Slashdot Mirror

← Back to Stories (view on slashdot.org)

OpenDLP Aims To Stem Data Loss

Posted by kdawson on from the fly-free-little-bot-but-phone-home dept.

rollcall writes "A new free and open source tool, OpenDLP, has been released that will help organizations fight data loss caused by stolen laptops, missing HDDs, or compromised systems. OpenDLP is managed from a centralized Web application and it can simultaneously send and control thousands of non-intrusive agents to Microsoft Windows systems over NetBIOS that look for user-defined regular expressions in data at rest. When sensitive data is found, the agents 'phone home' to the Web app with their results. While organizations have continued to lose sensitive data even though many commercial products are available to help prevent this, perhaps the introduction of a free alternative will finally spur organizations to locate their sensitive data proactively before it is lost."

6 of 53 comments (clear)

  1. Non-Intrusive agents? by gyrogeerloose · · Score: 3, Insightful

    it can simultaneously send and control thousands non-intrusive agents

    Anyone else out there find this statement just a bit worrisome?

    --
    This ain't rocket surgery.
  2. NetBIOS? by TubeSteak · · Score: 4, Interesting

    Turning off the NetBIOS service is one of the first things I do to any new computer.
    Or did MS finally secure NetBIOS while I wasn't looking?

    --
    [Fuck Beta]
    o0t!
  3. Re:Correct me if I'm wrong, but... by Amouth · · Score: 3, Informative

    in that sense yes - but it does fill a hole - if i have info that is supposed to ONLY be on the network or files servers and NOT on laptops that come and go in the building - i might add this to the laptops so that i can watch and catch people doing stupid things like copying a customers folder locally then leaving.

    although given that it has limited file format understanding - and can't look in archives yet - this one seems a little on the useless side at the moment.. But maybe in a few months or a year they will get it where it might be something to look at - but from where their site has it.. this isn't ready for any enterprise.

    --
    '...if only "Jumping to a Conclusion" was an event in the Olympics.'
  4. Re:Correct me if I'm wrong, but... by CarpetShark · · Score: 3, Insightful

    You don't get it. With this, you can put an agent on the laptops with sensitive information to contact you and inform you that the laptops have sensitive information on them.

  5. DLP? by mseeger · · Score: 3, Insightful

    Hmmm.... While this is usefull for several security functions, it only covers a small part of what i would consider a DLP solution. When (for example) sensitive information has to be allowed on the Notebook or PC of an employee, i want to make sure of several things:

    • the disk is encrypted (or an alarm is raised),
    • writing it on a CD or USB-Stick is prevented or (when allowed) the file again again will be encrypted (and can only be read on other company PCs) and
    • the information is neither sent by email nor uploaded through a web application outside the company.

    What i want is a tool that lets me formulate a Policy concerning the aspects mentioned above (and more). E.g. certain information must not be stored localy (covered), that information may be stored when certain security criterias are matched and this information shell not be sent by email (unless employeed confirms this has been cleared with manager X).

    Trying to prevent information to be stored on a PC of an employee is only a solution for a subset of the DLP problem. While i think this opensource solution is quite usefull, the name "OpenDLP" led me to expect more.

    CU, Martin

    P.S. I already see some companies using this to search for the sensitive word "application" on all employeed hard disks ;-)

    1. Re:DLP? by mseeger · · Score: 3, Insightful

      I think you could easily do that on a linux system today. If the encrypted partitions are mounted with only read permissions of a certain group, and all trusted programs are setguid and a member of that group, wouldn't that do what you wanted?

      This is a way to solve one technical aspect (i would guess you are correct about the technical aspect). The difficult thing is to design a solution that let's you enforce a policy in your enterprise. First it has to run in the environment that is already in place (i regret to inform the audience, that this usually isn't Linux). Second it should help you to enforce the policy and not force you to adopt the policy to the technical limitation of the solution. And third (and most important) the solution has to scale. While it is relatively easy task to secure one PC or even a dozen, it is a hell of a job (real-life example) to do this for 12.000 PCs when you only have 5-6 guys for the IT-security (including firewalls, VPN, virus scanners, certificate manegement, anti spam solutions, RADIUS, WLAN, etc.

      I give up for now.

      No surrender accepted :-) Keep on ....

      CU, Martin