Slashdot Mirror
OpenDLP Aims To Stem Data Loss
rollcall writes "A new free and open source tool, OpenDLP, has been released that will help organizations fight data loss caused by stolen laptops, missing HDDs, or compromised systems. OpenDLP is managed from a centralized Web application and it can simultaneously send and control thousands of non-intrusive agents to Microsoft Windows systems over NetBIOS that look for user-defined regular expressions in data at rest. When sensitive data is found, the agents 'phone home' to the Web app with their results. While organizations have continued to lose sensitive data even though many commercial products are available to help prevent this, perhaps the introduction of a free alternative will finally spur organizations to locate their sensitive data proactively before it is lost."
it can simultaneously send and control thousands non-intrusive agents
Anyone else out there find this statement just a bit worrisome?
This ain't rocket surgery.
Turning off the NetBIOS service is one of the first things I do to any new computer.
Or did MS finally secure NetBIOS while I wasn't looking?
[Fuck Beta]
o0t!
in that sense yes - but it does fill a hole - if i have info that is supposed to ONLY be on the network or files servers and NOT on laptops that come and go in the building - i might add this to the laptops so that i can watch and catch people doing stupid things like copying a customers folder locally then leaving.
although given that it has limited file format understanding - and can't look in archives yet - this one seems a little on the useless side at the moment.. But maybe in a few months or a year they will get it where it might be something to look at - but from where their site has it.. this isn't ready for any enterprise.
'...if only "Jumping to a Conclusion" was an event in the Olympics.'
You don't get it. With this, you can put an agent on the laptops with sensitive information to contact you and inform you that the laptops have sensitive information on them.
Hmmm.... While this is usefull for several security functions, it only covers a small part of what i would consider a DLP solution. When (for example) sensitive information has to be allowed on the Notebook or PC of an employee, i want to make sure of several things:
What i want is a tool that lets me formulate a Policy concerning the aspects mentioned above (and more). E.g. certain information must not be stored localy (covered), that information may be stored when certain security criterias are matched and this information shell not be sent by email (unless employeed confirms this has been cleared with manager X).
Trying to prevent information to be stored on a PC of an employee is only a solution for a subset of the DLP problem. While i think this opensource solution is quite usefull, the name "OpenDLP" led me to expect more.
CU, Martin
P.S. I already see some companies using this to search for the sensitive word "application" on all employeed hard disks ;-)
Too many oxymorons here -- I don't know where to start!
^(?:4[0-9]{12}(?:[0-9]{3})?|5[1-5][0-9]{14}|6(?:011|5[0-9][0-9])[0-9]{12}|3[47][0-9]{13}|3(?:0[0-5]|[68][0-9])[0-9]{11}|(?:2131|1800|35\d{3})\d{11})$
Oh yeah, it'll totally prevent loss...
It's better to vote for what you want and not get it than to vote for what you don't want and get it.
- E. Debs
Then you get twice as many reports.
A review of the tool was done a couple of days ago: http://blog.rootshell.be/2010/04/30/keep-an-eye-on-your-data-using-opendlp/
Here is a regular expression for the most common types of credit card numbers:
^(?:4[0-9]{12}(?:[0-9]{3})?|5[1-5][0-9]{14}|6(?:011|5[0-9][0-9])[0-9]{12}|3[47][0-9]{13}|3(?:0[0-5]|[68][0-9])[0-9]{11}|(?:2131|1800|35\d{3})\d{11})$
Notice that it contains no sensitive information. I would guess that 90% of lost sensitive information that causes a panic contains either credit card numbers or social security numbers.