Insider threat

How do you stop employees taking confidential information with them when you terminate their employment ,without annoying them so much that they do something stupid ? My thoughts follow . Classify information and label it . Store the classified data (eg customer list )in a system like a document management system or a database and restrict export functions. When terminating an employee remove access to these systems first . This may not be possible organisation wide (or you may be behind on this), so restricting USB devices via microsoft group policy , removing DVD/cd burners, restricting web based email may be necessary in some cases. DLP is only going to be useful if you know what data is confidential before hand so you can block it. However DLP could perform a role of a black box flight recorder helping you determine what has walked out the door and help you as an infosec pro quantify the extent of the problem. DLP has most benefit in stopping accidental leakage events or stupid attempts . The smart and determined will just print out the data or take a photo of it on the screen. But hey maybe the smart determined ones will still have a job ?

---- 
Sent using a Sony Ericsson videophone

Bad news for the economy good news for security

Well the world economy is in the toilet , this we know . However there is a silver lining to this for the security industry. Increased insider threat will push business cases for data leakage prevention solutions and increased associated services like computer forensics (think customer lists walking out the door to compettitors ). Information security will share the pain of large projects getting put on hold or not getting approval to start. Also for the professionals the amateurs will shake out as the pros refine their service offerings to meet the changed client needs while the amateurs get stuck in a downward spiral on rates on commodity services like infrastructure pen tests and "security reviews". Also consolidation will drive better services to the customer with larger providers being able to offer more of a" one stop shop "

---- 
Sent using a Sony Ericsson videophone

Academia and security

Meeting some academics today to see if we can place a student. Often they are interested in crypto and IDS. In the real world crypto is bought as a peer reviewed API and IDS is a rack mount appliance . The challenges in industry are funding, education and doing the boring but important things right like risk analysis , software QA ,secure configuration and compliance. Hey i do do some activities in web application security assessment that researchers would be familiar with, like basic cryptanalysis such as known cipher text attacks to break trivial "proprietary encryption algorythmns" that are really encoding and analysing the random ness of session ids.

---- 
Sent using a Sony Ericsson videophone

LC6 is coming!

wooo! I miss the LC. I'm kinda paranoid and like to crack passwords locally using rainbow tables I have generated rather than those web sites front ending rainbow tables.

I hope LC6 has some other password cracking functionality like VPN and WLAN pre-shared hashes and some more functionality for LANMAN hashes off the wire.