[ZendTo] Re: Antwort: Re: Antwort: Re: Antwort: Re: Security Issue - Data Leakage Prevention
Elston, Ian
I.Elston at bolton.ac.uk
Thu Mar 1 14:35:27 GMT 2012
> Does anyone else on the list need this feature too?
> (When a drop-off comes from a localIPSubnet network and the user has not logged in,
> if the destination email matches a certain regexp then block the drop-off)
It seems a bit futile to me. Unless I've misread it, the proposed change would allow me to block drop-offs to certain mail domains from local users?
What's to stop someone at the blocked end creating a free Yahoo/Google/Live address? Or post them a USB/CD/Paper copy? If someone INSIDE is determined to get information to someone OUTSIDE then they will find a way to do it.
Ian
------------------------------------------------------------------------------
Ian Elston
Networks & Developments
The University of Bolton
http://www.bolton.ac.uk
-----Original Message-----
From: zendto-bounces at zend.to [mailto:zendto-bounces at zend.to] On Behalf Of Jules
Sent: 01 March 2012 14:20
To: ZendTo Users
Subject: [ZendTo] Re: Antwort: Re: Antwort: Re: Antwort: Re: Security Issue - Data Leakage Prevention
It has to match the regexp to be allowed, so you would probably need to add a bit more code to block it if it matches another regexp, if the connection is coming from the "localIPSubnets" networks.
So you will need to write a bit of code and add a new setting in preferences.php, not just change a setting in there.
Does anyone else on the list need this feature too?
(When a drop-off comes from a localIPSubnet network and the user has not logged in, if the destination email matches a certain regexp then block the drop-off)
Please let me know if you folks need this feature! (Other than Patrick)
Jules.
On 01/03/2012 12:28, patrick.gaikowski at kaufland.com wrote:
Do you have a hint for me how i can use for example the regex from preferences to check against entered email, if the user is not logged in
By the way, an email blacklisting is from my point of view not only a request from me!
Mit freundlichen Grüßen / Best regards
Patrick Gaikowski
Tel: +49 7132 94 3568
Fax: +49 7132 94 73568
E-Mail: patrick.gaikowski at kaufland.com
KI 967850: IT International / IT Governance / Netzwerk Design und IT-Sicherheit
Office:
Lindichstrasse 11
D-74189 Weinsberg
http://www.kaufland.de
http://www.spannende-it.de
Wir sind die Nr. 1:
Kaufland ist "Bester Lebensmittelmarkt 2011"!
Kaufland Informationssysteme GmbH & Co. KG
Postfach 12 53 - 74149 Neckarsulm
Kommanditgesellschaft
Sitz: Neckarsulm
Registergericht: Stuttgart HRA 104163
Inactive hide details for Jules ---01.03.2012 13:21:49---Jules <Jules at zend.to>Jules ---01.03.2012 13:21:49---Jules <Jules at zend.to> <mailto:Jules at zend.to>
Jules <Jules at zend.to> <mailto:Jules at zend.to>
Gesendet von: zendto-bounces at zend.to
01.03.2012 13:12
Bitte antworten an
ZendTo Users <zendto at zend.to> <mailto:zendto at zend.to>
ZendTo Users <zendto at zend.to> <mailto:zendto at zend.to>
Thema
[ZendTo] Re: Antwort: Re: Antwort: Re: Security Issue - Data Leakage Prevention
There is a setting in preferences.php called "emailDomainRegexp". This must match any recipient address entered by a user who has not logged in.
There are currently no IP-based filters to implement checks like "if the user comes from this IP network, then they cannot send files to this email domain".
But if you want to implement it yourself, you have the source code and the rights to be able to change it for your own purposes.
I've never had any other request for something like this, so have no plans to implement it myself.
Jules.
On 01/03/2012 11:27, patrick.gaikowski at kaufland.com <mailto:patrick.gaikowski at kaufland.com> wrote:
Hi Jules,
USB is prohibited in our company and Personal Network Storages like dropbox etc. are blocked because of Contentfilter.
Users from company who have the right in LDAP should upload files to anywhere they want. The is a workflow behind requesting this right.
But my focus is if a user has not the right for logging in. In this case he makes a dropoff to his own address in company, because Freemail addresses are also blocked because of Content Filter.
Is there a possibility to check the email in the verify.php if the user is unregistered?
Mit freundlichen Grüßen / Best regards
Patrick Gaikowski
Tel: +49 7132 94 3568
Fax: +49 7132 94 73568
E-Mail: patrick.gaikowski at kaufland.com <mailto:patrick.gaikowski at kaufland.com>
KI 967850: IT International / IT Governance / Netzwerk Design und IT-Sicherheit
Office:
Lindichstrasse 11
D-74189 Weinsberg
http://www.kaufland.de <http://www.kaufland.de/>
http://www.spannende-it.de <http://www.spannende-it.de/>
Wir sind die Nr. 1:
Kaufland ist "Bester Lebensmittelmarkt 2011"!
Kaufland Informationssysteme GmbH & Co. KG
Postfach 12 53 - 74149 Neckarsulm
Kommanditgesellschaft
Sitz: Neckarsulm
Registergericht: Stuttgart HRA 104163
Inactive hide details for Jules ---01.03.2012 12:22:00---Jules <Jules at zend.to>Jules ---01.03.2012 12:22:00---Jules <Jules at zend.to> <mailto:Jules at zend.to>
Jules <Jules at zend.to> <mailto:Jules at zend.to>
Gesendet von: zendto-bounces at zend.to <mailto:zendto-bounces at zend.to>
01.03.2012 12:18
Bitte antworten an
ZendTo Users <zendto at zend.to> <mailto:zendto at zend.to>
ZendTo Users <zendto at zend.to> <mailto:zendto at zend.to>
Thema
[ZendTo] Re: Antwort: Re: Security Issue - Data Leakage Prevention
On 01/03/2012 11:04, patrick.gaikowski at kaufland.com <mailto:patrick.gaikowski at kaufland.com> wrote:
Hello Jules,
yes i mean someone working for my company.
My idea would be some kind of "blacklist" for email domains used in unregistered dropoff. Is there a possibility to implement it?
I don't quite see why this is only a problem with "unregistered users", by which I guess you mean people from your own company who haven't logged in?
People who have logged in will be able to do the same.
Note that ZendTo does log the IP address a drop-off came from, so you would be able to see who had done it by looking through your logs.
Why doesn't the user just copy it onto a USB stick that they have in their pocket? Surely that's simpler? Or upload it to any of the various free cloud storage services there are (such as Dropbox, Evernote, iCloud, SkyDrive, etc etc)?
Jules.
What other things can a do, not to prevent it completely, but decrease the possibility.
Mit freundlichen Grüßen / Best regards
Patrick Gaikowski
Tel: +49 7132 94 3568
Fax: +49 7132 94 73568
E-Mail: patrick.gaikowski at kaufland.com <mailto:patrick.gaikowski at kaufland.com>
KI 967850: IT International / IT Governance / Netzwerk Design und IT-Sicherheit
Office:
Lindichstrasse 11
D-74189 Weinsberg
http://www.kaufland.de <http://www.kaufland.de/>
http://www.spannende-it.de <http://www.spannende-it.de/>
Wir sind die Nr. 1:
Kaufland ist "Bester Lebensmittelmarkt 2011"!
Kaufland Informationssysteme GmbH & Co. KG
Postfach 12 53 - 74149 Neckarsulm
Kommanditgesellschaft
Sitz: Neckarsulm
Registergericht: Stuttgart HRA 104163
Inactive hide details for Jules ---01.03.2012 10:28:39---Jules <Jules at zend.to>Jules ---01.03.2012 10:28:39---Jules <Jules at zend.to> <mailto:Jules at zend.to>
Jules <Jules at zend.to> <mailto:Jules at zend.to>
Gesendet von: zendto-bounces at zend.to <mailto:zendto-bounces at zend.to>
01.03.2012 10:25
Bitte antworten an
ZendTo Users <zendto at zend.to> <mailto:zendto at zend.to>
ZendTo Users <zendto at zend.to> <mailto:zendto at zend.to>
Thema
[ZendTo] Re: Security Issue - Data Leakage Prevention
By "unregistered user" do you mean someone who works for your company? If so, ZendTo won't stop them stealing files from your company. No-one can stop that unless you cavity search your employees at the end of each working day.
Jules.
On 29/02/2012 17:06, patrick.gaikowski at kaufland.com <mailto:patrick.gaikowski at kaufland.com> wrote:
Hallo Jules,
one of my colleagues pointed a scenario out where he could upload a file to outside the company without rights to do it.
For us it is a big security issue!
1.) unregistered user clicks on Drop-Off and sends an email to his company email address
2.) unregistered user uploads a file from company network to his own company email address
3.) unregistered user forwards the upload information to his private email address from Mail Client
4.) unregistered user Picks up the file from his private PC
My question is, if it is possible to exclude the company email domains, like defined in preferences.conf, from getting an upload link to corporate email without Authorization?
Mit freundlichen Grüßen / Best regards
Patrick Gaikowski
Tel: +49 7132 94 3568
Fax: +49 7132 94 73568
E-Mail: patrick.gaikowski at kaufland.com <mailto:patrick.gaikowski at kaufland.com>
KI 967850: IT International / IT Governance / Netzwerk Design und IT-Sicherheit
Office:
Lindichstrasse 11
D-74189 Weinsberg
http://www.kaufland.de <http://www.kaufland.de/>
http://www.spannende-it.de <http://www.spannende-it.de/>
Wir sind die Nr. 1:
Kaufland ist "Bester Lebensmittelmarkt 2011"!
Kaufland Informationssysteme GmbH & Co. KG
Postfach 12 53 - 74149 Neckarsulm
Kommanditgesellschaft
Sitz: Neckarsulm
Registergericht: Stuttgart HRA 104163
_______________________________________________
ZendTo mailing list
ZendTo at zend.to <mailto:ZendTo at zend.to>
http://mailman.ecs.soton.ac.uk/mailman/listinfo/zendto <http://mailman.ecs.soton.ac.uk/mailman/listinfo/zendto>
Jules
--
Julian Field MEng CITP CEng
www.Zend.To <http://www.zend.to/>
Follow me at twitter.com/JulesFM
PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
'It's okay to live without all the answers' - Charlie Eppes, 2011
'All programs have a desire to be useful' - Tron, 1982
'That is the land of lost content,
I see it shining plain,
The happy highways where I went,
And cannot come again.' - A.E. Houseman
_______________________________________________
ZendTo mailing list
ZendTo at zend.to <mailto:ZendTo at zend.to>
http://mailman.ecs.soton.ac.uk/mailman/listinfo/zendto <http://mailman.ecs.soton.ac.uk/mailman/listinfo/zendto>
_______________________________________________
ZendTo mailing list
ZendTo at zend.to <mailto:ZendTo at zend.to>
http://mailman.ecs.soton.ac.uk/mailman/listinfo/zendto <http://mailman.ecs.soton.ac.uk/mailman/listinfo/zendto>
Jules
--
Julian Field MEng CITP CEng
www.Zend.To <http://www.zend.to/>
Follow me at twitter.com/JulesFM
PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
'It's okay to live without all the answers' - Charlie Eppes, 2011
'All programs have a desire to be useful' - Tron, 1982
'That is the land of lost content,
I see it shining plain,
The happy highways where I went,
And cannot come again.' - A.E. Houseman
_______________________________________________
ZendTo mailing list
ZendTo at zend.to <mailto:ZendTo at zend.to>
http://mailman.ecs.soton.ac.uk/mailman/listinfo/zendto <http://mailman.ecs.soton.ac.uk/mailman/listinfo/zendto>
_______________________________________________
ZendTo mailing list
ZendTo at zend.to <mailto:ZendTo at zend.to>
http://mailman.ecs.soton.ac.uk/mailman/listinfo/zendto <http://mailman.ecs.soton.ac.uk/mailman/listinfo/zendto>
Jules
--
Julian Field MEng CITP CEng
www.Zend.To <http://www.zend.to/>
Follow me at twitter.com/JulesFM
PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
'It's okay to live without all the answers' - Charlie Eppes, 2011
'All programs have a desire to be useful' - Tron, 1982
'That is the land of lost content,
I see it shining plain,
The happy highways where I went,
And cannot come again.' - A.E. Houseman
_______________________________________________
ZendTo mailing list
ZendTo at zend.to
http://mailman.ecs.soton.ac.uk/mailman/listinfo/zendto
_______________________________________________
ZendTo mailing list
ZendTo at zend.to
http://mailman.ecs.soton.ac.uk/mailman/listinfo/zendto
Jules
--
Julian Field MEng CITP CEng
www.Zend.To
Follow me at twitter.com/JulesFM
PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
'It's okay to live without all the answers' - Charlie Eppes, 2011 'All programs have a desire to be useful' - Tron, 1982 'That is the land of lost content, I see it shining plain, The happy highways where I went, And cannot come again.' - A.E. Houseman
More information about the ZendTo
mailing list