I recently had a project to help spec out a DLP project for a customer from a high-level perspective. Having never done anything with DLP previously I embarked on a research mission. What I found was interesting. There’s not much out there on the intarwebs. As such, I thought I’d offer a few quick suggestions, just in case you want to go research solutions, too. Start with Securosis! Their reports are freely available, comprehensive, and more informative than anything else I found. Search for Gartner and Forrester reports. While these analyst firms charge for their reports, vendors will often post them for free. Specifically, try these search strings: “forrester wave content security suites” “gartner magic quadrant data loss prevention” Beware[…]

OS X (both Leopard and Tiger) comes with a built-in firewall that’s disabled by default. The Leopard firewall is a little bit different than Tiger’s, so I’m focusing on that. The underlying firewall is ipfw – the same as on FreeBSD, so if you know what you’re doing, you can edit it to your heart’s content. More details on controlling the firewall from the command line are available in this O’Reilly article. This article is going to talk about dealing with the firewall through the available GUI interface. First, you have to access the firewall. System Preferences -> Security then the Firewall tab. By default, it’ll have “Allow all incoming connections”. If you’re not quite sure what you’re doing, “only[…]

I’m sure if you’ve been paying attention to any of the tech/geek news blogs you’ve seen the attention given to the “COMPROMISING ELECTROMAGNETIC EMANATIONS OF WIRED KEYBOARDS” article. So you already know the buzz, and are probably all running out to build Faraday cages around your offices or workstations. But there really isn’t anything terribly new or ground breaking here. It’s simply a further spin on an old trick. Anyone who can remember back might recall a little something about “TEMPEST“. It’s the codename given to compromising emanations (CE). This research dates all the way back to 1985 when the security risks of emanations from computer monitors was analyzed. By no means do I want to take away from the[…]