Red Hat NETWORK 3.6 - Podręcznik Użytkownika Pobierz pdf (Strona 47)

0xde1d7f362734c4d71ecc93a23bb5dd4c and

0x747f029fbf8f7e0ade2a6198560c3278

A PVS plugin could then be created to look for this pattern as follows:

id=9005

trigger-dependency

dependency=2004

dependency=2005

hs_dport=25

description=POLICY - Confidential data passed outside the

corporate network. The Confidential file don'tshare.doc was

just observed leaving the network via email.

name=Confidential file misuse

family=Generic

clientissue

risk=HIGH

bmatch=de1d7f362734c4d71ecc93a23bb5dd4c

bmatch=747f029fbf8f7e0ade2a6198560c3278

These binary codes were created by simply generating md5 hashes of the following strings:

"file: don'tshare.doc"

The security compliance group maintains the list of mappings (confidential file to md5

hash). The md5 hash can be embedded within the binary file and could then be tracked as it

traversed the network.

Similar checks can be performed against ASCII strings to detect, for example, if confidential

data was cut-and-pasted into an email. Simply create text watermarks that appear benign

to the casual observer and map to a specific file name. For example:

"Reference data at \\192.168.0.2\c$\shares\employment files for HR data

regarding Jane Mcintyre" could be a string which maps to a file named

Finances.xls.

A PVS plugin could look for the string as follows:

id=9006

trigger-dependency

dependency=2004

dependency=2005

hs_dport=25

description=POLICY - Confidential data passed outside the

corporate network. Data from the confidential file Finances.xls was just

observed leaving the network via email.

name=Confidential file misuse

family=Generic

clientissue

risk=HIGH

match=Reference data at

match=192.168.0.2\c$\shares\employmentfiles

1 2 ... 42 43 44 45 46 47 48 49 50 51 52 ... 60 61

Komentarze do niniejszej Instrukcji

Brak uwag

Red Hat NETWORK 3.6 - Podręcznik Użytkownika Strona 47

Komentarze do niniejszej Instrukcji

Powiązane produkty i podręczniki dla Serwery Red Hat NETWORK 3.6 -