[EMAIL PROTECTED] wrote:
> "Ali, Saqib" writes:
> -+------------------
>
> | Hi Dan,
> |
> | > In my view, The Answer is a Reference Monitor in the
> | > good old Orange Book sense. As it happens, that is
> | > why we make at Verdasys, a RefMon implemented as a
> | > data-surveillance rootkit.
> |
> | >From my brief visit to the Verdasys website, it seems to me that
> | solution provided by Verdasys is very similar to solution provided by
> | Vontu. Can you please elaborate on how Verdasys' solution differs from
> | Vontu's
> |
> | And if in fact both solutions are similar, why does Gartner love Vontu
> | but hates Verdasys?
> |
>
>
> Vontu listens on the wire and attempts to decide if
> important stuff is leaving the enterprise. Very
> nearly useless, in my view, as you can defeat content
> inspection with Pig Latin not to mention crypto, and
> the best way to leave with data is, say, with a USB
> token. Put differently, content inspection works if
> your opponent is an idiot or does not care that you
> are watching. While perhaps 70% of all data loss
> is due to idiots, I challenge anyone to show that
> data loss that matters includes data loss by idiots.
Well, while I in general agree, alas your trust in idiots not
leaking important stuff is a bit misplaced in the real world.
Without naming names, there have been cases which I am personally
aware of that an "idiot" caused a major leak, to the tune of
hundreds of thousands of private and sensitive data which can be,
and in once case was, used in identity theft.
The most important part of the "idiot" scenario is that the
people are not truly idiots, they just are not as smart as you
are about computer risks. But, then, are you a skilled brain
surgeon?
It feels odd to be standing up for "idiots," it's a dirty job,
but I guess someone has to do it.
Far better to think that they are a lot like my just now 14 year
old daughter who got a MacBook this morning for her birthday.
She's quite savvy about computers in general. She's been using
one for at least 4 years, Linux based the last 2. The first thing
she did (now this shows smarts!) was ask if she could turn it on.
She did and we went through the setup process - hate automated
scripts with no opt out points - and it included setting up a
wireless. Well, clueless me, I *know* that I don't have wireless
turned on on my LAN, but I forgot to think about all the *other*
neighbors who do. So, of course she was going to connect to the
first one on the list. Well, why not? She's not an educated tech
person, she's an actress, singer, soccer player, and all around
good kid, or at least that what other parents tells. At home
she's invaded by aliens and...; I'll let your imaginations work
on this a bit.
Anyway I remembered the name of the FreeLan connection locally
and had her connect to that so she was on the net about 5 minutes
after turning it on! Does she know enough to protect herself?
Nope. So now I've got to set up protection for her.
Oh, because she's only 14, she doesn't get to carry it around
until next year when she enters high school. At least this way
she won't do what numerous people working in high powered jobs
have done, left it behind when distracted.
> Verdasys Digital Guardian is a desktop agent that
> code injects *every* (every) facility that handles
> data.
I don't understand what you mean by "injects." Could you explain
this, please?
> Nothing (nothing) moves without being seen.
> What you do with it is determined by the rules you
> configure, rules that are extraordinarily context
> sensitive ("Dan's removable media are read-only
> whenever the corporate HR database is open" -- say).
> There is a substantial forensics back end, and the
> ability to do nearly anything including full stealth.
> DG is an oxy-acetylene cutting torch compared to
> the content inspector's paper matches. And, as a
> side effect, if you choose to record every movement
> of data you can actually prove a negative ("Dan did
> not leak this"), which is useful since every
> regulatory agency seems to want that, and proving
> a negative is scientifically impossible without
> total catchment.
If you truly believe you can prove a negative that is conclusive
then you have missed your true calling. You should be a lawyer
defending the wrongly convicted who are sitting in prisons and on
death rows all across this country today.
Until you can *guarantee* that you know *all* the evidence, it is
just not possible to prove a negative as you first have to prove
the positive that you know *all* there is to know about *all*
possible covert channels and how they could be made to work in a
locked down environment. Then add in the concept of "perfect
code" and we have too many questions to blindly accept this
assertion.
I most certainly don't dispute your basic point that blindly
following Gartner or other "trusted" sources is just plainly an
idiotic approach, however.
As to references for background reading, please forward me the
links or copy. I'm not proud, I *know* I don't know, and that is
about as far as I can go in proving a negative.
Best,
Allen
_______________________________________________
FDE mailing list
[email protected]
http://www.xml-dev.com/mailman/listinfo/fde
