This article discusses the hazards of online data leakage and the unreliability of computer users to adhere to the guidelines set by their security software programs.
As of late the American media has been afire about some important data leakage events that appear to have occurred within the Defense Department and it contractors in the February time frame.Blueprints and other secret information on the Joint Strike Fighter and the Presidents personal helicopter Marine One were leaked through P2P networks.Congressman Edolphus Towns sent a letter about the incident (PDF) to the Attorney General expressing his concerns about the use of LimeWire and other P2P applications by government employees and contractors.Much of the media reaction has been the traditional response to these types of events.Firewalls need to be reinforced and Why do these users have permissions to install such dangerous applications on their desktops?.I prefer to look at the problem a slightly different way.Firstly, more and more applications in this mobile Internet, highly social age have defined themselves by simply working.To work simply means these applications do not expect home users, nor office drones to have the ability to adjust firewall rules to make their sharing application or VOIP program work.The designers of these applications for better or for worse have found creative, and occasionally subversive methods to defeat our best defenses.They mimic web browsing, FTP, and a whole host of other applications in their attempts at getting out.Secondly, most of the IT world is unfortunately running a host of legacy applications, often requiring that administrative rights be granted to all users.Recently Microsoft has begun implementing controls to draw attention to the use of these rights, as well as informing the end user of the potential danger of their actions.Of course, we all become numb to it after awhile, and start blindly clicking Accept like trained rats.Even if all this were possible, many applications need not be installed to run.Most users favorite dangerous applications are available in the portable flavor.Portable Firefox, Portable Skype, etc.are not difficult to find and are freely available without requiring any administrative rights.Which ultimately brings me to the point You cant trust your users to be your trusted partner in protecting the desktopYour users arent (usually) being malicious; they simply dont see it the way we do, nor understand the risks involved in ignoring our guidance.One approach we have taken at Sophos is to introduce the concept of Application Control.This technology allows IT administrators to load virus-like identities from Sophos that define legitimate applications that you do not want to run on your network.By using the anti-virus product in this manner we can identify versions of Firefox, Skype, LimeWire, Kazaa, etc before they are ever published.Legitimate applications do not try to obfuscate themselves the same way as actual malware, making them much easier to detect reactively or pro-actively.Helping users do the right thing in the simplest way possible should be in all of our best interests.Because this is an article entry, and not a novel, I will stop now.Perhaps next time I will have the opportunity to talk about properly protecting this data in the first place, so it cannot be leaked in its naked glory.
What You Should Know About the EB-5 Investor Visa Process
This article will address important aspects of the EB-5 Investor Visa Program that you should be aware of when preparing to go through the application process.
How to attain a Green Card Through the EB-5 Investor Visa Program
This article will summarize the steps necessary to obtain an EB-5 Investor Visa.
iPhone Apps For Children: Maybe you should hand your kids your iPhone, after all
Many applications for the iPhone are well suited for children. This articles explores a number of these Apps.
