal your information then DLP tool
can identify, log, warn and prevent the action. The tool cannot
prevent all leakage channels. The steps 1 - 4 are security policies to
mitigate the risk prior to the case really happens by clarifying
security responsibilities and access control policies.

If you need more detailed information, don't hesitate to contact me.

Dennis Li


On Fri, May 21, 2010 at 3:17 PM, Sumeet Narula <sumeet.narula@xxxxxxxxx>
wrote:
we are looking for any software/firewall solution.

which  prevent the user(user is not under domain) from copying the data
from
PC/laptop to Pen drive/mail the data as an attachment.

actually our main concern is to prevent the data theft from our office
PCs(suggest if you have some other other solution).

we require this for at least 5-10 PCs.---------


------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL
certificate.  We look at how SSL works, how it benefits your company and how
your customers can tell if a site is secure. You will find out how to test,
purchase, install and use a thawte Digital Certificate on your Apache web
server. Throughout, best practices for set-up are highlighted to help you
ensure efficient ongoing management of your encryption keys and digital
certificates.


http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727
d1
------------------------------------------------------------------------




------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------



Relevant Pages

  • Re: Data Theft
    ... for defining security pollicies, conduct security audit regularly ... Define the access control policies based on the clause b in section ... Find a proper DLP tool to deploy. ...
    (Security-Basics)
  • Re: Data Theft
    ... Novell have a range of security products - ZENworks Endpoint Security ... Define the access control policies based on the clause b in section ... Find a proper DLP tool to deploy. ... Securing Apache Web Server with thawte Digital Certificate ...
    (Security-Basics)
  • HTML: Bioscrypt
    ... verification technology for commercial applications including access control, ... f_move2cart_form_alias1('22091', true, 'There is a missing required Option. ... Add Biometric Security to Your Existing Security System in a Snap"><h4 ... This reader eliminates the need for PINs, ...
    (alt.security.alarms)
  • Re: (Security Regression Testsuites)Request for comments
    ... The security subsystem in FreeBSD is large, which area deserves a testsuite in higher priority. ... the real policies implement the desired access control. ... Add a set of user space tests to confirm that audit record preselection is ...
    (FreeBSD-Security)
  • [TOOL] Rule Set Based Access Control (RSBAC) for Linux
    ... The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com ... and no existing access control code has ... RC, ACL. ... to the target to be accessed. ...
    (Securiteam)