PaulDotCom mailing list archives
Bypassing Vontu
From: rgula at tenablesecurity.com (Ron Gula)
Date: Thu, 22 Oct 2009 12:09:49 -0400
Brian Schultz wrote:
Our security department is testing out Symantec's Vontu and I am playing the guinea pig and have to try and get documents out of our company's environment. I have a really basic understanding of how it works. It has a span port sitting and listening to all outgoing web traffic and there is also an agent that sits on desktops and watches to see if any sensitive information leaves via USB drive or e-mail. Does anyone have any whitepapers or info regarding how it actually works or any tactics I should try?
Keep in mind the general consensus on DLP is that they stop/detect "simple" leakage, which can be a real threat if you have uneducated users who are doing things like emailing customer lists to their hotmail account. However, to show that this indeed can be bypassed: Try to send some attachments that are: - zipped and password protected - PDFs with a password - screen shots of spreadsheets, docs, .etc - PGP an attachment (use AxCyrpt, or any other "free" crypt tool) Also try send an attachment/email : - to gmail - to hotmail - post a doc to facebook - send it via IM to a buddy using an encrypted client - if you have comcast or timewarner, most email is encrypted over SSL/TLS I'm sure there are lots more ideas out here. -- Ron Gula, CEO Tenable Network Security
Current thread:
- Bypassing Vontu, (continued)
- Bypassing Vontu James Costello (Oct 22)
- Bypassing Vontu Michael Boyd (Oct 22)
- Bypassing Vontu Jason Jones (Oct 22)
- Bypassing Vontu Dan Baxter (Oct 22)
- Bypassing Vontu Nathan Sweaney (Oct 22)
- Bypassing Vontu PJ McGarvey (Oct 22)
- Bypassing Vontu Michael Dickey (Oct 22)
- Bypassing Vontu Robin Wood (Oct 22)
- Bypassing Vontu Chris Merkel (Oct 22)
- Bypassing Vontu Jim Halfpenny (Oct 22)
- Bypassing Vontu Ron Gula (Oct 22)
- Bypassing Vontu Raffi Jamgotchian (Oct 22)
- Bypassing Vontu Allen Deryke (Oct 22)
- Bypassing Vontu John Strand (Oct 22)
- Bypassing Vontu xgermx (Oct 22)
- Bypassing Vontu Chris Merkel (Oct 22)
- Bypassing Vontu johnemiller at gmail.com (Oct 22)
- Bypassing Vontu John Strand (Oct 22)
- Bypassing Vontu Chris Merkel (Oct 22)
- Bypassing Vontu Justin Andrusk (Oct 22)
- Bypassing Vontu Chris Merkel (Oct 22)
- Bypassing Vontu Dan McGinn-Combs (Oct 22)