Security Basics mailing list archives
Re: Deny access to copy files
From: "Shreyas Zare" <shreyas () technitium com>
Date: Mon, 23 Jun 2008 22:23:49 +0530
Hi, It would be great if you point to some reference for this. Thanks in advance. Regards On Mon, Jun 23, 2008 at 10:21 PM, Michael P. Carter <mcarter () electracash com> wrote:
Do your research more deeply. Michael P. Carter Network Manager mcarter () electracash com 562-498-6888 -----Original Message----- From: Shreyas Zare [mailto:shreyas () technitium com] Sent: Monday, June 23, 2008 9:50 AM To: Michael P. Carter; security-basics () securityfocus com Subject: Re: Deny access to copy files Hi, I dont think software use copy method to do Save As. Once a program opens a file and reads data into a buffer its free to write that buffer anywhere it has access to. No need to use system copy functions. Regards, On Mon, Jun 23, 2008 at 9:58 PM, Michael P. Carter <mcarter () electracash com> wrote:Not so - any user denied permission to COPY will inherently be denied permission to Save As (that's a simple copy operation to a new location). Michael P. Carter Network Manager mcarter () electracash com 562-498-6888 -----Original Message----- From: Shreyas Zare [mailto:shreyas () technitium com] Sent: Friday, June 20, 2008 2:31 AM To: Michael P. Carter Cc: Atif Azim; GSO GSO; James Finnican; Kevin Ortloff; Ahmed Khalid; focus-ms () securityfocus com; security-basics () lists securityfocus com Subject: Re: Deny access to copy files Hi, Even if you have special COPY permission in NTFS, any user with READ access will open the file and just use Save As to save it anywhere, or just write a small code, possible in any programming language, to read file and write a new file. So COPY thing is useless, MS is intelligent enough. Regards, On Fri, Jun 20, 2008 at 12:39 AM, Michael P. Carter <mcarter () electracash com> wrote:Also, the NTFS permission READ will allow anyone with thatpermissiontoalso copy (the EXECUTE part allows them to launch the appropriate program to open the file), so the Windows permissions don't meetyoursecurity needs (it's something that we've been harassing Microsoftaboutfor more than a decade - separate permissions for READ and COPY)). Michael P. Carter Network Manager mcarter () electracash com 562-498-6888 -----Original Message----- From: listbounce () securityfocus com[mailto:listbounce () securityfocus com]On Behalf Of Atif Azim Sent: Wednesday, June 18, 2008 11:44 PM To: GSO GSO Cc: James Finnican; Kevin Ortloff; Ahmed Khalid; focus-ms () securityfocus com; security-basics () lists securityfocus com Subject: Re: Deny access to copy files Indeed a technical control is not the only thing you should belookingforward to in such a scenario.First, you need to set your policies straight and results for non-compliance leading to consequences for leaking intellectual property. When looking forward to technical controls, checkout McAfee Data loss Prevention (DLP).It addresses issues related to source code leakage as well. Go tohttp://www.mcafee.com/us/enterprise/products/data_loss_prevention/data_loss_prevention.html and also see the flash demo athttp://www.mcafee.com/us/local_content/demos/dlp_technical_demo/dlp_flash_demo.html Regards, Atif Azim On Wed, Jun 18, 2008 at 1:16 AM, GSO GSO <gso.gsecur () gmail com>wrote:DeviceLock is a great program. Besides the very granularpermissionlevels, I have also like the fact I can create temporary accesscodes.So if an individual needs access to a USB device for an hour orevena month, I can give it to them. B http://GovernmentSecurity.org On Tue, Jun 17, 2008 at 2:43 PM, James Finnican<jfinnica () bebe com>wrote:DeviceLock and, disable access to the internet with exception toaccepted resources, Wiki's subscribed sites. You can do this from IE directly or, configure it at the firewall if it allows.-----Original Message----- From: listbounce () securityfocus com[mailto:listbounce () securityfocus com] On Behalf Of Kevin OrtloffSent: Friday, June 13, 2008 9:31 AM To: Ahmed Khalid; focus-ms () securityfocus com Cc: security-basics () lists securityfocus com Subject: RE: Deny access to copy files If you don't mind spending a 2-3 thousand, there is a goodproductcalled ' DeviceLock '. This is a global policy enforcer that will restrict activates on USB, External Storage, etc, etc.. You can beveryspecific too like only a certain kind of thumb drive can be used byaparticular individual ( this allows you to control who has theabilityto even use an approved drive ). Or, maybe you only want read, butnowrite. You can do that too.Anyway, hope that helps. I'm sure there are other apps that candothis. I liked DeviceLock when I did my evals.-----Original Message----- From: listbounce () securityfocus com[mailto:listbounce () securityfocus com] On Behalf Of Ahmed KhalidSent: Sunday, June 01, 2008 11:20 AM To: focus-ms () securityfocus com Cc: security-basics () lists securityfocus com Subject: Deny access to copy files I am working for a software house, they are developing a softwareproduct and their requirement is to restrict programmers to take the code out of office premises due to company policy. I am trying to configure a windows based machine which denies access to copy filestoexternal storage devices connected to USB. There is an NTFSpermission"Read + Execute" I guess this could do the work but is there anyotherway to do it?They also don't need programmers to take the code with them intheiremail.I can restrict SMTP and POP ports but when it comes to web basedemails I am clueless, How can I restrict web based emails likehotmail,gmail, yahoo there are so many of these and if I somehow manage toblockall web based email sites someone can write a script to send emails,ifnot a script HTTP tunneling would bypass any checks and boundsdefinedby my proxy/gateway machine. How can I block such thing?Any help would be highly appreciated. Regards, Ahmed Khalid This email, its contents and attachments contain information fromj2Global Communications, Inc. and/or its affiliates which may be privileged, confidential or otherwise protected from disclosure. The information is intended to be for the addressee(s) only. If you arenotan addressee, any disclosure, copy, distribution, or use of thecontentsof this message is prohibited. If you have received this email inerrorplease notify the sender by reply e-mail and delete the originalmessageand any copies. j2 Global Communications. 6922 Hollywood Blvd., Hollywood, CA 90028.-- Security/Hacking Paper Contest Win $100 http://GovernmentSecurity.org-- ("There are only 10 kinds of people in this world: those who know binary and those who don't.") Shreyas Zare Co-Founder, Technitium eMail: shreyas () technitium com ..::< The Technitium Team >::.. Visit us at www.technitium.com Contact us at theteam () technitium com Technitium Personal Computers We believe in quality. Visit http://pc.technitium.com for details.-- ("There are only 10 kinds of people in this world: those who know binary and those who don't.") Shreyas Zare Co-Founder, Technitium eMail: shreyas () technitium com ..::< The Technitium Team >::.. Visit us at www.technitium.com Contact us at theteam () technitium com Technitium Personal Computers We believe in quality. Visit http://pc.technitium.com for details.
-- ("There are only 10 kinds of people in this world: those who know binary and those who don't.") Shreyas Zare Co-Founder, Technitium eMail: shreyas () technitium com ..::< The Technitium Team >::.. Visit us at www.technitium.com Contact us at theteam () technitium com Technitium Personal Computers We believe in quality. Visit http://pc.technitium.com for details.
Current thread:
- RE: Deny access to copy files, (continued)
- RE: Deny access to copy files Gillian Day (Jun 03)
- Re: Deny access to copy files Mark Dy-Ragos (Jun 03)
- RE: Deny access to copy files Mason, Samuel (Jun 09)
- RE: Deny access to copy files Kevin Ortloff (Jun 13)
- RE: Deny access to copy files James Finnican (Jun 17)
- Re: Deny access to copy files GSO GSO (Jun 17)
- Re: Deny access to copy files Atif Azim (Jun 19)
- RE: Deny access to copy files Michael P. Carter (Jun 19)
- Re: Deny access to copy files Shreyas Zare (Jun 20)
- Message not available
- Re: Deny access to copy files Shreyas Zare (Jun 23)
- Message not available
- Re: Deny access to copy files Shreyas Zare (Jun 23)
- Message not available
- Re: Deny access to copy files Shreyas Zare (Jun 24)
- Re: Deny access to copy files Ansgar -59cobalt- Wiechers (Jun 24)
- RE: Deny access to copy files James Finnican (Jun 17)
- Message not available
- Message not available
- Message not available
- Re: Deny access to copy files Shreyas Zare (Jun 24)
- Re: Deny access to copy files Jeremy Winder (Jun 24)
- Re: Re: Deny access to copy files Breno BF (Jun 03)
- Re: Deny access to copy files Al MailingList (Jun 11)
- RE: Deny access to copy files Craig Wright (Jun 12)