5

I'm not looking to secure my internal network.

Our company keeps sensitive customer information. How can I prevent this information from spreading outside of the company?

How do big companies prevent to leakage of their information?

I seek a comprehensive solution for preventing information leakage.

Omniwombat
  • 173
  • 13
AminM
  • 175
  • 1
  • 8
  • `Data Loss Prevention` methods is the answer. Find out more on this. – Majoris Jul 17 '12 at 02:03
  • how much are you willing to spend? When dealing with security, you get as much protection as you want to pay for it, and it's always never enougth. That said, begin inventoring your "secrets"... – woliveirajr Jul 17 '12 at 12:14
  • spend??how much?? Whatever that may be necessary!!..What is important is security and prevent leaving of information by employees – AminM Jul 17 '12 at 13:14
  • 1
    Jeson - would you spend a thousand pounds? A million? The question is important as you need to use an appropriate response. – Rory Alsop Jul 17 '12 at 15:20

2 Answers2

7

This encompasses many security and access control practices companies follow. Generally you'll need to do this at many levels at many places. There are a lot of Data Loss Prevention software that can help you prevent information theft. A quick comparison is here.

To quickly answer your question, these are the things you'd normally want to do:

  • Remove write access to all media on corporate workstations, which includes USB and optical drives
  • Audit emails, both personal and official for attachments. There are software that can help you do this.
    • You can even intercept personal emails (gmail, yahoo) by playing MITM. Yes, companies do that !
  • Devise sophisticated snort/sourcefire rules to flag and trigger alerts when anything you think that is proprietary leaves your network.
  • No ssh/shell access to internal machines from outside the corporate network (specially internet).
  • Ban outgoing ssh, ftp connections as well. Remember banning outgoing traffic to corresponding ports(22, 21) won't help (one can run her home ssh server on port 80).
  • Access control: have a solid privileging system in your organization where restricted resources are accessible only to a set of authorized people.

Again this is not comprehensive. Lot of specifics depend on your network/organization/policies. Basically you should spend a lot of focus on minimizing the exposure of sensitive data to a extremely small set of people.

There are a lots of ways data can be infiltrated. Someone can just upload a couple pictures to her picasa album and effectively steal lots of code. No IDS/surveillance will be able to stop that. But proper controls and checks at all places can definitely reduce such occurrences.

CodeExpress
  • 2,422
  • 13
  • 10
1

If you think about it the question is extremely broad. You're asking how to make sure sensitive data doesn't get outside your network, that's the same as asking how do I protect a network from hackers.

One thing that should be done is encrypt data. That way even if a server/machine is compromised the attacker will only get garbage when viewing the file.

I would monitor network traffic. What do you mean "close USB Port"?

Are you more worried about a malicious outsider hacking into your network or are you asking about employees copying code and taking it home with them, what's the scenario?

Celeritas
  • 10,039
  • 22
  • 77
  • 144
  • Close USB Port :i mean securing workplace is not only the network.maybe some user sitting behind computers and bring in USB mass-strog to computer and copy all data..in nutshell i want To prevent both scenario – AminM Jul 17 '12 at 05:31