Re: Floppy / CD Access Control and Authertication

From: Ian Kelly (E2chameleon@btopenworld.com)
Date: 07/22/02 

From: "Ian Kelly" <E2chameleon@btopenworld.com>
Date: Mon, 22 Jul 2002 18:18:57 +0000 (UTC)

Cheers Nick,

I've seen systems implemented as deterrents before because management wanted
tools in place even though they could be circumvented. Not the ideal
solution but that's management for you.

Thanks again for you input.

Ian.

"Nick Hilliard" <nick@foobar#delete2email#.org> wrote in message
news:i1G_8.3841$zX3.3051@news.indigo.ie...
> Ian Kelly wrote:
> > Unfortunately this sort of solution is available in email and Internet
> > content security products but it would appear not in local PC products.
As
> > with many problems it is indeed a social one, but most other problems of
> > this type do tend to have a technical solution.
>
> Let me be more careful in my answer then. You could theoretically find
some way
> of not copying certain types of files to certain types of media by
carefully
> hooking into system calls of various types, depending on what operating
system
> you were using. Or you could replace certain commands with certain other
types
> of commands (which wouldn't stop your users from using their own working
> commands). Hooking sanely into file read/write system calls is
non-trivial, in
> addition to which circumventing these checks is generally entirely
trivial.
>
> Email systems and other single data delivery channel systems are
relatively easy
> to guard to the limited extent to which they work. But even with these
systems,
> you're simply not going to catch someone who is even remotely determined
to
> bypass them. Calling them a "solution" is little more than vapid
sales-talk: in
> reality they are an n% hack, where n is not necessarily very high. You'll
> probably catch dolts, but nothing more than that.
>
> Nick
>