[ZendTo] Re: Antwort: Re: Antwort: Re: Antwort: Re: Security Issue - Data Leakage Prevention

Jules Jules at Zend.To
Thu Mar 1 14:20:14 GMT 2012


It has to match the regexp to be allowed, so you would probably need to 
add a bit more code to block it if it matches another regexp, if the 
connection is coming from the "localIPSubnets" networks.

So you will need to write a bit of code and add a new setting in 
preferences.php, not just change a setting in there.

Does anyone else on the list need this feature too?
(When a drop-off comes from a localIPSubnet network and the user has not 
logged in, if the destination email matches a certain regexp then block 
the drop-off)

Please let me know if you folks need this feature! (Other than Patrick)

Jules.

On 01/03/2012 12:28, patrick.gaikowski at kaufland.com wrote:
>
> Do you have a hint for me how i can use for example the regex from 
> preferences to check against entered email, if the user is not logged in
>
> By the way, an email blacklisting is from my point of view not only a 
> request from me!
>
> Mit freundlichen Grüßen / Best regards
>
> Patrick Gaikowski
> Tel:     +49 7132 94 3568
> Fax:    +49 7132 94 73568
> E-Mail: patrick.gaikowski at kaufland.com
> KI 967850: IT International / IT Governance / Netzwerk Design und 
> IT-Sicherheit
> Office:
> Lindichstrasse 11
> D-74189 Weinsberg
>
>
>
> http://www.kaufland.de
> http://www.spannende-it.de
> Wir sind die Nr. 1:
> Kaufland ist "Bester Lebensmittelmarkt 2011"!
>
> Kaufland Informationssysteme GmbH & Co. KG
> Postfach 12 53 - 74149 Neckarsulm
> Kommanditgesellschaft
> Sitz: Neckarsulm
> Registergericht: Stuttgart HRA 104163
>
>
>
>
>
>     Inactive hide details for Jules ---01.03.2012 13:21:49---Jules
>     <Jules at zend.to>Jules ---01.03.2012 13:21:49---Jules <Jules at zend.to> 
>
>     *Jules <Jules at zend.to>*
>     Gesendet von: zendto-bounces at zend.to
>
>     01.03.2012 13:12
>         Bitte antworten an
>         ZendTo Users <zendto at zend.to> 
>
> 	
>
> 	
> ZendTo Users <zendto at zend.to>
>
> 	
>
> Thema
> 	
> [ZendTo] Re: Antwort: Re: Antwort: Re: Security Issue - Data Leakage 
> Prevention
>
> 	
>
>
> There is a setting in preferences.php called "emailDomainRegexp". This 
> must match any recipient address entered by a user who has not logged in.
>
> There are currently no IP-based filters to implement checks like "if 
> the user comes from this IP network, then they cannot send files to 
> this email domain".
>
> But if you want to implement it yourself, you have the source code and 
> the rights to be able to change it for your own purposes.
>
> I've never had any other request for something like this, so have no 
> plans to implement it myself.
>
> Jules.
>
> On 01/03/2012 11:27, _patrick.gaikowski at kaufland.com_ 
> <mailto:patrick.gaikowski at kaufland.com> wrote:
>
>
>     Hi Jules,
>
>     USB is prohibited in our company and Personal Network Storages
>     like dropbox etc. are blocked because of Contentfilter.
>
>     Users from company who have the right in LDAP should upload files
>     to anywhere they want. The is a workflow behind requesting this right.
>
>     But my focus is if a user has not the right for logging in. In
>     this case he makes a dropoff to his own address in company,
>     because Freemail addresses are also blocked because of Content Filter.
>
>     Is there a possibility to check the email in the verify.php if the
>     user is unregistered?
>
>     Mit freundlichen Grüßen / Best regards
>
>     Patrick Gaikowski
>     Tel:     +49 7132 94 3568
>     Fax:    +49 7132 94 73568
>     E-Mail: _patrick.gaikowski at kaufland.com_
>     <mailto:patrick.gaikowski at kaufland.com>
>     KI 967850: IT International / IT Governance / Netzwerk Design und
>     IT-Sicherheit
>     Office:
>     Lindichstrasse 11
>     D-74189 Weinsberg
>
>
>     _
>     __http://www.kaufland.de_ <http://www.kaufland.de/>_
>     __http://www.spannende-it.de_ <http://www.spannende-it.de/>
>     Wir sind die Nr. 1:
>     Kaufland ist "Bester Lebensmittelmarkt 2011"!
>
>     Kaufland Informationssysteme GmbH & Co. KG
>     Postfach 12 53 - 74149 Neckarsulm
>     Kommanditgesellschaft
>     Sitz: Neckarsulm
>     Registergericht: Stuttgart HRA 104163
>
>
>
>
>
>         Inactive hide details for Jules ---01.03.2012 12:22:00---Jules
>         <Jules at zend.to>Jules ---01.03.2012 12:22:00---Jules
>         _<Jules at zend.to>_ <mailto:Jules at zend.to>
>             *Jules **_<Jules at zend.to>_* <mailto:Jules at zend.to>
>             Gesendet von: _zendto-bounces at zend.to_
>             <mailto:zendto-bounces at zend.to>
>
>             01.03.2012 12:18
>
>             Bitte antworten an
>             ZendTo Users _<zendto at zend.to>_ <mailto:zendto at zend.to>
>
>         	
>         	
>         ZendTo Users _<zendto at zend.to>_ <mailto:zendto at zend.to>
>         	
>         Thema
>         	
>         [ZendTo] Re: Antwort: Re: Security Issue - Data Leakage
>         Prevention
>
>         	
>
>
>
>
>     On 01/03/2012 11:04, _patrick.gaikowski at kaufland.com_
>     <mailto:patrick.gaikowski at kaufland.com> wrote:
>
>         Hello Jules,
>
>         yes i mean someone working for my company.
>
>         My idea would be some kind of "blacklist" for email domains
>         used in unregistered dropoff. Is there a possibility to
>         implement it?
>     I don't quite see why this is only a problem with "unregistered
>     users", by which I guess you mean people from your own company who
>     haven't logged in?
>
>     People who have logged in will be able to do the same.
>
>     Note that ZendTo does log the IP address a drop-off came from, so
>     you would be able to see who had done it by looking through your logs.
>
>     Why doesn't the user just copy it onto a USB stick that they have
>     in their pocket? Surely that's simpler? Or upload it to any of the
>     various free cloud storage services there are (such as Dropbox,
>     Evernote, iCloud, SkyDrive, etc etc)?
>
>     Jules.
>
>
>         What other things can a do, not to prevent it completely, but
>         decrease the possibility.
>
>         Mit freundlichen Grüßen / Best regards
>
>         Patrick Gaikowski
>         Tel:     +49 7132 94 3568
>         Fax:    +49 7132 94 73568
>         E-Mail: _patrick.gaikowski at kaufland.com_
>         <mailto:patrick.gaikowski at kaufland.com>
>         KI 967850: IT International / IT Governance / Netzwerk Design
>         und IT-Sicherheit
>         Office:
>         Lindichstrasse 11
>         D-74189 Weinsberg
>
>         _
>         __
>         __http://www.kaufland.de_ <http://www.kaufland.de/>_
>         __http://www.spannende-it.de_ <http://www.spannende-it.de/>
>         Wir sind die Nr. 1:
>         Kaufland ist "Bester Lebensmittelmarkt 2011"!
>
>         Kaufland Informationssysteme GmbH & Co. KG
>         Postfach 12 53 - 74149 Neckarsulm
>         Kommanditgesellschaft
>         Sitz: Neckarsulm
>         Registergericht: Stuttgart HRA 104163
>
>
>
>
>             Inactive hide details for Jules ---01.03.2012
>             10:28:39---Jules <Jules at zend.to>Jules ---01.03.2012
>             10:28:39---Jules _<Jules at zend.to>_ <mailto:Jules at zend.to>
>                 *Jules **_<Jules at zend.to>_* <mailto:Jules at zend.to>
>                 Gesendet von: _zendto-bounces at zend.to_
>                 <mailto:zendto-bounces at zend.to>
>
>                 01.03.2012 10:25
>
>
>
>                 Bitte antworten an
>                 ZendTo Users _<zendto at zend.to>_ <mailto:zendto at zend.to>
>
>             	
>             	
>             ZendTo Users _<zendto at zend.to>_ <mailto:zendto at zend.to>
>             	
>             Thema
>             	
>             [ZendTo] Re: Security Issue - Data Leakage Prevention
>
>             	
>
>
>         By "unregistered user" do you mean someone who works for your
>         company? If so, ZendTo won't stop them stealing files from
>         your company. No-one can stop that unless you cavity search
>         your employees at the end of each working day.
>
>         Jules.
>
>         On 29/02/2012 17:06, _patrick.gaikowski at kaufland.com_
>         <mailto:patrick.gaikowski at kaufland.com> wrote:
>
>             Hallo Jules,
>
>             one of my colleagues pointed a scenario out where he could
>             upload a file to outside the company without rights to do it.
>
>             For us it is a big security issue!
>
>             1.) unregistered user clicks on Drop-Off and sends an
>             email to his company email address
>             2.) unregistered user uploads a file from company network
>             to his own company email address
>             3.) unregistered user forwards the upload information to
>             his private email address from Mail Client
>             4.) unregistered user Picks up the file from his private PC
>
>             My question is, if it is possible to exclude the company
>             email domains, like defined in preferences.conf, from
>             getting an upload link to corporate email without
>             Authorization?
>
>             Mit freundlichen Grüßen / Best regards
>
>             Patrick Gaikowski
>             Tel:     +49 7132 94 3568
>             Fax:    +49 7132 94 73568
>             E-Mail: _patrick.gaikowski at kaufland.com_
>             <mailto:patrick.gaikowski at kaufland.com>
>             KI 967850: IT International / IT Governance / Netzwerk
>             Design und IT-Sicherheit
>             Office:
>             Lindichstrasse 11
>             D-74189 Weinsberg_
>             __
>
>             __http://www.kaufland.de_ <http://www.kaufland.de/>_
>             __http://www.spannende-it.de_ <http://www.spannende-it.de/>
>             Wir sind die Nr. 1:
>             Kaufland ist "Bester Lebensmittelmarkt 2011"!
>
>             Kaufland Informationssysteme GmbH & Co. KG
>             Postfach 12 53 - 74149 Neckarsulm
>             Kommanditgesellschaft
>             Sitz: Neckarsulm
>             Registergericht: Stuttgart HRA 104163
>
>
>
>
>             _______________________________________________
>             ZendTo mailing list_
>             __ZendTo at zend.to_ <mailto:ZendTo at zend.to>_
>             __http://mailman.ecs.soton.ac.uk/mailman/listinfo/zendto_
>
>
>
>
>         Jules
>
>         -- 
>         Julian Field MEng CITP CEng_
>         __www.Zend.To_ <http://www.zend.to/>
>
>         Follow me at twitter.com/JulesFM
>         PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
>
>         'It's okay to live without all the answers' - Charlie Eppes, 2011
>         'All programs have a desire to be useful' - Tron, 1982
>         'That is the land of lost content,
>         I see it shining plain,
>         The happy highways where I went,
>         And cannot come again.' - A.E. Houseman
>         _______________________________________________
>         ZendTo mailing list_
>         __ZendTo at zend.to_ <mailto:ZendTo at zend.to>_
>         __http://mailman.ecs.soton.ac.uk/mailman/listinfo/zendto_
>
>
>         _______________________________________________
>         ZendTo mailing list_
>         __ZendTo at zend.to_ <mailto:ZendTo at zend.to>_
>         __http://mailman.ecs.soton.ac.uk/mailman/listinfo/zendto_
>     Jules
>
>     -- 
>     Julian Field MEng CITP CEng_
>     __www.Zend.To_ <http://www.zend.to/>
>
>     Follow me at twitter.com/JulesFM
>     PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
>
>     'It's okay to live without all the answers' - Charlie Eppes, 2011
>     'All programs have a desire to be useful' - Tron, 1982
>     'That is the land of lost content,
>     I see it shining plain,
>     The happy highways where I went,
>     And cannot come again.' - A.E. Houseman
>     _______________________________________________
>     ZendTo mailing list_
>     __ZendTo at zend.to_ <mailto:ZendTo at zend.to>_
>     __http://mailman.ecs.soton.ac.uk/mailman/listinfo/zendto_
>
>
>     _______________________________________________
>     ZendTo mailing list
>     _ZendTo at zend.to_ <mailto:ZendTo at zend.to>
>     _http://mailman.ecs.soton.ac.uk/mailman/listinfo/zendto_ 
>
>
> Jules
>
> -- 
> Julian Field MEng CITP CEng
> _www.Zend.To_ <http://www.zend.to/>
>
> Follow me at twitter.com/JulesFM
> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
>
> 'It's okay to live without all the answers' - Charlie Eppes, 2011
> 'All programs have a desire to be useful' - Tron, 1982
> 'That is the land of lost content,
> I see it shining plain,
> The happy highways where I went,
> And cannot come again.' - A.E. Houseman
> _______________________________________________
> ZendTo mailing list
> ZendTo at zend.to
> http://mailman.ecs.soton.ac.uk/mailman/listinfo/zendto
>
>
> _______________________________________________
> ZendTo mailing list
> ZendTo at zend.to
> http://mailman.ecs.soton.ac.uk/mailman/listinfo/zendto

Jules

-- 
Julian Field MEng CITP CEng
www.Zend.To

Follow me at twitter.com/JulesFM
PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654

'It's okay to live without all the answers' - Charlie Eppes, 2011
'All programs have a desire to be useful' - Tron, 1982
'That is the land of lost content,
  I see it shining plain,
  The happy highways where I went,
  And cannot come again.' - A.E. Houseman

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ecs.soton.ac.uk/pipermail/zendto/attachments/20120301/d9a836c9/attachment-0001.html 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: image/gif
Size: 105 bytes
Desc: not available
Url : http://mailman.ecs.soton.ac.uk/pipermail/zendto/attachments/20120301/d9a836c9/attachment-0002.gif 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: image/gif
Size: 45 bytes
Desc: not available
Url : http://mailman.ecs.soton.ac.uk/pipermail/zendto/attachments/20120301/d9a836c9/attachment-0003.gif 


More information about the ZendTo mailing list