Creative ways to fight data leaks
Data leakage has become a hot topic in information security. But what if you can't afford the tools that are specifically designed to keep employees from intentionally or mistakenly leaking private or valuable corporate data to the outside? It turns out there are some creative ways to use what you have (or can easily get) to tackle the problem.
Data can leak from a network in many ways, and the focus here will be on understanding what exits your network and how it can best be protected. Other leakage issues, such as lost, unencrypted USB drives or laptops, will not be discussed.
The Beginning: browsing
The place to start is with the fundamentals. When was the last time you sat down and had a good look at your network? This sounds like a huge, unorganized waste of time, but you might be surprised.
Open up whatever tool fits your needs (Windows or Mac Explorer, Samba for Linux) and spend some random time checking out what you have out there. You probably have an asset inventory that is always up to date and captures everything, but sometimes it takes looking at the same thing in a different way to truly understand what is out there.
Manual browsing also allows you to do some things that you wouldn't normally pick up in an asset management system, such as finding open file shares or other resources that may provide data. Multi-purpose scan/fax/print machines are one such repository that aren't treated like normal repositories with appropriate permissions and such.
If browsing isn't your thing, then how about nmap? The Network Mapper, written by Gordon "Fyodor" Lyon, has been around for a long time. It has many uses, one of which is literally mapping out what you have on your network. So, for example, say you wanted to see what systems were available on a particular class B subnet using just ping. You might issue the following command:
nmap -v -sP 10.150.1-255.1.255 -oN scan_results
This would then report back the list of hosts, up and down, into a file called "scan_results". The entries would look something like this excerpt:
Host 10.150.9.153 appears to be down.
Host monkey (10.150.9.154) appears to be up.
MAC Address: 00:13:21:60:17:28 (Hewlett Packard)
Any IP address that doesn't have a live host associated with it reports as down. The second entry, monkey, did respond to the probe with the IP address and in this case, since we were on the same subnet as the one scanned, the MAC address with the associated card manufacturer. Already, with just this little scan, we have learned we have a lot more printers than we thought were available, as well as some other interesting responses to investigate later. This is just the start.
Sign up for ITworld's Daily newsletter
Follow ITworld on Twitter @IT_world
On Twitter now
security
Powered by Twitter
jfruh
Apple syncing patent can't come soon enough
pasmith
New Twitter features borrow from 3rd party clients
Esther Schindler
Open Source Changes the Software Acquisition Process
mikelgan
How to set up continuous podcast play on the new iTunes
David Strom
Five important Windows 7 mobility features
sjvn
Guard your Wi-Fi for your own sake
Sandra Henry-Stocker
Grepping on Whole Words
Sidekick: The Good News & the Bad News
Either way you look at it Microsoft Data Center management did not follow standards or best practices in this failure. In which case it makes me wonder more about the outsourcing of corporate data much less personal data.
- mburton325
Join the conversation here
Quick, practical advice for IT pros. Made fresh daily.
Want to cash in on your IT savvy? Send your tip to tips@itworld.com. If we post it, we'll send you a $25 Amazon e-gift card.
