Main
Codex
Librarium Whitehat
Advisories
Blog Pics
"Inveniam viam aut faciam" : I will either find a way, or I shall make one

Adeptus-Mechanicus - BlogMe


The right tool

I have recently being reminded that putting in a solution is not the same as putting in the right solution. In one company a risk was identified as data leakage, so they wanted a DLP solution. Nothing out of ordinary so far. Except that some people decided to use Safeguard PortProtector / DataExchange to accomplish this.

I have nothing against the product, it does what it is designed to do well. But what it is designed for is an active user-participation encryption mechanism for sharing files on portable media, NOT as a DLP solution. But regardless the solution was rolled out. within the first day, multiple “workarounds” had been discovered;

-Create a truecrypt file container at home (unecrypted), mount it at workplace and copy files in and out without the files or the container being encrypted.

-Use a separate machine without safeguard (like a test bench linux box), transfer files across the network to machine (unencrypted) and transfer there

-Use a vmware player instance since it will mount the usb device before safeguard grabs it and you can transfer files without encryption

Let me repeat, none of these are problems which are the fault of the Safeguard product, it was not designed for this. But because it was implemented poorly, this company now has these gaping holes in what it considers it’s DLP solution.

The blind leading the blind through traffic…

Published by erich, on May 18th, 2011 at 3:14 am. Filled under: GeneralNo Comments

No comments yet.

Leave a Reply