I recently had a project to help spec out a DLP project for a customer from a high-level perspective. Having never done anything with DLP previously I embarked on a research mission. What I found was interesting. There’s not much out there on the intarwebs. As such, I thought I’d offer a few quick suggestions, just in case you want to go research solutions, too.

1. Start with Securosis! Their reports are freely available, comprehensive, and more informative than anything else I found.
2. Search for Gartner and Forrester reports. While these analyst firms charge for their reports, vendors will often post them for free. Specifically, try these search strings:
   • “forrester wave content security suites”
   • “gartner magic quadrant data loss prevention”
3. Beware DLP (as in Digital Light Processing) from Texas Instruments. You might need to use advanced search functions to -television -TI and so on.

Happy hunting!

OS X (both Leopard and Tiger) comes with a built-in firewall that’s disabled by default. The Leopard firewall is a little bit different than Tiger’s, so I’m focusing on that. The underlying firewall is ipfw – the same as on FreeBSD, so if you know what you’re doing, you can edit it to your heart’s content. More details on controlling the firewall from the command line are available in this O’Reilly article. This article is going to talk about dealing with the firewall through the available GUI interface.

First, you have to access the firewall. System Preferences -> Security then the Firewall tab. By default, it’ll have “Allow all incoming connections”. If you’re not quite sure what you’re doing, “only allow essential services” is a good option, and OS X will control it via your “sharing” system preference. For example, if you turn on Remote login, OS X will add SSH(22) as an allowed incoming port.

The other option is “Set access for specific services and applications”, which gives you finer control over the incoming connections. For example, I can allow Adium and Skype to have incoming connections (so that people can send me messages or call me), but deny incoming connections to Microsoft Word (why does Word need incoming connections again???). While you’re using the system, if an application asks to accept connections, you will be asked if you want to allow or deny the connection. Your choices are recorded in this system preference just in case you want to change it later.

One thing OS X’s firewall supports (through the command line, but not the GUI) but doesn’t give you easy access to is outbound filtering. If you aren’t familiar with ipfw, and want outbound filtering, I highly recommend Little Snitch. It’s not free, but it’s $30 and worth it to not have to hassle with ipfw rules

Each Thursday, Security Musings features a security-related technology or tool. Featured items do not imply a recommendation by Gemini Security Solutions. For more information about how Gemini Security Solutions can help you solve your security issues, contact us!

I’m sure if you’ve been paying attention to any of the tech/geek news blogs you’ve seen the attention given to the “COMPROMISING ELECTROMAGNETIC EMANATIONS OF WIRED KEYBOARDS” article. So you already know the buzz, and are probably all running out to build Faraday cages around your offices or workstations. But there really isn’t anything terribly new or ground breaking here. It’s simply a further spin on an old trick.

Anyone who can remember back might recall a little something about “TEMPEST“. It’s the codename given to compromising emanations (CE). This research dates all the way back to 1985 when the security risks of emanations from computer monitors was analyzed.

By no means do I want to take away from the research and proof of concept that Martin Vuagnoux and Sylvain Pasini have put together. I simply want to focus on the fact that a lot of us, especially those young in the tech and security fields, are forgetting some of the roots. We’ve already pointed out some other old-school hacks that are still relevant today. So while everyone is hardening their systems for super stealth ultra-sensitive attacks against their systems, let’s not forget where we came from, and proper education of old-school attacks deserves some attention as well.

The example I used to segue into this might not be the most stellar example of outdated attacks, as with technology growing, it might even become more of a common-day attack. But the fact that this goes way back, and technology is only making it easier goes to show – things that we think are out of reach today, aren’t  far from reach in the not-so-distant future.

So what do you think? What other areas of our past or even present do you think won’t hold any grounds for security in the not-so-distant future? What old-school hacks are still present today that many might be overlooking? Let us know in the comments…