[ZendTo] Antwort: Re: Antwort: Re: Antwort: Re: Antwort: Re: Security Issue - Data Leakage Prevention

patrick.gaikowski at kaufland.com patrick.gaikowski at kaufland.com
Thu Mar 1 15:39:40 GMT 2012


Sorry folks, but you do not understand me completely!

It's clear to me that the user gets other possibilities to upload business
critical data but with Zendto he has very very easy way to do it!

I don't want to block localSubnets. I want to block my own email domains if
the user has not the right to share data to outside.

For me it's also clear that a configuration in the preferences.conf does
not solve my requirment. I know that i have to extend the verify.php but
i'm not a php-crack and that's why i ask for some hints how i can do it.


Mit freundlichen Grüßen / Best regards

Patrick Gaikowski
Tel:     +49 7132 94 3568
Fax:    +49 7132 94 73568
E-Mail: patrick.gaikowski at kaufland.com
KI 967850: IT International / IT Governance / Netzwerk Design und
IT-Sicherheit
Office:
Lindichstrasse 11
D-74189 Weinsberg



http://www.kaufland.de
http://www.spannende-it.de
Wir sind die Nr. 1:
Kaufland ist "Bester Lebensmittelmarkt 2011"!

Kaufland Informationssysteme GmbH & Co. KG
Postfach 12 53 - 74149 Neckarsulm
Kommanditgesellschaft
Sitz: Neckarsulm
Registergericht: Stuttgart HRA 104163







                                                                           
   Jules <Jules at zend.to>                                                   
   Gesendet von:                                                           
   zendto-bounces at zend.to                                                  
                                       ZendTo Users <zendto at zend.to>       
                                                                           
   01.03.2012 15:44                                                        
                                                                     Thema 
                                       [ZendTo] Re: Antwort: Re: Antwort:  
             Bitte antworten           Re: Antwort: Re: Security Issue -   
             an                        Data Leakage Prevention             
             ZendTo Users                                                  
             <zendto at zend.to>                                              
                                                                           
                                                                           
                                                                           
                                                                           




My thoughts precisely. But he seems to think he can stop his users
getting files off site if he stops the exact ZendTo route he outlined. I
don't agree with him either, which is one of the reasons I'm not going
to spend my time writing it.

He's got the source, he can implement it himself if he wants to. Or pay
someone else to write it for him.

J

On 01/03/2012 14:35, Elston, Ian wrote:
>> Does anyone else on the list need this feature too?
>> (When a drop-off comes from a localIPSubnet network and the user has not
logged in,
>> if the destination email matches a certain regexp then block the
drop-off)
> It seems a bit futile to me. Unless I've misread it, the proposed change
would allow me to block drop-offs to certain mail domains from local users?
>
> What's to stop someone at the blocked end creating a free
Yahoo/Google/Live address? Or post them a USB/CD/Paper copy? If someone
INSIDE is determined to get information to someone OUTSIDE then they will
find a way to do it.
>
>
>
> -----Original Message-----
> From: zendto-bounces at zend.to [mailto:zendto-bounces at zend.to] On Behalf Of
Jules
> Sent: 01 March 2012 14:20
> To: ZendTo Users
> Subject: [ZendTo] Re: Antwort: Re: Antwort: Re: Antwort: Re: Security
Issue - Data Leakage Prevention
>
> It has to match the regexp to be allowed, so you would probably need to
add a bit more code to block it if it matches another regexp, if the
connection is coming from the "localIPSubnets" networks.
>
> So you will need to write a bit of code and add a new setting in
preferences.php, not just change a setting in there.
>
> Does anyone else on the list need this feature too?
> (When a drop-off comes from a localIPSubnet network and the user has not
logged in, if the destination email matches a certain regexp then block the
drop-off)
>
> Please let me know if you folks need this feature! (Other than Patrick)
>
> Jules.
>
> On 01/03/2012 12:28, patrick.gaikowski at kaufland.com wrote:
>
> 		 Do you have a hint for me how i can use for example the regex
from preferences to check against entered email, if the user is not logged
in
>
> 		 By the way, an email blacklisting is from my point of view not
only a request from me!
>
> 		 Mit freundlichen Grüßen / Best regards
>
> 		 Patrick Gaikowski
> 		 Tel:     +49 7132 94 3568
> 		 Fax:    +49 7132 94 73568
> 		 E-Mail: patrick.gaikowski at kaufland.com
> 		 KI 967850: IT International / IT Governance / Netzwerk Design
und IT-Sicherheit
> 		 Office:
> 		 Lindichstrasse 11
> 		 D-74189 Weinsberg
>
>
>
> 		 http://www.kaufland.de
> 		 http://www.spannende-it.de
> 		 Wir sind die Nr. 1:
> 		 Kaufland ist "Bester Lebensmittelmarkt 2011"!
>
> 		 Kaufland Informationssysteme GmbH&  Co. KG
> 		 Postfach 12 53 - 74149 Neckarsulm
> 		 Kommanditgesellschaft
> 		 Sitz: Neckarsulm
> 		 Registergericht: Stuttgart HRA 104163
>
>
>
>
>
>
>
> 		 		 Inactive hide details for Jules ---01.03.2012
13:21:49---Jules<Jules at zend.to>Jules ---01.03.2012
13:21:49---Jules<Jules at zend.to>  <mailto:Jules at zend.to>
>
> 		 Jules<Jules at zend.to>  <mailto:Jules at zend.to>
> 		 Gesendet von: zendto-bounces at zend.to
>
> 		 01.03.2012 13:12
>
>
> 		 Bitte antworten an
> 		 ZendTo Users<zendto at zend.to>  <mailto:zendto at zend.to>
>
>
>
> ZendTo Users<zendto at zend.to>  <mailto:zendto at zend.to>
>
>
>
>
>
> Thema
>
> [ZendTo] Re: Antwort: Re: Antwort: Re: Security Issue - Data Leakage
Prevention
>
>
> 		 There is a setting in preferences.php called
"emailDomainRegexp". This must match any recipient address entered by a
user who has not logged in.
>
> 		 There are currently no IP-based filters to implement checks
like "if the user comes from this IP network, then they cannot send files
to this email domain".
>
> 		 But if you want to implement it yourself, you have the source
code and the rights to be able to change it for your own purposes.
>
> 		 I've never had any other request for something like this, so
have no plans to implement it myself.
>
> 		 Jules.
>
> 		 On 01/03/2012 11:27, patrick.gaikowski at kaufland.com<
mailto:patrick.gaikowski at kaufland.com>   wrote:
>
>
> 		 		 Hi Jules,
>
> 		 		 USB is prohibited in our company and Personal
Network Storages like dropbox etc. are blocked because of Contentfilter.
>
> 		 		 Users from company who have the right in LDAP
should upload files to anywhere they want. The is a workflow behind
requesting this right.
>
> 		 		 But my focus is if a user has not the right for
logging in. In this case he makes a dropoff to his own address in company,
because Freemail addresses are also blocked because of Content Filter.
>
> 		 		 Is there a possibility to check the email in the
verify.php if the user is unregistered?
>
> 		 		 Mit freundlichen Grüßen / Best regards
>
> 		 		 Patrick Gaikowski
> 		 		 Tel:     +49 7132 94 3568
> 		 		 Fax:    +49 7132 94 73568
> 		 		 E-Mail: patrick.gaikowski at kaufland.com<
mailto:patrick.gaikowski at kaufland.com>
> 		 		 KI 967850: IT International / IT Governance /
Netzwerk Design und IT-Sicherheit
> 		 		 Office:
> 		 		 Lindichstrasse 11
> 		 		 D-74189 Weinsberg
>
>
>
> 		 		 http://www.kaufland.de<http://www.kaufland.de/>
> 		 		 http://www.spannende-it.de<
http://www.spannende-it.de/>
> 		 		 Wir sind die Nr. 1:
> 		 		 Kaufland ist "Bester Lebensmittelmarkt 2011"!
>
> 		 		 Kaufland Informationssysteme GmbH&  Co. KG
> 		 		 Postfach 12 53 - 74149 Neckarsulm
> 		 		 Kommanditgesellschaft
> 		 		 Sitz: Neckarsulm
> 		 		 Registergericht: Stuttgart HRA 104163
>
>
>
>
>
>
>
> 		 		 		 Inactive hide details for Jules
---01.03.2012 12:22:00---Jules<Jules at zend.to>Jules ---01.03.2012
12:22:00---Jules<Jules at zend.to>  <mailto:Jules at zend.to>
>
>
> 		 Jules<Jules at zend.to>  <mailto:Jules at zend.to>
> 		 Gesendet von: zendto-bounces at zend.to<
mailto:zendto-bounces at zend.to>
>
> 		 01.03.2012 12:18
>
>
>
> 		 Bitte antworten an
> 		 ZendTo Users<zendto at zend.to>  <mailto:zendto at zend.to>
>
>
>
> ZendTo Users<zendto at zend.to>  <mailto:zendto at zend.to>
>
>
> 		 Thema
>
> [ZendTo] Re: Antwort: Re: Security Issue - Data Leakage Prevention

>
>
>
>
>
> 		 		 On 01/03/2012 11:04,
patrick.gaikowski at kaufland.com<mailto:patrick.gaikowski at kaufland.com>
wrote:
>
>
> 		 		 		 Hello Jules,
>
> 		 		 		 yes i mean someone working for my
company.
>
> 		 		 		 My idea would be some kind of
"blacklist" for email domains used in unregistered dropoff. Is there a
possibility to implement it?
>
>
> 		 		 I don't quite see why this is only a problem with
"unregistered users", by which I guess you mean people from your own
company who haven't logged in?
>
> 		 		 People who have logged in will be able to do the
same.
>
> 		 		 Note that ZendTo does log the IP address a
drop-off came from, so you would be able to see who had done it by looking
through your logs.
>
> 		 		 Why doesn't the user just copy it onto a USB stick
that they have in their pocket? Surely that's simpler? Or upload it to any
of the various free cloud storage services there are (such as Dropbox,
Evernote, iCloud, SkyDrive, etc etc)?
>
> 		 		 Jules.
>
>
>
> 		 		 		 What other things can a do, not to
prevent it completely, but decrease the possibility.
>
> 		 		 		 Mit freundlichen Grüßen / Best regards
>
> 		 		 		 Patrick Gaikowski
> 		 		 		 Tel:     +49 7132 94 3568
> 		 		 		 Fax:    +49 7132 94 73568
> 		 		 		 E-Mail:
patrick.gaikowski at kaufland.com<mailto:patrick.gaikowski at kaufland.com>
> 		 		 		 KI 967850: IT International / IT
Governance / Netzwerk Design und IT-Sicherheit
> 		 		 		 Office:
> 		 		 		 Lindichstrasse 11
> 		 		 		 D-74189 Weinsberg
>
>
>
> 		 		 		 http://www.kaufland.de<
http://www.kaufland.de/>
> 		 		 		 http://www.spannende-it.de<
http://www.spannende-it.de/>
> 		 		 		 Wir sind die Nr. 1:
> 		 		 		 Kaufland ist "Bester Lebensmittelmarkt
2011"!
>
> 		 		 		 Kaufland Informationssysteme GmbH&
Co. KG
> 		 		 		 Postfach 12 53 - 74149 Neckarsulm
> 		 		 		 Kommanditgesellschaft
> 		 		 		 Sitz: Neckarsulm
> 		 		 		 Registergericht: Stuttgart HRA 104163
>
>
>
>
>
>
> 		 		 		 		 Inactive hide details for
Jules ---01.03.2012 10:28:39---Jules<Jules at zend.to>Jules ---01.03.2012
10:28:39---Jules<Jules at zend.to>  <mailto:Jules at zend.to>
>
>
> 		 Jules<Jules at zend.to>  <mailto:Jules at zend.to>
> 		 Gesendet von: zendto-bounces at zend.to<
mailto:zendto-bounces at zend.to>
>
> 		 01.03.2012 10:25
>
>
>
>
>
> 		 Bitte antworten an
> 		 ZendTo Users<zendto at zend.to>  <mailto:zendto at zend.to>
>
>
>
> ZendTo Users<zendto at zend.to>  <mailto:zendto at zend.to>
>
>
> 		 Thema
>
> [ZendTo] Re: Security Issue - Data Leakage Prevention
>
>
>
> 		 		 		 By "unregistered user" do you mean
someone who works for your company? If so, ZendTo won't stop them stealing
files from your company. No-one can stop that unless you cavity search your
employees at the end of each working day.
>
> 		 		 		 Jules.
>
> 		 		 		 On 29/02/2012 17:06,
patrick.gaikowski at kaufland.com<mailto:patrick.gaikowski at kaufland.com>
wrote:
>
>
> 		 		 		 		 Hallo Jules,
>
> 		 		 		 		 one of my colleagues
pointed a scenario out where he could upload a file to outside the company
without rights to do it.
>
> 		 		 		 		 For us it is a big
security issue!
>
> 		 		 		 		 1.) unregistered user
clicks on Drop-Off and sends an email to his company email address
> 		 		 		 		 2.) unregistered user
uploads a file from company network to his own company email address
> 		 		 		 		 3.) unregistered user
forwards the upload information to his private email address from Mail
Client
> 		 		 		 		 4.) unregistered user
Picks up the file from his private PC
>
> 		 		 		 		 My question is, if it is
possible to exclude the company email domains, like defined in
preferences.conf, from getting an upload link to corporate email without
Authorization?
>
> 		 		 		 		 Mit freundlichen Grüßen /
Best regards
>
> 		 		 		 		 Patrick Gaikowski
> 		 		 		 		 Tel:     +49 7132 94 3568
> 		 		 		 		 Fax:    +49 7132 94 73568
> 		 		 		 		 E-Mail:
patrick.gaikowski at kaufland.com<mailto:patrick.gaikowski at kaufland.com>
> 		 		 		 		 KI 967850: IT
International / IT Governance / Netzwerk Design und IT-Sicherheit
> 		 		 		 		 Office:
> 		 		 		 		 Lindichstrasse 11
> 		 		 		 		 D-74189 Weinsberg
>
>
> 		 		 		 		 http://www.kaufland.de<
http://www.kaufland.de/>
> 		 		 		 		 http://www.spannende-it.de
<http://www.spannende-it.de/>
> 		 		 		 		 Wir sind die Nr. 1:
> 		 		 		 		 Kaufland ist "Bester
Lebensmittelmarkt 2011"!
>
> 		 		 		 		 Kaufland
Informationssysteme GmbH&  Co. KG
> 		 		 		 		 Postfach 12 53 - 74149
Neckarsulm
> 		 		 		 		 Kommanditgesellschaft
> 		 		 		 		 Sitz: Neckarsulm
> 		 		 		 		 Registergericht: Stuttgart
HRA 104163
>
>
>
>
>
>
>
_______________________________________________
> 		 		 		 		 ZendTo mailing list
> 		 		 		 		 ZendTo at zend.to<
mailto:ZendTo at zend.to>
>
http://mailman.ecs.soton.ac.uk/mailman/listinfo/zendto<
http://mailman.ecs.soton.ac.uk/mailman/listinfo/zendto>
>
>
>
>
> 		 		 		 Jules
>
> 		 		 		 --
> 		 		 		 Julian Field MEng CITP CEng
> 		 		 		 www.Zend.To<http://www.zend.to/>
>
> 		 		 		 Follow me at twitter.com/JulesFM
> 		 		 		 PGP footprint: EE81 D763 3DB0 0BFD
E1DC 7222 11F6 5947 1415 B654
>
> 		 		 		 'It's okay to live without all the
answers' - Charlie Eppes, 2011
> 		 		 		 'All programs have a desire to be
useful' - Tron, 1982
> 		 		 		 'That is the land of lost content,
> 		 		 		 I see it shining plain,
> 		 		 		 The happy highways where I went,
> 		 		 		 And cannot come again.' - A.E.
Houseman
>
_______________________________________________
> 		 		 		 ZendTo mailing list
> 		 		 		 ZendTo at zend.to<mailto:ZendTo at zend.to>
>
http://mailman.ecs.soton.ac.uk/mailman/listinfo/zendto<
http://mailman.ecs.soton.ac.uk/mailman/listinfo/zendto>
>
>
>
_______________________________________________
> 		 		 		 ZendTo mailing list
> 		 		 		 ZendTo at zend.to<mailto:ZendTo at zend.to>
>
http://mailman.ecs.soton.ac.uk/mailman/listinfo/zendto<
http://mailman.ecs.soton.ac.uk/mailman/listinfo/zendto>
>
>
> 		 		 Jules
>
> 		 		 --
> 		 		 Julian Field MEng CITP CEng
> 		 		 www.Zend.To<http://www.zend.to/>
>
> 		 		 Follow me at twitter.com/JulesFM
> 		 		 PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6
5947 1415 B654
>
> 		 		 'It's okay to live without all the answers' -
Charlie Eppes, 2011
> 		 		 'All programs have a desire to be useful' - Tron,
1982
> 		 		 'That is the land of lost content,
> 		 		 I see it shining plain,
> 		 		 The happy highways where I went,
> 		 		 And cannot come again.' - A.E. Houseman
> 		 		 _______________________________________________
> 		 		 ZendTo mailing list
> 		 		 ZendTo at zend.to<mailto:ZendTo at zend.to>
>
http://mailman.ecs.soton.ac.uk/mailman/listinfo/zendto<
http://mailman.ecs.soton.ac.uk/mailman/listinfo/zendto>
>
>
> 		 		 _______________________________________________
> 		 		 ZendTo mailing list
> 		 		 ZendTo at zend.to<mailto:ZendTo at zend.to>
>
http://mailman.ecs.soton.ac.uk/mailman/listinfo/zendto<
http://mailman.ecs.soton.ac.uk/mailman/listinfo/zendto>
>
>
> 		 Jules
>
> 		 --
> 		 Julian Field MEng CITP CEng
> 		 www.Zend.To<http://www.zend.to/>
>
> 		 Follow me at twitter.com/JulesFM
> 		 PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415
B654
>
> 		 'It's okay to live without all the answers' - Charlie Eppes,
2011
> 		 'All programs have a desire to be useful' - Tron, 1982
> 		 'That is the land of lost content,
> 		 I see it shining plain,
> 		 The happy highways where I went,
> 		 And cannot come again.' - A.E. Houseman
> 		 _______________________________________________
> 		 ZendTo mailing list
> 		 ZendTo at zend.to
> 		 http://mailman.ecs.soton.ac.uk/mailman/listinfo/zendto
>
>
>
> 		 _______________________________________________
> 		 ZendTo mailing list
> 		 ZendTo at zend.to
> 		 http://mailman.ecs.soton.ac.uk/mailman/listinfo/zendto
>
>
> Jules
>
> --
> Julian Field MEng CITP CEng
> www.Zend.To
>
> Follow me at twitter.com/JulesFM
> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
>
> 'It's okay to live without all the answers' - Charlie Eppes, 2011 'All
programs have a desire to be useful' - Tron, 1982 'That is the land of lost
content,  I see it shining plain,  The happy highways where I went,  And
cannot come again.' - A.E. Houseman
>
>
> _______________________________________________
> ZendTo mailing list
> ZendTo at zend.to
> http://mailman.ecs.soton.ac.uk/mailman/listinfo/zendto

Jules

--
Julian Field MEng CITP CEng
www.Zend.To

Follow me at twitter.com/JulesFM
PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654

'It's okay to live without all the answers' - Charlie Eppes, 2011
'All programs have a desire to be useful' - Tron, 1982
'That is the land of lost content,
  I see it shining plain,
  The happy highways where I went,
  And cannot come again.' - A.E. Houseman


_______________________________________________
ZendTo mailing list
ZendTo at zend.to
http://mailman.ecs.soton.ac.uk/mailman/listinfo/zendto
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ecs.soton.ac.uk/pipermail/zendto/attachments/20120301/4cb4556e/attachment-0001.html 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: graycol.gif
Type: image/gif
Size: 105 bytes
Desc: not available
Url : http://mailman.ecs.soton.ac.uk/pipermail/zendto/attachments/20120301/4cb4556e/attachment-0002.gif 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: ecblank.gif
Type: image/gif
Size: 45 bytes
Desc: not available
Url : http://mailman.ecs.soton.ac.uk/pipermail/zendto/attachments/20120301/4cb4556e/attachment-0003.gif 


More information about the ZendTo mailing list