[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Full-disclosure] protecting yourself from DLP
- To: full-disclosure@xxxxxxxxxxxxxxxxx
- Subject: [Full-disclosure] protecting yourself from DLP
- From: "Kyle C. Quest" <kyle.c.quest@xxxxxxxxx>
- Date: Fri, 25 Jul 2008 11:39:36 -0400
I know lots of people these days are preoccupied with the latest DNS
soap opera, so you might not have time for something else, but if you
do you might find this interesting (that is if you care about the
subject :-))...
DLP is one of those new things coming to networks and desktops near
you :-))) It's slowly taking its place in the corporate environments.
Just like with A/V if your job involves doing a lot of research DLP
might get in the way (it's not exactly fun when your tools, packet
captures, or documents all of a sudden disappear or you don't have
access to them anymore :-)).
For one of my research projects I created a proof of concept for an
Anti DLP Kit. Test results have been quite interesting; however,
because I don't have access to all DLP products it's hard to get a
full picture... The main target of the research is the host-based DLP
systems even though the Anti DLP Kit also helps you negate
network-based DLP solutions.
If there are anybody with access to host-based DLP systems and a
desire to experiment you can download the application here (
http://www.unital.com/research/adk.zip ) and if, for some reason the
link gets lost, email me and I'll provide you with the application. In
case you'd like to stay incognito just search for the "Quest On
Security" blog.
The feature to test is the "XRAY mode" that can let you access files
that DLP would otherwise block. If there are any comments, test
results, or requests you'd like to share send them to me. If not...
have a nice day :-)
Kyle
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/