Comments on: Preventing and Detecting Sensitive Data on P2P Networks http://www.tssci-security.com/archives/2007/07/29/preventing-and-detecting-sensitive-data-on-p2p-networks/ top secret/secure computing information Sat, 05 Jul 2008 20:28:24 +0000 http://wordpress.org/?v=2.2.3 By: LonerVamp http://www.tssci-security.com/archives/2007/07/29/preventing-and-detecting-sensitive-data-on-p2p-networks/#comment-1408 LonerVamp Mon, 30 Jul 2007 14:12:04 +0000 http://www.tssci-security.com/archives/2007/07/29/preventing-and-detecting-sensitive-data-on-p2p-networks/#comment-1408 There are exceptions, but it shouldn't be too difficult to say no P2P apps are allowed on company laptops. You can get centralized deployment/monitoring solutions (like Altiris) to report on not just every piece of software installed, but even every executable run. Of course, then you have to have people watching those logs on a regular basis and reviewing them. You can't have little alerts that miss when I rename a P2P app to something else innocuous like cmd.exe.... I think a lot of people want automation in these things, but there comes a time when you simply cannot replace an analyst. There are exceptions, but it shouldn’t be too difficult to say no P2P apps are allowed on company laptops. You can get centralized deployment/monitoring solutions (like Altiris) to report on not just every piece of software installed, but even every executable run.

Of course, then you have to have people watching those logs on a regular basis and reviewing them. You can’t have little alerts that miss when I rename a P2P app to something else innocuous like cmd.exe….

I think a lot of people want automation in these things, but there comes a time when you simply cannot replace an analyst.

]]> By: Marcin http://www.tssci-security.com/archives/2007/07/29/preventing-and-detecting-sensitive-data-on-p2p-networks/#comment-1407 Marcin Mon, 30 Jul 2007 13:30:46 +0000 http://www.tssci-security.com/archives/2007/07/29/preventing-and-detecting-sensitive-data-on-p2p-networks/#comment-1407 Hey Alan. It's true something is better than nothing, but I've seen (I was the one who did it) how easy it is to bypass all kinds of network and endpoint security restrictions in place to get p2p apps working on a employee laptop. The problem is there are sensitive government files on p2p networks. Whether there are p2p apps on the LAN is another issue that NAC and IDS' do help to resolve. Hey Alan. It’s true something is better than nothing, but I’ve seen (I was the one who did it) how easy it is to bypass all kinds of network and endpoint security restrictions in place to get p2p apps working on a employee laptop.

The problem is there are sensitive government files on p2p networks. Whether there are p2p apps on the LAN is another issue that NAC and IDS’ do help to resolve.

]]> By: alan shimel http://www.tssci-security.com/archives/2007/07/29/preventing-and-detecting-sensitive-data-on-p2p-networks/#comment-1405 alan shimel Mon, 30 Jul 2007 12:28:40 +0000 http://www.tssci-security.com/archives/2007/07/29/preventing-and-detecting-sensitive-data-on-p2p-networks/#comment-1405 Hi - in regard to the comment, my article said NAC is one way of dealing with this. It is not meant to be comprehensive. You can have IPS block p2p traffic. Also, NAC can test for p2p from home devices if they are getting on the lan. You can have other endpoint security as well. The bottom line is that I think p2p apps are on govt owned devices in the lan and this can be dealt with. Something is better then nothing here. Hi - in regard to the comment, my article said NAC is one way of dealing with this. It is not meant to be comprehensive. You can have IPS block p2p traffic. Also, NAC can test for p2p from home devices if they are getting on the lan. You can have other endpoint security as well. The bottom line is that I think p2p apps are on govt owned devices in the lan and this can be dealt with. Something is better then nothing here.

]]>